Xu, Vasco
(2020)
MAZE: a secure cloud storage service using Moving Target Defense and Secure Shell Protocol (SSH) tunneling.
Undergraduate Thesis, University of Pittsburgh.
(Unpublished)
This is the latest version of this item.
Abstract
Cloud storage services have emerged as a popular destination for businesses and individuals to securely store documents due in part to being virtually accessible anywhere, anytime. However, cloud storage systems are static attack targets enabling attackers to thoroughly study the system without fear that their conclusions about the system would be rendered inaccurate. As such, computer security researchers began exploring techniques, known as Moving Target Defense (MTD), to turn distributed systems into moving targets. Whereas traditional defense mechanisms attempt to identify and cover system vulnerabilities, the underlying philosophy of MTD is that it is impossible to build perfectly secure systems. Instead, MTD techniques attempt to constantly change the attack surface in order to increase the cost (in terms of time and resources) and difficulty of executing successful attacks, in the first place. Current research in MTD, however, is lacking in implementations of MTD techniques on real systems (rather than just simulations).
This work presents MAZE, a secure cloud storage system in which the files to be protected (e.g., security keys, account numbers or passwords) are split into pieces and pseudo-randomly dispersed within a large, continuously-changing maze of computers. Hopping from one computer to another within MAZE is only possible by following timely created doors, which are implemented using Secure Shell Protocol (SSH) tunnels. At any computer, there can be many open doors, each leading to a different computer. In order to retrieve a file, the user has to follow a schedule that is provided by the MAZE service to authorized users only. The schedule informs the client of which doors to traverse through to retrieve all the pieces of the file. In addition, computers within MAZE have two refresh periods: the first restarts the computer and reloads the system software from a clean copy in order to thwart potentially ongoing attacks, and the second modifies the file pieces to become incompatible with the file pieces before modification. In order for attackers to successfully retrieve a file, they must retrieve all file pieces within the second refresh period. We implemented MAZE and performed a series of experiments that demonstrated the potential of an MTD-based cloud storage system in protecting against attackers while providing reasonable response time.
Share
| Citation/Export: |
|
| Social Networking: |
|
Details
| Item Type: |
University of Pittsburgh ETD
|
| Status: |
Unpublished |
| Creators/Authors: |
|
| ETD Committee: |
|
| Date: |
2 December 2020 |
| Date Type: |
Publication |
| Defense Date: |
2 November 2020 |
| Approval Date: |
2 December 2020 |
| Submission Date: |
19 November 2020 |
| Access Restriction: |
No restriction; Release the ETD for access worldwide immediately. |
| Number of Pages: |
66 |
| Institution: |
University of Pittsburgh |
| Schools and Programs: |
Dietrich School of Arts and Sciences > Computer Science
David C. Frederick Honors College |
| Degree: |
BPhil - Bachelor of Philosophy |
| Thesis Type: |
Undergraduate Thesis |
| Refereed: |
Yes |
| Uncontrolled Keywords: |
Moving Target Defense, SSH Tunneling, Security, Cloud Storage Systems |
| Date Deposited: |
02 Dec 2020 18:03 |
| Last Modified: |
02 Dec 2020 18:03 |
| URI: |
http://d-scholarship.pitt.edu/id/eprint/39914 |
Available Versions of this Item
-
MAZE: a secure cloud storage service using Moving Target Defense and Secure Shell Protocol (SSH) tunneling. (deposited 02 Dec 2020 18:03)
[Currently Displayed]
Metrics
Monthly Views for the past 3 years
Plum Analytics
Actions (login required)
 |
View Item |
![[feed]](/images/feed-icon-32x32.png){kind=icon}