Assessing Dependability of Web Services under Moving Target Defense Techniques

TitleAssessing Dependability of Web Services under Moving Target Defense Techniques
Publication TypeConference Proceedings
Year of Conference2020
AuthorsDistefano, S., M. Scarpa, X. Chang, and A. Bobbio
Conference Name30th European Safety and Reliability Conference (ESREL)
Pagination1988-1995
Date Published09/2020
PublisherRESEARCH PUBLISHING
Conference LocationVenice
ISBN978-981-14-8593-0
Abstract

Moving Target Defense (MTD) is a quite effective solution for alleviating the impact of attacks from malicious sources or attackers taken from biological/military environments. It works as a proactive defense approach aiming at enhancing the target system security by periodically changing its configuration to reduce the exposure to vulnerabilities and opportunities for attack. Several MTD approaches have been studied in the literature, and one of the simplest and most effective is migrating the service among different nodes of a distributed computing system.
To evaluate the effectiveness of migration-based MTD policies, it is crucial adopting proper cybersecurity metrics and tools for their assessment, which is highly challenging due to ICT complexity in terms of a large number of nodes, attack types, workloads, migration policies, and service delays. Current solutions in MTD evaluation, mainly based on combinatorial (attack trees), game theoretic and state space-based approaches, do not or partially address such challenges altogether. This paper aims at proposing a technique based on Petri nets to overcome limitations of existing solutions. The proposed model is highly scalable and customizable through several parameters. It also allows to stochastically characterize the underlying behaviors and phenomena through non-exponential distributions, obtaining both transient and steady-state metrics. Numerical experiments are performed to demonstrate the capability of the proposed approach in assessing the impact of MTD migration techniques on the system-service dependability, including security, availability and performance.

DOI10.3850/978-981-14-8593-0_4175-cd
Refereed DesignationRefereed