Air Force

Moving target defense for cloud networks

Continual self-destruction and reincarnation of cloud-based virtual machines offers a proactive defense to hacking attacks

Software & Information Technology

The Air Force Research Laboratory has invented an ingenious strategy to protect computer networks. The technology is available to businesses or entrepreneurs that would integrate it into new products or services.

Sophisticated cyberattacks are particularly acute on distributed, cloud-based networks. The traditional defensive security strategy is to use techniques such as perimeter-based firewalls, redundancy and replications, and encryption.

Air Force scientist Noor Ahmed has addressed the problem of malicious computer attacks on cloud networks with a proactive strategy of self-destruction and reincarnation of virtual machines (VMs), which are randomly destroyed and replaced.

The replacement VMs may be created on a different hardware platform with a different operating system. Attacks that begin on a destroyed machine are not likely to spread onto the replacement. Attacks are monitored at the hypervisor level of the cloud software.

This strategy in combination with sophisticated attack monitoring schemes reduces or eliminates the need to keep one step ahead of sophisticated attacks.

The Moving Target Defense (MTD) increases the cost of an attack on a system and lowers the likelihood of success and the perceived benefit of compromising it. This goal is achieved by controlling a VMs exposure window of an attack by partitioning its runtime execution in time intervals, allowing VMs to run only with a predefined lifespan (as low as a minute) on heterogeneous platforms (i.e., different operating systems), while pro-actively monitoring their runtime below the operating system.

Do you have questions or need more information on a specific technology? Let's talk.

Contact Us