Security; Moving Target Defense; Software Defined Networks; Petri nets
Résumé :
[en] The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this
disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
RODRIGUES DE MENDONÇA NETO, Júlio ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX
Kim, Minjune; The University of Queensland - UQ > School of Information Technology and Electrical Engineering
GRACZYK, Rafal ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX
VOLP, Marcus ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX
Kim, Dong Seong; The University of Queensland > School of Information Technology and Electrical Engineering
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Security Modeling and Analysis of Moving Target Defense in Software Defined Networks
Date de publication/diffusion :
28 novembre 2022
Nom de la manifestation :
27th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2022)
Date de la manifestation :
28-11-2022 to 1-12-2022
Manifestation à portée :
International
Titre de l'ouvrage principal :
2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC)
Maison d'édition :
IEEE, Beijing, Chine
ISBN/EAN :
978-1-6654-8555-5
ISSN Collection :
2473-3105
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Projet FnR :
FNR14689454 - Hypervisor-enforced Radiation Tolerance In Multi-core Socs For Space, 2020 (01/09/2021-31/08/2024) - Marcus Völp
Intitulé du projet de recherche :
Hypervisor-enforced Radiation Tolerance In Multi-core Socs For Space
Organisme subsidiant :
FNR - Fonds National de la Recherche
N° du Fonds :
C20/IS/14689454/HERA
Subventionnement (détails) :
This research is supported by the Fond National de Recherche Luxembourg (FNR) through grant no. C20/IS/14689454/HERA.
