MTD CBITS: Moving Target Defense for Cloud-Based IT Systems

  • Alexandru G. Bardas
  • Sathya Chandran Sundaramurthy
  • Xinming Ou
  • Scott A. DeLoach
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10492)


The static nature of current IT systems gives attackers the extremely valuable advantage of time, as adversaries can take their time and plan attacks at their leisure. Although cloud infrastructures have increased the automation options for managing IT systems, the introduction of Moving Target Defense (MTD) techniques at the entire IT system level is still very challenging. The core idea of MTD is to make a system change proactively as a means to eliminating the asymmetric advantage the attacker has on time. However, due to the number and complexity of dependencies between IT system components, it is not trivial to introduce proactive changes without breaking the system or severely impacting its performance.

In this paper, we present an MTD platform for Cloud-Based IT Systems (MTD CBITS), evaluate its practicality, and perform a detailed analysis of its security benefits. To the best of our knowledge MTD CBITS is the first MTD platform that leverages the advantages of a cloud-automation framework (ANCOR) that captures an IT system’s setup parameters and dependencies using a high-level abstraction. This allows our platform to make automated changes to the IT system, in particular, to replace running components of the system with fresh new instances. To evaluate MTD CBITS’ practicality, we present a series of experiments that show negligible (statistically non-significant) performance impacts. To evaluate effectiveness, we analyze the costs and security benefits of MTD CBITS using a practical attack window model and show how a system managed using MTD CBITS will increase attack difficulty.



We would like to thank the reviewers for their valuable feedback and everyone involved in this research over the years, especially Rui Zhuang, Ali Ali, Simon Novelly, Ian Unruh, and Brian Cain. This work was supported by the Air Force Office of Scientific Research (FA9550-12-1-0106). Opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the agencies’ views.


