Evaluating and quantifying the feasibility and effectiveness of whole IT system moving target defenses

Bardas, Alexandru Gavril

January 1900

Doctor of Philosophy / Computing and Information Sciences / Scott A. DeLoach / Xinming (Simon) Ou / The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity, and raising the costs of their reconnaissance and attack efforts. Intuitively, the idea of applying MTD techniques to a whole IT system should provide enhanced security; however, little research has been done to show that it is feasible or beneficial to the system’s security. This dissertation presents an MTD platform at the whole IT system level in which any component of the IT system can be automatically and reliably replaced with a fresh new one. A component is simply a virtual machine (VM) instance or a cluster of instances. There are a number of security benefits when leveraging such an MTD platform. Replacing a VM instance with a new one with the most up-to-date operating system and applications eliminates security problems caused by unpatched vulnerabilities and all the privileges the attacker has obtained on the old instance. Configuration parameters for the new instance, such as IP address, port numbers for services, and credentials, can be changed from the old ones, invalidating the knowledge the attackers already obtained and forcing them to redo the work to re-compromise the new instance. In spite of these obvious security benefits, building a system that supports live replacement with minimal to no disruption to the IT system’s normal operations is difficult. Modern enterprise IT systems have complex dependencies among services so that changing even a single instance will almost certainly disrupt the dependent services. Therefore, the replacement of instances must be carefully orchestrated with updating the settings of the dependent instances. This orchestration of changes is notoriously error-prone if done manually, however, limited tool support is available to automate this process. We designed and built a framework (ANCOR) that captures the requirements and needs of a whole IT system (in particular, dependencies among various services) and compiles them into a working IT system. ANCOR is at the core of the proposed MTD platform (ANCOR-MTD) and enables automated live instance replacements. In order to evaluate the platform’s practicality, this dissertation presents a series of experiments on multiple IT systems that show negligible (statistically non-significant) performance impacts. To evaluate the platform’s efficacy, this research analyzes costs versus security benefits by quantifying the outcome (sizes of potential attack windows) in terms of the number of adaptations, and demonstrates that an IT system deployed and managed using the proposed MTD platform will increase attack difficulty.

Moving Target Defense

System security

Cloud

Configuration management

Deployment automation

Automation of the deployment of PHP applications / Automatizace nasazení PHP aplikací

Bauer, Tomáš

January 2011

This diploma thesis deals with the delivery of software products to end users and automation of related processes. After the initial introduction to the issue of deployment, as it is defined by one of the widely used software engineering methodology RUP (Rational Unified Process), the thesis devotes to practices as Continuous Integration, Continuous Delivery and Continuous Deployment which are directly oriented to the delivery of a software product based on automated processes. The second part depicts the design and the implementation of the solution for automation of the deployment of web applications in PHP within the specific developer company. The design part itself covers the analysis of the current state of the manual deploying process of business applications along with possible ways of automation its parts (updating the source code and database schema, application configuration, etc.), the definition of essential requirements for the solution and analysis of available tools which is the base for the selection of the most suitable tools for each component forming the resulting solution. The thesis also depicts interesting or nontrivial parts of implementation of each component, the practical case of usage of the system, the subsequent evaluation of the resulting solution along with estimated benefits and suggestions for the future expansion of its functionality.