MAZE: A Secure Cloud Storage Service Using Moving Target Defense and Secure Shell Protocol (SSH) Tunneling

pdf

ABSTRACT

Cloud storage services are static attack targets, enabling attackers to thoroughly survey the system, plan their attacks, and execute them over an extended period of time without fear of being interrupted by system changes. Whereas traditional defense mechanisms attempt to identify and resolve system vulnerabilities, Moving Target Defense (MTD) techniques attempt to constantly change the attack surface in order to increase the cost (in terms of time and resources) and difficulty of executing and maintaining successful break-ins.

This work presents MAZE, a secure cloud storage system built from simpler security primitives: virtual machines, Secure Shell Protocol (SSH) tunnels, system randomization, and proactive secret sharing.

In MAZE, the files to be protected are split into pieces and pseudo-randomly dispersed within a large, continuously-changing maze of virtual machines (VMs). Hopping from one VM to another within MAZE is only possible by following timely created doors, which are implemented using SSH tunnels. At any VM, there can be many open doors, each leading to a different VM. In order to store or retrieve a file, an authorized user has to follow a schedule that is provided by the MAZE service to authorized users only. The schedule informs the user of which doors to traverse through in order to recover all the pieces of the file. We implemented and deployed MAZE on the Amazon Web Services cloud and performed a series of experiments that demonstrated the potential of an MTD-based cloud storage system to protect against attackers while providing reasonable response time.

VASCO XU, University of Pittsburgh, USA

SHERIF KHATTAB, University of Pittsburgh, USA

BIO

Vasco Xu received his Bachelor of Philosophy (B.Phil) in Computer Science from the University of Pittsburgh in 2020. His research interests include: Cybersecurity, Internet-of-Things (IoT), Mobile Computing, and Energy Savings. Vasco received an Honorable Mention for the 2021 Outstanding Undergraduate Researcher Award.

  • Cloud Security
  • cloud storage
  • moving target defense
  • Presentations
Submitted by Anonymous on