الفهرس 
INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 85 |  |  |
| | | from | 85 | | |
Abstract
Federated clouds are interconnected cooperative cloud infrastructures offering vast hosting capabilities, smooth workload migration, and enhanced reliability. However, recent devastating attacks on such clouds have shown that such features come with serious security challenges. The oblivious heterogeneous construction, management, and policies employed in federated clouds open the door for attackers to induce conflicts to facilitate pervasive coordinated attacks. Attacks like cross-side channel attacks are considered one of the challenges facing federated clouds. Securing users’ capsules (Virtual Machines and containers) against cross-side channel attacks is considered a big challenge to cloud service providers. Moving- target Defense (MtD) is a way to overcome the co-residency attack by frequently changing the user’s capsule position. However, the migrated capsule can still be tracked with the information of its IP. In this thesis, a proactive defense strategy and moving target defense solution with transparent trustworthy management was proposed. The presented framework relies on Blockchain technology to facilitate dynamic cross clouds and cross-layer management of the cloud virtual infrastructure for real-time moving target defense. The presented mechanism relies on the Vulnerable, Exposed, Attacked, and Recovered (VEAR) model to evaluate the risk of known attacks on targeted machines dynamically and in real-time. The system relies on an informed dynamic risk assessment mechanism driving the framework’s decision-making engines to drive the defense provisioning process. The same approach is used to evaluate the defense provisioning process as well. The presented systemic approach acts as a VM management platform with an intrinsic multidimensional hierarchical attack representation model (HARM) guiding a dynamic, self and situation- aware VM live migration for moving-target defense (MtD). The proposed system managed to achieve the proposed goals in a resource, energy, and cost-efficient manner. To facilitate defense provisioning, the framework is equipped with a novel set of system manipulation tools that we managed to design to reprogram the system characteristics to offer large-scale hard-to-track operations to evade attacker attempts to search and exploit exposed vulnerabilities. Former works showed that the main challenge facing moving target defense mechanisms in computing clouds is concealing network information from attacker scanning tools. Such information can easily guide attack tools to their target and thwart MtD efforts. To address such a challenge, a novel blockchain-based dynamic routing mechanism that offers an untrackable comprehensive data exchange routing protocol for federated cloud-hosted VMs/capsules was designed and implemented. With our novel routing mechanism, and the cross-clouds VM/capsule migration suit that we managed to design the framework was able to enable efficient and effective Moving target defense for federated clouds. Simulation results show the Blockchain Moving-target Defense (BMtD) effectiveness in decreasing the number of attacked users’ capsules in presence of persistent pervasive attacks. The security evaluation showed the impact of applying an adaptive moving-target defense model relying on a self- and situation-aware decision-making mechanism to enhance security measurement levels, depending on the exposed vulnerability, while efficiently utilizing the host resources. Future work will include applying machine learning techniques to guide the migration decision-making process.