On the design of a moving target defense framework for the resiliency of critical services in large distributed networks
| dc.contributor.author | Amarnath, Athith, author | |
| dc.contributor.author | Ray, Indrajit, advisor | |
| dc.contributor.author | Ray, Indrakshi, committee member | |
| dc.contributor.author | Hayne, Stephen, committee member | |
| dc.date.accessioned | 2019-01-07T17:19:32Z | |
| dc.date.available | 2019-01-07T17:19:32Z | |
| dc.date.issued | 2018 | |
| dc.description.abstract | Security is a very serious concern in this era of digital world. Protecting and controlling access to secured data and services has given more emphasis to access control enforcement and management. Where, access control enforcement with strong policies ensures the data confidentiality, availability and integrity, protecting the access control service itself is equally important. When these services are hosted on a single server for a lengthy period of time, the attackers have potentially unlimited time to periodically explore and enumerate the vulnerabilities with respect to the configuration of the server and launch targeted attacks on the service. Constant proliferation of cloud usage and distributed systems over the last decade have materialized the possibilities of distributing data or hosting services over a group of servers located in different geographical locations. Existing election algorithms used to provide service continuity hosted in the distributed setup work well in a benign environment. However, these algorithms are not secure against skillful attackers who intends to manipulate or bring down the data or service. In this thesis, we design and implement the protection of critical services, such as access-control reference monitors, using the concept of moving target defense. This concept increases the level of difficulty faced by the attacker to compromise the point of service by periodically moving the critical service among a group of heterogeneous servers, thereby changing the attacker surface and increasing uncertainty and randomness in the point of service chosen. We describe an efficient Byzantine fault-tolerant leader election protocol for small networks that achieves the security and performance goals described in the problem statement. We then extend this solution to large enterprise networks by introducing random walk protocol that randomly chooses a subset of servers taking part in the election protocol. | |
| dc.format.medium | born digital | |
| dc.format.medium | masters theses | |
| dc.identifier | Amarnath_colostate_0053N_15206.pdf | |
| dc.identifier.uri | https://hdl.handle.net/10217/193171 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado State University. Libraries | |
| dc.relation.ispartof | 2000-2019 | |
| dc.rights | Copyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright. | |
| dc.subject | Byzantine fault tolerance | |
| dc.subject | random walk | |
| dc.subject | moving target defense | |
| dc.subject | access control | |
| dc.title | On the design of a moving target defense framework for the resiliency of critical services in large distributed networks | |
| dc.type | Text | |
| dcterms.rights.dpla | This Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Colorado State University | |
| thesis.degree.level | Masters | |
| thesis.degree.name | Master of Science (M.S.) |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Amarnath_colostate_0053N_15206.pdf
- Size:
- 4.5 MB
- Format:
- Adobe Portable Document Format