Abstract Moving Target Defense (MTD) is a defensive strategy to thwart adversaries by continuously shifting the attack surface. The MTD techniques can be applied to the cloud computing to make the cloud more unpredictable, hence more difficult to exploit. There are many MTD techniques proposed, and various metrics are used to measure their effectiveness. However, it is difficult to assess when MTD techniques are used in combinations. In this paper, we propose a formal security assessment approach to evaluate the effectiveness of combined MTD techniques using security modeling. We use security metrics, such as System Risk and Reliability, to evaluate those MTD techniques. In particular, we investigate how the security of the cloud change when two categories of MTD techniques, Shuffle and Redundancy, are used in combinations. We also explore approaches to find important components in the cloud using Network Centrality Measures and the size of the cloud and evaluate the trade-off between security and dependability in terms of the system Risk and Reliability, respectively. We show that combining the shuffle and redundancy MTD techniques could enhance the security of the cloud with the trade-off between the Risk and Reliability, which can be managed using the proposed security assessment approach.

中文翻译：

---

评估云中 Shuffle 和 Redundancy MTD 技术的有效性

摘要 移动目标防御（Moving Target Defense，MTD）是一种通过不断移动攻击面来挫败对手的防御策略。MTD 技术可以应用于云计算，使云更不可预测，因此更难被利用。提出了许多 MTD 技术，并使用各种指标来衡量其有效性。但是，很难评估何时组合使用 MTD 技术。在本文中，我们提出了一种正式的安全评估方法，以使用安全建模来评估组合 MTD 技术的有效性。我们使用安全指标（例如系统风险和可靠性）来评估这些 MTD 技术。特别是，我们研究了当混合使用两类 MTD 技术（Shuffle 和 Redundancy）时云的安全性如何变化。我们还探索了使用网络中心性度量和云的大小在云中查找重要组件的方法，并分别在系统风险和可靠性方面评估安全性和可靠性之间的权衡。我们表明，将混洗和冗余 MTD 技术相结合可以通过风险和可靠性之间的权衡来增强云的安全性，这可以使用所提出的安全评估方法进行管理。