A Security SLA-Driven Moving Target Defense Framework to Secure Cloud Applications

The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.