Wireless Networks. Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada

Transcription

1 Wireless Networks Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada More information about this series at

2

3 Sachin Shetty Xuebiao Yuchi Min Song Moving Target Defense for Distributed Systems 123

4 Sachin Shetty Department of Electrical and Computer Engineering Tennessee State University Nashville, TN, USA Xuebiao Yuchi China Internet Network Information Center Chinese Academy of Science Beijing, China Min Song Department of Computer Science Michigan Technological University Houghton, MI, USA ISSN ISSN (electronic) Wireless Networks ISBN ISBN (ebook) DOI / Library of Congress Control Number: Springer International Publishing Switzerland 2016 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG Switzerland

5 To our families

6

7 Preface Distributed Systems are complex systems, and cyber attacks targeting these systems have devastating consequences. Several cybersecurity solutions have failed to protect distributed systems primarily due to asymmetric warfare with cyber adversaries. Most cybersecurity solutions have to grapple with the tradeoff between detecting one breach vs. blocking all possible breaches. Current cyber threats are sophisticated and comprised of multiple attack vectors caused by organized attackers. Most of the current cyber defenses are blackbox or set-and-forget approaches which can protect against zero-day attacks and are ineffective against dynamic threats. The asymmetric conundrum is to determine which assets (software, embedded devices, routers, back-end infrastructure, dependencies between software components) need to be protected. Recently, Moving Target Defense (MTD) has been proposed as a strategy to protect distributed systems. MTD-based approaches take a leaf out of the adversaries book by not focusing on fortifying every asset and make the systems move to the defender s advantage. MTD is a game-changing capability to protect distributed systems by enabling defenders to change system/network behaviors, policies, or configurations automatically such that potential attack surfaces are moved in an unpredictable manner. MTD is also a cost-effective approach for intrusion detection, active response, and recovery in distributed systems. To realize an effective MTD-based defense, several challenges have to be addressed. This book presents MTD techniques to determine placement of virtual machines in cloud data centers. The techniques focus on secure risk assessment of virtual machines and physical machines in cloud data centers and placement of virtual machines while taking into security risk as a criteria and evaluating cost of MTD. This book is organized as follows: Chapter 1 presents an overview of MTD and the need for research on developing novel MTD schemes at several levels: program (instruction set), host (IP address, memory), cloud computing platform, network, and mobile systems. Chapter 2 presents an approach to perform secure-aware Virtual Machine (VM) migration in cloud data centers. vii

8 viii Preface Chapter 3 presents an approach to develop MTD-based network diversity models. to evaluate the robustness of cloud data centers against potential zero-day attacks. Chapter 4 presents a network-aware VM placement scheme in cloud data centers Chapter 5 presents a cost model to evaluate the cost of MTD in cloud data centers. Nashville, TN, USA Beijing, China Houghton, MI, USA January 2016 Sachin Shetty Xuebiao Yuchi Min Song

9 Acknowledgments First and foremost, we would like to express our warm appreciation to Tennessee State University, Michigan Technological University, and China Internet Network Information Center. Special thanks go to our funding agencies such as the US National Science Foundation, Department of Homeland Security, and Air Force Research Lab. We would also like to express our warm appreciation to Dr. Xuemin Sherman Shen (Professor and University Research Chair in the Department of Electrical and Computer Engineering, University of Waterloo, Ontario, Canada) and the Springer staff who allowed us to publish our work and gave their valuable time to review our book. We would also like to thank the reviewers who provided feedback and suggestions for our book. Finally, we want to thank our families who supported and encouraged us in spite of all the time it took us away from them. Last and not least, we beg forgiveness of all those whose names we have failed to mention. Any suggestions, comments, and feedback for further improvement of the text are welcome. Sachin Shetty, Ph.D. Tennessee State University, USA Xuebiao Yuchi, Ph.D. China Internet Network Information Center, China Min Song, Ph.D. Michigan Technological University, USA ix

10

11 Contents 1 Moving Target Defense in Distributed Systems Introduction Background Cloud Data Center Security Moving Target Defense MTD for Distributed Systems Moving Target Defense and VM Migration Research Challenges with MTD-VM Conclusion... 9 References Security-Aware Virtual Machine Placement in Cloud Data Center Introduction Related Work Security Evaluation VM Vulnerability Identification Physical Machine Security Evaluation Secure Aware VM Placement Simulation Results Discussion Conclusion References Scalable Network Diversity Modeling For Assessing Threats in Cloud Networks Introduction Related Work Background Multiple Levels of Abstraction Scalable Network Diversity Modeling xi

