Semi-Random Leader Election for Distributed Moving Target Defense Coordination in Kubernetes

Abstract: In this Master’s thesis project, we developed a distributed version of an existing coordinator for moving target defense (MTD) in Kubernetes. Our prototype consists of an ensemble of coordinator candidates which run as containers in pods in the Kubernetes cluster themselves. The ensemble repeatedly elects a temporary leader which coordinates one target movement at a time. Elections are carried out over Apache ZooKeeper. Our election algorithm can be configured to mix a heuristic, CPU load, and randomness in any ratio beetween fully heuristic and fully random. From experiments, we conclude that the synchronization delay of the coordinator ensemble is not affected by varying degrees of randomness while artificial CPU load is added to some cluster nodes. Our approach adds replication and a dynamic component to the MTD coordinator, and it introduces failure recovery to a certain extent. It potentially opens new doors for a more robust MTD coordination in Kubernetes.