•   When: Monday, May 01, 2017 from 10:30 AM to 12:30 PM
•   Speakers: Huangxin Wang
•   Location: Nguyen Engineering Room 3507
•   Export to iCal

Abstract

Cloud computing becomes increasingly popular as it provides economical, elastic and scalable computing resources to customers. Unfortunately, the security concern of the cloud environments has been one of the major reasons that hinders individuals or organizations from adopting cloud computing. The virtualization technology employed in the cloud computing as well as the resource pricing scheme expose the cloud customers to new security threats. Fortunately, the elasticity and scalability of the cloud computing resources offer good opportunities for designing provable powerful defense mechanisms to improve cloud security.

In this dissertation, I work on analyzing existing and potential security attacks and developing defense mechanisms based on moving target defense (MTD) strategy to improve cloud security. Moving target defense has been proposed to introduce internal randomness to the system and lift the bar for attackers to conduct successful attacks. It aims to introduce dynamics and uncertainty to the defense system through changing the configurations continuously over time. The highly scalable and configurable cloud environments provide large and flexible configuration spaces for MTD, and thus potentially improve the system's security levels.

In studying cloud security threats, I investigate three important cloud security problems algorithmically and experimentally. These attacks are distributed denial of service (DDoS) attacks, economic denial of sustainability (EDoS) attacks, and covert channel attacks. I propose effective and economical moving target defense strategies to defend against these attacks. My work includes (1) design an optimal moving-target-based defense mechanism to effectively defend against DDoS attacks and prove its optimality; (2) uncover how EDoS attacks can be conducted easily with very low costs for the attackers, and propose an effective moving target defense mechanism which can be employed by the cloud consumers to defend against EDoS attacks for web-based systems; and (3) propose an economical moving target defense scheme based on renewal reward theory to minimize the long-term cost rate for defenders. Both theoretical analysis and empirical studies have been conducted to justify the effectiveness and economic efficiency of the proposed mechanisms in improving cloud security.