research-article

Public Access

Performability analysis of services in a software-defined networking adopting time-based moving target defense mechanisms

Authors:

Júlio Mendonça,

Terrence J. Moore,

Frederica F. Nelson,

Armin Zimmermann,

Dong Seong KimAuthors Info & Claims

SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Pages 1180 - 1189

https://doi.org/10.1145/3341105.3374016

Published: 30 March 2020 Publication History

Abstract

Moving target defense (MTD) has been developed as an emerging technology to enhance system/network security by randomly and continuously changing attack surface. Despite the significant progress of recent efforts in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist in terms of the impact of running MTD mechanisms on system performance and dependability, exposing a critical design tradeoff between security and performance. To investigate the tradeoff, we propose performability models for evaluating services hosted in software-defined networks with a time-based MTD mechanism being deployed. We developed analytical models for evaluating key performability metrics, in terms of response time, throughput, availability, host utilization, a number of requests lost, and cost (i.e., energy consumption plus profits lost due to dropped jobs). Our results showed that using the time-based MTD mechanism can (1) improve service response time and host utilization; (2) introduce a higher number of requests lost and higher overall cost; and (3) reduce service availability while still handling most of the jobs without much performance degradation.

References

[1]

S. Antonatos, P. Akritidis, E. P. Markatos, and K. G. Anagnostakis. 2005. Defending Against Hitlist Worms Using Network Address Space Randomization. In Proceedings of the 2005 ACM Workshop on Rapid Malcode (WORM '05). 30--40.

Digital Library

[2]

Guilin Cai, Baosheng Wang, Yuebin Luo, and Wei Hu. 2016. A Model for Evaluating and Comparing Moving Target Defense Techniques Based on Generalized Stochastic Petri Net. 184--197.

[3]

Thomas E. Carroll, Michael Crouse, Errin W. Fulp, and Kenneth S. Berenhaut. 2014. Analysis of network address shuffling as a moving target defense. In 2014 IEEE International Conference on Communications (ICC). IEEE, 701--706.

[4]

C.G. Cassandras and Stephane Lafortune. 2010. Introduction to Discrete Event Systems (2nd ed.). Springer Publishing Company, Incorporated. 800 pages.

[5]

Yiyu Chen, Amitayu Das, Wubi Qin, Anand Sivasubramaniam, Qian Wang, and Natarajan Gautam. 2005. Managing Server Energy and Operational Costs in Hosting Centers. In Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '05). ACM, New York, NY, USA, 303--314.

Digital Library

[6]

Warren Connell, Daniel A Menasce, and Massimiliano Albanese. 2018. Performance modeling of moving target defenses with reconfiguration limits. IEEE Transactions on Dependable and Secure Computing (2018).

Digital Library

[7]

Iman El Mir, Ankur Chowdhary, Dijiang Huang, Sandeep Pisharody, Dong Seong Kim, and Abdelkrim Haqiq. 2018. Software Defined Stochastic Model for Moving Target Defense. In Proceedings of the Third International Afro-European Conference for Industrial Advancement --- AECIA 2016, Ajith Abraham, Abdelkrim Haqiq, Aboul Ella Hassanien, Vaclav Snasel, and Adel M. Alimi (Eds.). Springer International Publishing, 188--197.

[8]

E. N. Elnozahy, Michael Kistler, and Ramakrishnan Rajamony. 2003. Energy-efficient Server Clusters. In Proceedings of the 2Nd International Conference on Power-aware Computer Systems (PACS'02). Springer-Verlag, 179--197.

[9]

Mengmeng Ge, Huy Kang Kim, and Dong Seong Kim. 2017. Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 53--60.

[10]

Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martin Casado, Nick McKeown, and Scott Shenker. 2008. NOX: Towards an Operating System for Networks. SIGCOMM Comput. Commun. Rev. 38, 3 (July 2008), 105--110.

Digital Library

[11]

J. B. Hong and D. S. Kim. 2016. Assessing the Effectiveness of Moving Target Defenses Using Security Models. IEEE Transactions on Dependable and Secure Computing 13, 2 (March 2016), 163--177.

Digital Library

[12]

T. Hu, M. Guo, S. Guo, H. Ozaki, L. Zheng, K. Ota, and M. Dong. 2010. MTTF of Composite Web Services. In International Symposium on Parallel and Distributed Processing with Applications. 130--137.

Digital Library

[13]

O. C. Ibe, H. Choi, and K. S. Trivedi. 1993. Performance evaluation of client-server systems. IEEE Transactions on Parallel and Distributed Systems 4, 11 (Nov 1993), 1217--1229.

Digital Library

[14]

Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. 2012. Openflow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Networking. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks. 127--132.

Digital Library

[15]

D. S. Kim, F. Machida, and K. S. Trivedi. 2009. Availability Modeling and Analysis of a Virtualized System. In 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing. 365--371.

[16]

D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig. 2015. Software-Defined Networking: A Comprehensive Survey. Proc. IEEE 103, 1 (Jan 2015), 14--76.

