Show simple item record

dc.contributor.advisorRay, Indrajit
dc.contributor.authorAmarnath, Athith
dc.contributor.committeememberRay, Indrakshi
dc.contributor.committeememberHayne, Stephen
dc.date.accessioned2019-01-07T17:19:32Z
dc.date.available2019-01-07T17:19:32Z
dc.date.issued2018
dc.description2018 Fall.
dc.descriptionIncludes bibliographical references.
dc.description.abstractSecurity is a very serious concern in this era of digital world. Protecting and controlling access to secured data and services has given more emphasis to access control enforcement and management. Where, access control enforcement with strong policies ensures the data confidentiality, availability and integrity, protecting the access control service itself is equally important. When these services are hosted on a single server for a lengthy period of time, the attackers have potentially unlimited time to periodically explore and enumerate the vulnerabilities with respect to the configuration of the server and launch targeted attacks on the service. Constant proliferation of cloud usage and distributed systems over the last decade have materialized the possibilities of distributing data or hosting services over a group of servers located in different geographical locations. Existing election algorithms used to provide service continuity hosted in the distributed setup work well in a benign environment. However, these algorithms are not secure against skillful attackers who intends to manipulate or bring down the data or service. In this thesis, we design and implement the protection of critical services, such as access-control reference monitors, using the concept of moving target defense. This concept increases the level of difficulty faced by the attacker to compromise the point of service by periodically moving the critical service among a group of heterogeneous servers, thereby changing the attacker surface and increasing uncertainty and randomness in the point of service chosen. We describe an efficient Byzantine fault-tolerant leader election protocol for small networks that achieves the security and performance goals described in the problem statement. We then extend this solution to large enterprise networks by introducing random walk protocol that randomly chooses a subset of servers taking part in the election protocol.
dc.format.mediumborn digital
dc.format.mediummasters theses
dc.identifierAmarnath_colostate_0053N_15206.pdf
dc.identifier.urihttps://hdl.handle.net/10217/193171
dc.languageEnglish
dc.publisherColorado State University. Libraries
dc.relation.ispartof2000-2019 - CSU Theses and Dissertations
dc.rightsCopyright of the original work is retained by the author.
dc.subjectByzantine fault tolerance
dc.subjectrandom walk
dc.subjectmoving target defense
dc.subjectaccess control
dc.titleOn the design of a moving target defense framework for the resiliency of critical services in large distributed networks
dc.typeText
dcterms.rights.dplaThe copyright and related rights status of this Item has not been evaluated (https://rightsstatements.org/vocab/CNE/1.0/). Please refer to the organization that has made the Item available for more information.
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado State University
thesis.degree.levelMasters
thesis.degree.nameMaster of Science (M.S.)


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record