A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures

机译：微服务架构中基于网络风险的移动目标防御机制

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Microservice Architectures (MSA) structure applications as a collection of loosely coupled services that implement business capabilities. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity. However, studies indicate that most MSA are homogeneous, and introduce shared vulnerabilites, thus vulnerable to multi-step attacks, which are economics-of-scale incentives to attackers. In this paper, we address the issue of shared vulnerabilities in microservices with a novel solution based on the concept of Moving Target Defenses (MTD). Our mechanism works by performing risk analysis against microservices to detect and prioritize vulnerabilities. Thereafter, security risk-oriented software diversification is employed, guided by a defined diversification index. The diversification is performed at runtime, leveraging both model and template based automatic code generation techniques to automatically transform programming languages and container images of the microservices. Consequently, the microservices attack surfaces are altered thereby introducing uncertainty for attackers while reducing the attackability of the microservices. Our experiments demonstrate the efficiency of our solution, with an average success rate of over 70% attack surface randomization.

机译：微服务架构（MSA）将应用程序结构化为实现业务功能的松散耦合服务的集合。 MSA的主要优势包括对大型复杂应用程序的连续部署的内在支持，敏捷性和提高的生产率。但是，研究表明，大多数MSA是同质的，并且会引入共享的脆弱性，因此容易受到多步攻击，这是从规模上诱使攻击者的动机。在本文中，我们使用基于移动目标防御（MTD）概念的新颖解决方案来解决微服务中的共享漏洞问题。我们的机制通过对微服务执行风险分析来检测和确定漏洞的优先级来工作。此后，在定义的多元化指数的指导下，采用了面向安全风险的软件多元化。多样化是在运行时执行的，它利用基于模型和模板的自动代码生成技术来自动转换微服务的编程语言和容器映像。因此，改变了微服务的攻击面，从而为攻击者带来了不确定性，同时降低了微服务的可攻击性。我们的实验证明了我们解决方案的效率，攻击面随机分配的平均成功率超过70％。

著录项

来源
《2018 IEEE Intl Conf on Parallel amp; Distributed Processing with Applications, Ubiquitous Computing amp; Communications, Big Data amp; Cloud Computing, Social Computing amp; Networking, Sustainable Computing amp; Communications》|2018年|932-939|共8页
会议地点 Melbourne(AU)
作者
Kennedy A. Torkura; Muhammad I.H. Sukmana; Anne V.D.M. Kayem;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Security; Risk analysis; Measurement; Software; Logic gates; Indexes; Transforms;

机译：安全性;风险分析;测量;软件;逻辑门;索引;转换;;

相似文献

外文文献
中文文献
专利

1. A microservice recommendation mechanism based on mobile architecture [J] . Wang Ru, Imran Muhammad, Saleem Kashif Journal of network and computer applications . 2020,第Feba期

机译：基于移动架构的微服务推荐机制
2. Deeply Hidden Moving-Target-Defense for Cybersecure Unbalanced Distribution Systems Considering Voltage Stability [J] . Cui Mingjian, Wang Jianhui IEEE Transactions on Power Systems . 2021,第3期

机译：考虑电压稳定性的网络安全不平衡分配系统深度隐藏的移动目标防御
3. Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems [J] . Microprocessors and microsystems . 2020,第Mara期

机译：集成的移动目标防御和控制重新配置，可确保网络物理系统的安全
4. A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures [C] . Kennedy A. Torkkura, Muhammad I.H. Sukmana, Anne V.D.M. Kayem, IEEE International Conference on Big Data and Cloud Computing . 2018

机译：基于网络风险的微服务架构的移动目标防御机制
5. A Quantitative Framework for Cyber Moving Target Defenses [D] . Connell, Warren J. 2017

机译：网络移动目标防御的定量框架
6. SatEC: A 5G Satellite Edge Computing Framework Based on Microservice Architecture [O] . Lei Yan, Suzhi Cao, Yongsheng Gong, 2019

机译：SatEC：基于微服务架构的5G卫星边缘计算框架
7. Evolutionary based moving target cyber defense [O] . David J. John, Robert W. Smith, William H. Turkett, 2014

机译：基于进化的移动目标网络防御
8. Architecture-Based Self-Adaptation for Moving Target Defense. [R] . Schmerl, B., Moreno, G. A., Mellinger, A., 2014

机译：基于体系结构的移动目标防御自适应。

A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures

摘要

著录项

相似文献

相关主题

期刊订阅