[17]

Douglas C Macfarland and Craig A Shue. 2015. The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking. Proceedings of the Second ACM Workshop on Moving Target Defense (2015), 37--41.

Digital Library

[18]

F. Machida, E. Andrade, D. S. Kim, and K. S. Trivedi. 2011. Candy: Component-based Availability Modeling Framework for Cloud Service Management Using SysML. In 2011 IEEE 30th International Symposium on Reliable Distributed Systems. 209--218.

[19]

Hoda Maleki, Saeed Valizadeh, William Koch, Azer Bestavros, and Marten van Dijk. 2016. Markov Modeling of Moving Target Defense Games. In Proceedings of the 2016 ACM Workshop on Moving Target Defense - MTD'16. ACM Press, 81--92.

Digital Library

[20]

M. Ajmone Marsan and G. Chiola. 1987. On Petri nets with deterministic and exponentially distributed firing times. In Advances in Petri Nets 1987. Vol. 266. 132--145.

[21]

Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM Comput. Commun. Rev. 38, 2 (March 2008), 69--74.

Digital Library

[22]

Daniel Menascé. 2003. Security Performance. IEEE Internet Computing 7, 3 (May 2003), 84--87.

Digital Library

[23]

J. Mendonça, R. Lima, R. Matos, J. Ferreira, and E. Andrade. 2018. Availability Analysis of a Disaster Recovery Solution Through Stochastic Models and Fault Injection Experiments. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[24]

John F Meyer. 1980. On Evaluating the Performability of Degradable Computing Systems. IEEE Trans. Comput. C-29, 8 (Aug 1980), 720--731.

Digital Library

[25]

Danilo Oliveira, Rubens Matos, Jamilson Dantas, João Ferreira, Bruno Silva, Gustavo Callou, Paulo Maciel, and André Brinkmann. 2017. Advanced Stochastic Petri Net Modeling with the Mercury Scripting Language. In Proceedings of the 11th EAI International Conference on Performance Evaluation Methodologies and Tools.

Digital Library

[26]

F Owen Hoffman, Charles W Miller, and DC Disclaimer. 1983. Umcertainties in Environmental Radiological Assessment models and their Implications. Technical Report. 57 pages.

[27]

Georgios Portokalidis and Angelos D. Keromytis. 2011. Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution. Springer New York, New York, NY, 49--76.

[28]

Sailik Sengupta, Ankur Chowdhary, Abdulhakim Sabur, Dijiang Huang, Adel Alshamrani, and Subbarao Kambhampati. 2019. A Survey of Moving Target Defenses for Network Security. (may 2019). arXiv:1905.00964 http://arxiv.org/abs/1905.00964

[29]

Dilli Prasad Sharma, Dong Seong Kim, Seunghyun Yoon, Hyuk Lim, Jin-hee Cho, and Terrence J Moore. 2018. FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications / 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 579--587.

[30]

Leyi Shi, Chunfu Jia, Shuwang Lü, and Zhenhua Liu. 2007. Port and Address Hopping for Active Cyber-defense. In Proceedings of the 2007 Pacific Asia Conference on Intelligence and Security Informatics. Springer-Verlag, 295--300.

Digital Library

[31]

Bruno Silva, Rubens Matos, Gustavo Callou, Jair Figueiredo, Danilo Oliveira, Joao Ferreira, Jamilson Dantas, Aleciano Lobo, Vandi Alves, and Paulo Maciel. 2015. Mercury: An integrated environment for performance and dependability evaluation of general systems. In Proceedings of Industrial Track at 45th Dependable Systems and Networks Conference, DSN.

[32]

RM Smith, Kishor S. Trivedi, and AV Ramesh. 1988. Performability analysis: measures, an algorithm, and a case study. IEEE Trans. Comput. 37, 4 (1988), 406--417.

Digital Library

[33]

Kishor S. Trivedi and Robin Sahner. 2009. SHARPE at the Age of Twenty Two. SIGMETRICS Perform. Eval. Rev. 36, 4 (March 2009), 52--57.

Digital Library

[34]

Armin Zimmermann. 2007. Stochastic Discrete Event Systems. Springer.

[35]

Armin Zimmermann. 2017. Modelling and Performance Evaluation with TimeNET 4.4. In Quantitative Evaluation of Systems, Nathalie Bertrand and Luca Bortolussi (Eds.). Springer International Publishing, Cham, 300--303.

