Cloud storage services have emerged as a popular destination for businesses and individuals to securely store documents due in part to being virtually accessible anywhere, anytime. However, cloud storage systems are static attack targets enabling attackers to thoroughly study the system without fear that their conclusions about the system would be rendered inaccurate. As such, computer security researchers began exploring techniques, known as Moving Target Defense (MTD), to turn distributed systems into moving targets. Whereas traditional defense mechanisms attempt to identify and cover system vulnerabilities, the underlying philosophy of MTD is that it is impossible to build perfectly secure systems. Instead, MTD techniques attempt to constantly change the attack surface in order to increase the cost (in terms of time and resources) and difficulty of executing successful attacks, in the first place. Current research in MTD, however, is lacking in implementations of MTD techniques on real systems (rather than just simulations).
This work presents MAZE, a secure cloud storage system in which the files to be protected (e.g., security keys, account numbers or passwords) are split into pieces and pseudo-randomly dispersed within a large, continuously-changing maze of computers. Hopping from one computer to another within MAZE is only possible by following timely created doors, which are implemented using Secure Shell Protocol (SSH) tunnels. At any computer, there can be many open doors, each leading to a different computer. In order to retrieve a file, the user has to follow a schedule that is provided by the MAZE service to authorized users only. The schedule informs the client of which doors to traverse through to retrieve all the pieces of the file. In addition, computers within MAZE have two refresh periods: the first restarts the computer and reloads the system software from a clean copy in order to thwart potentially ongoing attacks, and the second modifies the file pieces to become incompatible with the file pieces before modification. In order for attackers to successfully retrieve a file, they must retrieve all file pieces within the second refresh period. We implemented MAZE and performed a series of experiments that demonstrated the potential of an MTD-based cloud storage system in protecting against attackers while providing reasonable response time
