Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

MAZE: a secure cloud storage service using Moving Target Defense and Secure Shell Protocol (SSH) tunneling

Xu, Vasco (2020) MAZE: a secure cloud storage service using Moving Target Defense and Secure Shell Protocol (SSH) tunneling. Undergraduate Thesis, University of Pittsburgh. (Unpublished)

This is the latest version of this item.

Download (591kB) | Preview


Cloud storage services have emerged as a popular destination for businesses and individuals to securely store documents due in part to being virtually accessible anywhere, anytime. However, cloud storage systems are static attack targets enabling attackers to thoroughly study the system without fear that their conclusions about the system would be rendered inaccurate. As such, computer security researchers began exploring techniques, known as Moving Target Defense (MTD), to turn distributed systems into moving targets. Whereas traditional defense mechanisms attempt to identify and cover system vulnerabilities, the underlying philosophy of MTD is that it is impossible to build perfectly secure systems. Instead, MTD techniques attempt to constantly change the attack surface in order to increase the cost (in terms of time and resources) and difficulty of executing successful attacks, in the first place. Current research in MTD, however, is lacking in implementations of MTD techniques on real systems (rather than just simulations).

This work presents MAZE, a secure cloud storage system in which the files to be protected (e.g., security keys, account numbers or passwords) are split into pieces and pseudo-randomly dispersed within a large, continuously-changing maze of computers. Hopping from one computer to another within MAZE is only possible by following timely created doors, which are implemented using Secure Shell Protocol (SSH) tunnels. At any computer, there can be many open doors, each leading to a different computer. In order to retrieve a file, the user has to follow a schedule that is provided by the MAZE service to authorized users only. The schedule informs the client of which doors to traverse through to retrieve all the pieces of the file. In addition, computers within MAZE have two refresh periods: the first restarts the computer and reloads the system software from a clean copy in order to thwart potentially ongoing attacks, and the second modifies the file pieces to become incompatible with the file pieces before modification. In order for attackers to successfully retrieve a file, they must retrieve all file pieces within the second refresh period. We implemented MAZE and performed a series of experiments that demonstrated the potential of an MTD-based cloud storage system in protecting against attackers while providing reasonable response time.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Xu, Vascovax1@pitt.eduvax1
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairKhattab,
Thesis AdvisorKhattab,
Committee MemberMossé,
Committee MemberBabay,
Committee MemberAl-Shaer,
Date: 2 December 2020
Date Type: Publication
Defense Date: 2 November 2020
Approval Date: 2 December 2020
Submission Date: 19 November 2020
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 66
Institution: University of Pittsburgh
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
David C. Frederick Honors College
Degree: BPhil - Bachelor of Philosophy
Thesis Type: Undergraduate Thesis
Refereed: Yes
Uncontrolled Keywords: Moving Target Defense, SSH Tunneling, Security, Cloud Storage Systems
Date Deposited: 02 Dec 2020 18:03
Last Modified: 02 Dec 2020 18:03

Available Versions of this Item

  • MAZE: a secure cloud storage service using Moving Target Defense and Secure Shell Protocol (SSH) tunneling. (deposited 02 Dec 2020 18:03) [Currently Displayed]


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item