About being the Tortoise or the Hare? - A Position Paper on Making Cloud Applications too Fast and Furious for Attackers
This addresses security for cloud applications by shifting from passive defense to active attack on intruders, though it is incremental as it adapts biological concepts to computing.
The paper tackles the problem of cloud application vulnerabilities by proposing an immune system-inspired approach to actively purge undetected intruders, reducing their undetected acting period to minutes in evaluations on AWS, Google Compute Engine, Azure, and OpenStack.
Cloud applications expose - beside service endpoints - also potential or actual vulnerabilities. And attackers have several advantages on their side. They can select the weapons, the point of time and the point of attack. Very often cloud application security engineering efforts focus to harden the fortress walls but seldom assume that attacks may be successful. So, cloud applications rely on their defensive walls but seldom attack intruders actively. Biological systems are different. They accept that defensive "walls" can be breached at several layers and therefore make use of an active and adaptive defense system to attack potential intruders - an immune system. This position paper proposes such an immune system inspired approach to ensure that even undetected intruders can be purged out of cloud applications. This makes it much harder for intruders to maintain a presence on victim systems. Evaluation experiments with popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) showed that this could minimize the undetected acting period of intruders down to minutes.