Cluster Computing

, Volume 22, Issue 3, pp 721–736 | Cite as

Online Smart Disguise: real-time diversification evading coresidency-based cloud attacks

  • Mona S. KashkoushEmail author
  • Mohamed Azab
  • Gamal Attiya
  • Amr S. Abed


Security is a major challenge in Cloud Computing. In this paper, we propose an Online Smart Disguise Framework (OSDF). OSDF employs dynamic, proactive, real-time moving-target defense against cloud attacks. OSDF relies on two main pillars. The first, is a behavior obscuring module that frequently live-migrates virtual machines (VMs) between heterogeneously configured compute nodes to avoid co-residency and virtualization based attacks. The second module limits attack dispersion between same-host VMs by migrating maliciously behaving VMs to remote isolated compute node acting as a quarantine zone. The second module is guided by a smart intrusion detection system that monitors the VM system calls searching for suspicious activities. To evaluate OSDF efficiency and effectiveness on limiting attack dispersion, we devised the vulnerable, exposed, attacked, recovered model based on the susceptible, exposed, infected, recovered (SEIR) epidemic model. The SEIR model is an epidemiological model commonly used to investigate disease dispersion on cooperative communities. The implementation of OSDF is tested on OpenStack private cloud. Simulation results show the effectiveness of OSDF MTD approach in decreasing the number of attacked VMs even for fast-spreading worms. Furthermore, NAS Parallel Benchmark is used to evaluate OSDF efficiency for cloud-hosted VMs running both stateful and stateless applications.


Cloud computing security Bio-inspired security Moving target defense Co-residency attacks 


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
    Abed, A.S., Clancy, C., Levy, D.S.: Intrusion detection system for applications using linux containers. In: International Workshop on Security and Trust Management, pp. 123–135. Springer (2015)Google Scholar
  7. 7.
    Azab, M., Eltoweissy, M.: Chameleonsoft: software behavior encryption for moving target defense. Mobile Netw. Appl. 18(2), 271–292 (2013)CrossRefGoogle Scholar
  8. 8.
    Azab, M., Eltoweissy, M.: Migrate: towards a lightweight moving-target defense against cloud side-channels. In: IEEE Security and Privacy Workshops (SPW), 2016, pp. 96–103. IEEE, Washington DC (2016)Google Scholar
  9. 9.
    Beloglazov, A., Piraghaj, S.F., Alrokayan, M., Buyya, R.: Deploying openstack on centos using the KVM hypervisor and GlusterFS distributed file system. University of Melbourne (2012)Google Scholar
  10. 10.
    Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener. Comput. Syst. 25(6), 599–616 (2009)CrossRefGoogle Scholar
  11. 11.
    Cai, G., Wang, B., Wei, H., Wang, T.: Moving target defense: state of the art and characteristics. Front. Inf. Technol. Electron. Eng. 17(11), 1122–1153 (2016)CrossRefGoogle Scholar
  12. 12.
    Chiueh, S.N.T.C., Brook, S.: A survey on virtualization technologies. RPE Report pp. 1–42 (2005)Google Scholar
  13. 13.
    Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, pp. 29–48. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Expósito, R.R., Taboada, G.L., Ramos, S., TouriñO, J., Doallo, R.: Performance analysis of HPC applications in the cloud. Future Gen. Comput. Syst. 29(1), 218–229 (2013)CrossRefGoogle Scholar
  15. 15.
    Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  16. 16.
    Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)CrossRefGoogle Scholar
  17. 17.
    Ibrahim, A.S., Hamlyn-Harris, J., Grundy, J., Almorsy, M.: Cloudsec: a security monitoring appliance for virtual machines in the IAAS cloud model. In: Proceedings of the 5th International Conference on Network and System Security (NSS) 2011, pp. 113–120. IEEE, Piscataway (2011)Google Scholar
  18. 18.
    Kaur, P., Rani, A.: Virtual machine migration in cloud computing. Int. J. Grid Distrib. Comput. 8(5), 337–342 (2015)CrossRefGoogle Scholar
  19. 19.
    Khorshed, M.T., Ali, A.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012)CrossRefGoogle Scholar
  20. 20.
    Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security symposium, pp. 189–204 (2012)Google Scholar
  21. 21.
    Lee, W., Stolfo, S.J., et al.: Data mining approaches for intrusion detection. In: USENIX Security Symposium, pp. 79–93. San Antonio, TX (1998)Google Scholar
  22. 22.
    Mell, P., Grance, T.: A NIST definition of cloud computing. National Institute of Standards and Technology (NIST) Special Publication 800-145 (2009)Google Scholar
  23. 23.
    Modi, C., Patel, D., Borisaniya, B., Patel, A., Rajarajan, M.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63(2), 561–592 (2013)CrossRefGoogle Scholar
  24. 24.
    Moon, S.J., Sekar, V., Reiter, M.K.: Nomad: Mitigating arbitrary cloud side channels via provider-assisted migration. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1595–1606. ACM, New York (2015)Google Scholar
  25. 25.
    Murtaza, S.S., Khreich, W., Hamou-Lhadj, A., Couture, M.: A host-based anomaly detection approach by representing system calls as states of kernel modules. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431–440. IEEE Computer Society, Los Alamitos (2013)Google Scholar
  26. 26.
    Okhravi, H., Comella, A., Robinson, E., Haines, J.: Creating a cyber moving target for critical infrastructure applications using platform diversity. Int. J. Crit. Infrastruct. Prot. 5(1), 30–39 (2012)CrossRefGoogle Scholar
  27. 27.
    Satsuma, J., Willox, R., Ramani, A., Grammaticos, B., Carstea, A.: Extending the sir epidemic model. Physica A 336(3), 369–375 (2004)CrossRefGoogle Scholar
  28. 28.
    Theoharidou, M., Papanikolaou, N., Pearson, S., Gritzalis, D.: Privacy risk, security, accountability in the cloud. In: 2013 IEEE 5th International Conference on, Cloud Computing Technology and Science (CloudCom), vol. 1, pp. 177–184. IEEE, Washington, DC (2013)Google Scholar
  29. 29.
    Zhang, Y., Reiter, M.K.: Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 827–838. ACM, New York (2013)Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Mona S. Kashkoush
    • 1
    • 2
    Email author
  • Mohamed Azab
    • 1
    • 3
    • 4
  • Gamal Attiya
    • 2
  • Amr S. Abed
    • 4
    • 5
  1. 1.The City of Scientific Research and Technological ApplicationsAlexandriaEgypt
  2. 2.Faculty of Electronic EngineeringMenoufia UniversityMenoufiaEgypt
  3. 3.Computer and Information Sciences DepartmentVirginia Military InstituteLexingtonUSA
  4. 4.Virginia TechBlacksburgUSA
  5. 5.Minia UniversityMiniaEgypt

Personalised recommendations