12 xii Contents 3.4 System Model Resource Subgraph Abstraction Hierarchical Resource Graph Abstraction Scalability Comparisons Construction Phase Evaluation Phase Modification Phase Simulation Results Discussion Conclusion and Future Work References Optimizing Network-Aware Resource Allocation in Cloud Data Centers Introduction Related Work Problem Description Proposed Approach Problem Formulation Algorithm Example Experiments Conclusions References Towards a Network-Aware VM Migration: Evaluating the Cost of VM Migration in Cloud Data Centers Introduction Background Software Defined Networking Global Environment for Network Innovations Testbed Related work Technical Approach Implementation and Evaluation of Remedy Emulated Data Center in GENI Virtualization in Emulated Data center VM Workload and Network Flows Managing Network Resources and Enforcing QoS Analysis and Evaluation of Remedy Model Parameters Results Conclusion and Future work References Index... 75

13 Acronyms MTD AWS VM PM IP SDN GENI DNS DHCP IaaS NVD CVSS HTTP SSH NARAMINT TOR KVM QoS OVS NFS RUBiS Moving Target Defense Amazon Web Services Virtual Machine Physical Machine Internet Protocol Software Defined Networking Global Environment for Network Innovations Domain Name System Dynamic Host Control Protocol Infrastructure as a Service National Vulnerability Database Common Vulnerability Scoring System Hyper Text Transfer Protocol Secure Shell Host Network-aware Resource Allocation technique based on Minimumheight Tree procedure Top Of Rack Kernel-Based Virtual Machine Quality of Service Open VSwitch Network File System Rice University Bidding System xiii

14

15 List of Figures Fig. 1.1 Example cloud data center... 4 Fig. 1.2 MTD based VM Migration... 8 Fig. 2.1 Example of VM attack graph Fig. 2.2 VM dependency relations example Fig. 2.3 Overview of the VM placement procedure Fig. 2.4 VM placement algorithm Fig. 2.5 Comparison of survivability Fig. 3.1 An example network system Fig. 3.2 AG of the example network system Fig. 3.3 Multiple-level abstraction of the example network system with AGs in both the upper and the lower level abstraction Fig. 3.4 Example of cloud network Fig. 3.5 RG abstraction for the example network system Fig. 3.6 Hierarchical RG abstraction for the example network system Fig. 3.7 A networked system configuration for simulation Fig. 3.8 Fig. 3.9 Fig Fig A comparison of number of edges between RG and hierarchical RG in the construction phase A comparison of construction time between RG and hierarchical RG in the construction phase A comparison of number of nodes computed between RG and hierarchical RG in the evaluation phase A comparison of evaluation time between RG and hierarchical RG in the evaluation phase Fig. 4.1 Typical network topology inside a data center Fig. 4.2 Data center topology Fig. 4.3 Sub-tree height height(t 0 ) for the placement of 100 VMs Fig. 4.4 The number of selected racks for 100 VMs Fig. 4.5 Communication cost of the placement for 100 VMs xv

16 xvi List of Figures Fig. 4.6 Sub-tree height height(t 0 ) for 600 racks Fig. 4.7 Algorithm stability for 600 racks Fig. 5.1 GENI experimentation Fig. 5.2 System architecture Fig. 5.3 Data center topology Fig. 5.4 GENI testbed Fig. 5.5 Predicted migration times for a 2 GB VM in a 2000 MB/s link capacity network. Page dirty rates in pages/second Fig. 5.6 Predicted migration times for a 2 GB VM in a 20 MB/s link capacity network. Page dirty rates in pages/second Fig. 5.7 Significance of user specified progress amount (X) on prediction of migration times. XD50 MB, MD64 MB, and TD0.1s Fig. 5.8 Significance of user specified progress amount (X) on prediction of migration times. XD250 MB, MD64 MB, and TD0.1s Fig. 5.9 Predicted migration times for a 2 GB Ubuntu VM and 1 Gbps link capacity. Page dirty rates in pages/second Fig Effect of VM migration on iperf flows with/without QoS... 73

17 List of Tables Table 2.1 Groups for VM and physical machine with different security levels Table 2.2 Number of physical machines within each group before and after placement Table 3.1 Complexity comparison between the traditional RG abstraction and the hierarchical RG abstraction procedure Table 4.1 Rack computational capacities Table 4.2 VM requirements in CPU and memory Table 4.3 Communication requirements between VM (MBPS) Table 4.4 Sub-trees search process in NARAMINT Table 5.1 Predicted bandwidth for a 1 GB VM at migration deadline of 330 s Table 5.2 Predicted Bandwidth for a 1 GB VM at migration deadline of 80 s Table 5.3 Predicted Bandwidth for a 1 GB VM at migration deadline of 8 s Table 5.4 Range of progress amount (X MB) values to select for different VM memory sizes Table 5.5 Actual migration times and average ping latencies xvii