A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures

Torkura, Kennedy A.; Sukmana, Muhammad I.H.; Kayem, Anne V. D. M.

doi:10.1109/bdcloud.2018.00137

Cited by 17 publications

(10 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There were 11.8% primary studies that focused on MTD. Torkura et al [ 35 ] identified the shared vulnerabilities in the microservice architecture and proposed a solution utilizing the moving target defense (MTD), which evaluates the system’s risk assessment. The risk assessment is crucial for the system to identify the potential vulnerabilities, likelihood, and impact.…”

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.

show abstract

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The derivation from base images introduces a homogeneity [61] in MSA, providing simplicity in managing multiple technologies. However, the simplicity also becomes another security loophole.…”

Section: Microservice Attack (A 10~a15 )mentioning

confidence: 99%

“…To prevent MSA attacks, prior work on moving target defense approach by Torkura et al [61] can be considered. Their defense introduces the diversification index that can be used to determine the degree of diversification in the container image and the code.…”

Section: Defense For Microservice Attackmentioning

confidence: 99%

A Security Analysis of Blockchain-Based Did Services

et al. 2021

View full text Add to dashboard Cite

Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.

show abstract

“…Torkura et al [25] provided a risk analysis methodology consisting of multilayered techniques that evaluate microservice architectures with resulting security risk metrics. These metrics are computed using two risk models: OWASP Risk Rating Methodology and Common Vulnerability Score System (CVSS).…”

Section: Related Workmentioning

confidence: 99%

Performance Evaluation of Container-Level Anomaly-Based Intrusion Detection Systems for Multi-Tenant Applications Using Machine Learning Algorithms

Cavalcanti

Inácio

Freire

2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

The virtualization of computing resources provided by containers has gained increasing attention and has been widely used in cloud computing. This new demand for container technology has been growing and the use of Docker and Kubernetes is considerable. According to recent technology surveys, containers are now mainstream. However, currently, one of the major challenges rises from the fact that multiple containers, with different owners, may cohabit on the same host. In container-based multi-tenant environments, security issues are of major concern. In this paper we investigate the performance of container-level anomaly-based intrusion detection systems for multi-tenant applications. We investigate the use of Bag of System Calls (BoSC) technique and the sliding window with the classifier and we consider eight machine learning algorithms for classification purposes. We show that among the eight machine learning algorithms, the best classification results are obtained with Decision Tree and Random Forest which lead to an F-Measure of 99.8%, using a sliding window with a size of 30 and the BoSC algorithm in both cases. We also show that, although both Decision Tree and Random Forest algorithms leads to the best classification results, the Decision Tree algorithm has a shorter execution time and consumes less CPU and memory than the Random Forest.

show abstract

A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures

Cited by 17 publications

References 29 publications

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

A Security Analysis of Blockchain-Based Did Services

Performance Evaluation of Container-Level Anomaly-Based Intrusion Detection Systems for Multi-Tenant Applications Using Machine Learning Algorithms

Contact Info

Product

Resources

About