Cited By

Torquato MMaciel PVieira M(2024)Evaluation of time-based virtual machine migration as moving target defense against host-based attacksJournal of Systems and Software10.1016/j.jss.2024.112222(112222)Online publication date: Sep-2024
https://doi.org/10.1016/j.jss.2024.112222
Zhang LGuo YLeng SCao XLi FFang L(2024)Cost-Effective Defense Timing Selection for Moving Target Defense in Satellite Computing SystemsComputational Science – ICCS 202410.1007/978-3-031-63749-0_16(224-239)Online publication date: 28-Jun-2024
https://doi.org/10.1007/978-3-031-63749-0_16
Xie LHang FGuo WZhang ZLi H(2022)Edge Computing on Cooperative Host Security Defense System Based on Social IoT SystemsInternational Journal of Distributed Systems and Technologies10.4018/IJDST.30795613:7(1-21)Online publication date: 2-Sep-2022
https://doi.org/10.4018/IJDST.307956
Show More Cited By

Index Terms

Performability analysis of services in a software-defined networking adopting time-based moving target defense mechanisms

Recommendations

Analysis of VM migration scheduling as moving target defense against insider attacks
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

As cybersecurity threats evolve, cloud computing defenses must adapt to face new challenges. Unfortunately, due to resource sharing, cloud computing platforms open the door for insider attacks, which consist of malicious actions from cloud authorized ...
POSTER: Toward Intelligent Cyber Attacks for Moving Target Defense Techniques in Software-Defined Networking
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Moving Target Defenses (MTD) are proactive security countermeasures that change the attack surface in a system in ways that make it harder for attackers to succeed. These techniques have been shown to be effective, and their application in software-...
Securing Software-Defined Networks Through Adaptive Moving Target Defense Capabilities
Abstract
Over the last decade, Software-Defined Networking (SDN) has become increasingly popular in computer network infrastructures. However, due to its relatively recent implementation, protective measures still need to be fully developed. One ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

March 2020

2348 pages

ISBN:9781450368667

DOI:10.1145/3341105

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University
,
Tomas Cerny
Baylor University
,
Program Chairs:
Dongwan Shin
New Mexico Tech
,
Alessio Bechini
University of Pisa, Italy

Copyright © 2020 ACM.

© 2020 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 March 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Army Research Laboratory
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior
U.S. Army Combat Capabilities Development Command

Conference

SAC '20

Sponsor:

SIGAPP

SAC '20: The 35th ACM/SIGAPP Symposium on Applied Computing

March 30 - April 3, 2020

Brno, Czech Republic

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
498
Total Downloads

Downloads (Last 12 months)133
Downloads (Last 6 weeks)18

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Torquato MMaciel PVieira M(2024)Evaluation of time-based virtual machine migration as moving target defense against host-based attacksJournal of Systems and Software10.1016/j.jss.2024.112222(112222)Online publication date: Sep-2024
https://doi.org/10.1016/j.jss.2024.112222
Zhang LGuo YLeng SCao XLi FFang L(2024)Cost-Effective Defense Timing Selection for Moving Target Defense in Satellite Computing SystemsComputational Science – ICCS 202410.1007/978-3-031-63749-0_16(224-239)Online publication date: 28-Jun-2024
https://doi.org/10.1007/978-3-031-63749-0_16
Xie LHang FGuo WZhang ZLi H(2022)Edge Computing on Cooperative Host Security Defense System Based on Social IoT SystemsInternational Journal of Distributed Systems and Technologies10.4018/IJDST.30795613:7(1-21)Online publication date: 2-Sep-2022
https://doi.org/10.4018/IJDST.307956
Kim MCho JLim HMoore TNelson FKo RDongseong Kim D(2022)Evaluating Performance and Security of a Hybrid Moving Target Defense in SDN Environments2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS57517.2022.00037(276-286)Online publication date: Dec-2022
https://doi.org/10.1109/QRS57517.2022.00037
Mendonca JKim MGraczyk RVolp MKim D(2022)Security Modeling and Analysis of Moving Target Defense in Software Defined Networks2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC55274.2022.00028(141-151)Online publication date: Nov-2022
https://doi.org/10.1109/PRDC55274.2022.00028
Kim MCho JLim HMoore TNelson FKim D(2022)Performance and Security Evaluation of a Moving Target Defense Based on a Software-Defined Networking Environment2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC55274.2022.00026(119-129)Online publication date: Nov-2022
https://doi.org/10.1109/PRDC55274.2022.00026
Nguyen TKim MLee JMin DLee JKim D(2022)Performability evaluation of switch-over Moving Target Defence mechanisms in a Software Defined Networking using stochastic reward netsJournal of Network and Computer Applications10.1016/j.jnca.2021.103267199:COnline publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1016/j.jnca.2021.103267
Bajic ABecker G(2022)Automated benchmark network diversification for realistic attack simulation with application to moving target defenseInternational Journal of Information Security10.1007/s10207-021-00552-921:2(253-278)Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s10207-021-00552-9
Mendonça JCho JMoore TNelson FLim HDongseong Kim D(2021)Performance impact analysis of services under a time-based moving target defense mechanismThe Journal of Defense Modeling and Simulation: Applications, Methodology, Technology10.1177/1548512921103693720:1(41-56)Online publication date: 18-Aug-2021
https://doi.org/10.1177/15485129211036937
Torquato MMaciel PVieira MHung CHong JBechini ASong E(2021)Analysis of VM migration scheduling as moving target defense against insider attacksProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3441899(194-202)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3441899
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents