Microservice Security Framework for IoT by Mimic Defense Mechanism

Ying, Fei; Zhao, Shengjie; Deng, Hao

doi:10.3390/s22062418

Cited by 8 publications

(4 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, the incorrectly patched software containers may determine vulnerable microservices. Ying et al [46] proposed a system to enhance container-side security models, which concern unknown attack patterns related to a "mimic defence network". Thus, a set of resources regarding attack pattern images was created.…”

Section: Software Platformsmentioning

confidence: 99%

Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System Architecture

Aldea,

Bocu,

Solca

2023

Symmetry

View full text Add to dashboard Cite

The theoretical and practical progress that has occurred in the field of computer networks during the past fifteen years has enhanced the economical efficiency and social relevance of related real-world use cases. Nevertheless, this ubiquitous usage has also introduced numerous security risks. Therefore, monitoring hardware and software resources represents one of the main instruments used in order to prevent potential attacks and to ensure the security and reliability of a network. Various solutions have been reported in the related scientific literature. In essence, most of the existing approaches are not suitable to implement a real-time hardware monitoring and management solution, particularly in heterogeneous networks. Therefore, the main contribution of this paper is represented by an architectural and implementational model, which is effective in order to build an interconnected system that can help system and network administrators to secure a network. This requirement is met by considering symmetrical design and implementation features related to various operating systems. Thus, the existing symmetrical relationships among identified parameters allow for the data to be wrapped into the same custom network packages, which are transported over the communication medium or are stored using the same data structures or tables. The system has been thoroughly assessed considering several real-world use case scenarios, and the results demonstrate that the proposed model can be applied to software-defined networks, which can be protected by relevant intrusion detection systems (IDS).

show abstract

Section: Software Platformsmentioning

confidence: 99%

Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System Architecture

Aldea,

Bocu,

Solca

2023

Symmetry

View full text Add to dashboard Cite

show abstract

“…Although some existing contributions aim to reduce the implied security risks using vulnerability detection tools, outdated databases prevent a proper detection process to occur on newly published vulnerabilities. The research work reported in [ 47 ] describes a system intended to enhance container-side security models, which targets unknown attack patterns using a "mimic defence network". More precisely, a resource pool that contains attack pattern images is built.…”

Section: Relevant Existing Contributionsmentioning

confidence: 99%

Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile Networks

Aldea

Bocu

Vasilescu

2022

Sensors

View full text Add to dashboard Cite

The design and implementation of secure IoT platforms and software solutions represent both a required functional feature and a performance acceptance factor nowadays. This paper describes relevant cybersecurity problems considered during the proposed microservices architecture development. Service composition mechanisms and their security are affected by the underlying hardware components and networks. The overall speedup of the platforms, which are implemented using the new 5G networks, and the capabilities of new performant IoT devices may be wasted by an inadequate combination of authentication services and security mechanisms, by the architectural misplacing of the encryption services, or by the inappropriate subsystems scaling. Considering the emerging microservices platforms, the Spring Boot alternative is used to implement data generation services, IoT sensor reading services, IoT actuators control services, and authentication services, and ultimately assemble them into a secure microservices architecture. Furthermore, considering the designed architecture, relevant security aspects related to the medical and energy domains are analyzed and discussed. Based on the proposed architectural concept, it is shown that well-designed and orchestrated architectures that consider the proper security aspects and their functional influence can lead to stable and secure implementations of the end user’s software platforms.

show abstract

“…Mimic defense 24 The scheme is based on the cloud with a container environment using Kubernetes native environment.…”

Section: Misery Diagraph 10mentioning

confidence: 99%

“…Similarly, it is displayed that proxy servers can be focused on specific proxy‐related attacks, that is, proxy harvesting, which needs nonstop remapping to interrupt the attacks 23 . The authors in Reference 24 proposed a mechanism for the enhancement of microservices security using the mimic defensive framework based on the MTD mechanism. They created a resource pool with different images and observed the inconsistency in the execution outcomes.…”

Section: Related Workmentioning

confidence: 99%

Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense

Hyder

Ahmed

2022

Concurrency and Computation

View full text Add to dashboard Cite

The container-based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container-based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost. K E Y W O R D Scontainerization, intrusion attacks, Kubernetes, moving target defense, virtual private cloud INTRODUCTIONContainerize technology has been introduced as an alternative to virtualization technology (VM). In the last few years, 1 the approach to set up the application in a container then the VM was widely accepted by companies around the world and adopted in the cloud environment. This containerized technology provides many benefits like lightweight, short startup time, and lower virtualization overhead. 2,3 In a cloud environment, the remote code execution attack is used to exploit the network for delivering the payload (malicious code) to the host OS. The attacker used some JavaScript-based code to exploit the vulnerable application to modify the authentication policy and gain access to the host operating system. The remote code execution method is harmful where the attacker scans for the target within the cloud virtual network.The attacker compromises the edge host facing the public Internet to get access and scan for other hosts within that virtual network. From that compromise entry point, attacker performs a series of attacks to search for the asset and follow the simple attack path to reach the target which is normally a database server. Which in most scenarios are isolated from the public Internet. The attacker repeats the attacks to find the path toward the target to reach the target server. 4 In a cloud network architecture, the successful attack requires only a few steps to reach from the edge host to Muhammad Faraz Hyder, Waqas Ahmed, and Maaz Ahmed contributed equally to this study.

show abstract

Microservice Security Framework for IoT by Mimic Defense Mechanism

Cited by 8 publications

References 35 publications

Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System Architecture

Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System Architecture

Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile Networks

Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense

Contact Info

Product

Resources

About