By nature, cloud computing systems are static, homogenous entities. They consist of multiple layers of hardware and software resources. These resources are organized into stacks which provide services to end users. Many service stacks are built from a single template. As a result, they consist of identical resources with identical configurations. This gives potential attackers the asymmetric advantage of attack surface predictability. The lack of diversity means that potential exploitations can be replicated across a multitude of identical service stacks. It makes the cloud attack surface easy to infiltrate and compromise. To counter these risks, this research develops a method for implementing diversity defenses in cloud computing systems. The goal of the diversity defense is to present attackers with a varying and unpredictable attack surface, making it harder to predict the effect of malicious behavior. The proposed defense varies the configuration of cloud service stacks and boosts cloud resilience.
Download Full PDF Version (Non-Commercial Use)