Analyzing Moving Target Defense for Resilient Campus Private Cloud

With the surge in data-intensive science applications, the campus cloud infrastructures are increasingly dealing with sensitive data that has strict security requirements. However, in most cases due to lack of sophisticated security frameworks and trained personnel, such campus private clouds (CPC) are not fully equipped to handle sophisticated integrity, availability, and confidentiality attacks. In this paper, we demonstrate the utility of a cost-effective, and implementationally simpler Moving Target Defense (MTD) based cloud resource adaptation approach that significantly reduces the probability of attack success. In particular, we propose a Bayesian Attack Graph (BAG) based threat assessment model. Our proposed model follows Common Vulnerability Scoring System (CVSS) impact evaluation recommendations. As a case study, We use our graph based threat assessment model to demonstrate the utility of MTD against attacks on City University of New York (CUNY) research network. The study involves unique scenarios with multiple confidentiality, integrity, and availability related vulnerabilities being exploited by attacks from different network locations. Finally, we simulate a CUNY research network in GENI environment to validate our BAG model by emulating attack scenarios and observing system resilience with and without MTD.