  1. 1.
    Chaos Monkey. Accessed Apr 2017
  2. 2.
    http-perf. Accessed Apr 2017
  3. 3.
    PaX ASLR. Accessed Apr 2017
  4. 4.
    Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 153–159. Springer, New York (2011). doi: 10.1007/978-1-4614-0977-9_9 CrossRefGoogle Scholar
  5. 5.
    Albanese, M., De Benedictis, A., Jajodia, S., Sun, K.: A moving target defense mechanism for MANETs based on identity virtualization. In: IEEE CNS (2013)Google Scholar
  6. 6.
    Antonatos, S., Akritidis, P., Markatos, E.P., Anagnostakis, K.G.: Defending against Hitlist worms using network address space randomization. In: ACM WORM (2005)Google Scholar
  7. 7.
    Armbust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. In: ACM CACM (2010)Google Scholar
  8. 8.
    Bauer, K., Dedhia, V., Skowyra, R., Streilein, W., Okhravi, H.: Multi-variant execution to protect unpatched software. In: RWS (2015)Google Scholar
  9. 9.
    Boyd, S.W., Kc, G.S., Locasto, M.E., Keromytis, A.D., Prevelakis, V.: On the general applicability of instruction-set randomization. In: IEEE TDSC, July 2010Google Scholar
  10. 10.
    Canonical, Metal as a Service (MAAS). Accessed Apr 2017
  11. 11.
    Casola, V., Benedictis, A.D., Albanese, M.: A moving target defense approach for protecting resource-constrained distributed devices. In: IEEE IRI (2013)Google Scholar
  12. 12.
    Chef. Accessed Mar 2017
  13. 13.
    Chen, P., Xu, J., Lin, Z., Xu, D., Mao, B., Liu, P.: A practical approach for adaptive data structure layout randomization. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 69–89. Springer, Cham (2015). doi: 10.1007/978-3-319-24174-6_4 CrossRefGoogle Scholar
  14. 14.
    Christodorescu, M., Fredrikson, M., Jha, S., Giffin, J.: End-to-End software diversification of internet services. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 117–130. Springer, New York (2011). doi: 10.1007/978-1-4614-0977-9_7 CrossRefGoogle Scholar
  15. 15.
    Crowdstrike, Bears in the Midst. Accessed Apr 2017
  16. 16.
    Cybenko, G., Hughes, J.: No free lunch in cyber security. In: MTD (2014)Google Scholar
  17. 17.
    De Capitani, S., di Vimercati, S., Foresti, S., Jajodia, S.P., Samarati, P.: Efficient integrity checks for join queries in the cloud. In: IOS JCS (2016)Google Scholar
  18. 18.
    Democratic National Committee. Accessed Apr 2017
  19. 19.
    DHS, Moving Target Defense. Accessed Apr 2017
  20. 20.
    Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: a moving target IPv6 defense. In: IEEE MILCOM (2011)Google Scholar
  21. 21.
    Eskridge, T.C., Carvalho, M.M., Stoner, E., Toggweiler, T., Granados, A.: VINE: a cyber emulation environment for MTD experimentation. In: ACM MTD (2015)Google Scholar
  22. 22.
    Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of Moving Target Defenses (2011)Google Scholar
  23. 23.
    Hobson, T., Okhravi, H., Bigelow, D., Rudd, R., Streilein, W.: On the challenges of effective movement. In: ACM MTD (2014)Google Scholar
  24. 24.
    Homescu, A., Jackson, T., Crane, S., Brunthaler, S., Larsen, P., Franz, M.: Large-scale automated software diversity-program evolution redux. In: IEEE TDSC (2015)Google Scholar
  25. 25.
    Huang, Y., Arsenault, D., Sood, A.: Closing cluster attack windows through server redundancy and rotations. In: Workshop on Cluster Security (2006)Google Scholar
  26. 26.
    Hughes, J., Cybenko, G.: Quantitative metrics and risk assessment: the three tenets model of cybersecurity. In: Technology Innovation Management Review (2013)Google Scholar
  27. 27.
    Jafarian, J.H., Al-Shaer, E., Duan, Q.: An effective address mutation approach for disrupting reconnaissance attacks. IEEE Trans. Inf. Forensics Secur. 10, 2562–2577 (2015)CrossRefGoogle Scholar
  28. 28.
    Karapanos, N., Filios, A., Popa, R.A., Capkun, S.: Verena: end-to-end integrity protection for web applications. In: IEEE S&P (2016)Google Scholar
  29. 29.
    Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: ACM CCS (2003)Google Scholar
  30. 30.
    Keromytis, A.D., Geambasu, R., Sethumadhavan, S., Stolfo, S.J., Yang, J., Benameur, A., Dacier, M., Elder, M., Kienzle, D., Stavrou, A.: The MEERKATS cloud security architecture. In: IEEE DCS (2012)Google Scholar
  31. 31.
    Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address Space Layout Permutation (ASLP): towards fine-grained randomization of commodity software. In: IEEE ACSAC (2006)Google Scholar
  32. 32.
    Manadhata, P.K., Wing, J.M.: An attack surface metric. In: IEEE TSE (2010)Google Scholar
  33. 33.
    Mandiant, APT1 Report. Accessed Mar 2017
  34. 34.
    Mandiant, M-Trends 2016 Report. Accessed Apr 2017
  35. 35.
    Mandiant, M-Trends 2017 Report. Accessed Apr 2017
  36. 36.
    MediaWiki. Accessed Apr 2017
  37. 37.
    Moon, S.-J., Sekar, V., Reiter, M.K.: Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. In: ACM CCS (2015)Google Scholar
  38. 38.
    Narain, S., Coan, D.C., Falchuk, B., Gordon, S., Kang, J., Kirsch, J., Naidu, A., Sinkar, K., Tsang, S., Malik, S., Zhang, S., Rajabian-Schwart, V., Tirenin, W.: A science of network configuration. J. CSIAC-CSIS, 4(1), 18–31 (2016)Google Scholar
  39. 39.
    Narain, S., Malik, S., Al-Shaer, E.: Towards eliminating configuration errors in cyber infrastructure. In: IEEE SafeConfig (2011)Google Scholar
  40. 40.
    Nguyen, Q., Sood, A.: Designing SCIT architecture pattern in a cloud-based environment. In: DSN-W (2011)Google Scholar
  41. 41.
    Okhravi, H., Riordan, J., Carter, K.: Quantitative evaluation of dynamic platform techniques as a defensive mechanism. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 405–425. Springer, Cham (2014). doi: 10.1007/978-3-319-11379-1_20 Google Scholar
  42. 42.
    Portokalidis, G., Keromytis, A.D.: Global ISR: toward a comprehensive defense against unauthorized code execution. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 49–76. Springer, New York (2011). doi: 10.1007/978-1-4614-0977-9_3 CrossRefGoogle Scholar
  43. 43.
    Puppet., Accessed Apr 2017
  44. 44.
    Puppet Blog., Accessed Apr 2017
  45. 45.
    Puppet Hiera. Accessed Apr 2017
  46. 46.
    Puppet, os_hardening. Accessed Apr 2017
  47. 47.
    Unruh, I., Bardas, A.G., Zhuang, R., Ou, X., DeLoach, S.A.: Compiling abstract specifications into concrete systems - bringing order to the cloud. In: USENIX LISA (2014)Google Scholar
  48. 48.
    US Patent US6917930. Accessed Apr 2017
  49. 49.
    Verizon, 2016 DBIR. Accessed Apr 2017
  50. 50.
    Vikram, S., Yang, C., Gu, G.: NOMAD: towards non-intrusive MTD against web bots. In: IEEE CNS (2013)Google Scholar
  51. 51.
    Wikibench. Accessed Apr 2017
  52. 52.
    Wikipedia DB dumps. Accessed Apr 2017
  53. 53.
    Williams, D., Hu, W., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. In: IEEE S&P, July 2009Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Alexandru G. Bardas
    • 1
  • Sathya Chandran Sundaramurthy
    • 2
  • Xinming Ou
    • 3
  • Scott A. DeLoach
    • 4
  1. 1.University of KansasLawrenceUSA
  2. 2.DataVisorMountain ViewUSA
  3. 3.University of South FloridaTampaUSA
  4. 4.Kansas State UniversityManhattanUSA

Personalised recommendations