Moving Target Defense for Cloud-Native Applications

The proliferation of cloud-native applications has sparked significant interest across various sectors. As these methodologies gain traction, they introduce a transformative shift within the cloud computing landscape. At the forefront of this shift is the synergy between container technology and microservice architecture, promising to significantly enhance both efficiency and agility across industries. Nonetheless, this transformation also adds complexity and enlarges the system attack surface, introducing additional vulnerabilities susceptible to being exploited by well-informed and resourceful attackers, especially in case of static defense techniques. To address these challenges, we propose a Moving Target Defense (MTD) approach, which proactively intervenes on the lifecycle of cloud-native application components. Such dynamicity serves as deterrent to potential adversaries, making persistence harder, lowering the effectiveness of automated attack tools, and increasing overall complexity and cost. We detail a step-by-step path, ranging from simple to advanced MTD techniques, targeting both stateless and stateful applications within a cloud-native environment. We evaluate these strategies and demonstrate that they effectively mitigate different types of attacks (e.g., Denial of service (DoS), lateral movement, reconnaissance, etc.) with minimal resource overhead and without causing service interruptions during normal system operation.