Modern distributed architectures are becoming increasingly heterogeneous and dynamic, expanding the attack surface and challenging traditional, static security mechanisms. To address these challenges, proactive defense approaches, and particularly Moving Target Defense (MTD), have been introduced to disrupt attackers by regularly modifying the system configuration — for instance, by randomizing network addresses, reallocating containers, or deploying decoy services. However, most existing strategies remain static, rely on a single defense mechanism, and ignore the underlying hardware state. In parallel, hardware-level countermeasures such as cache partitioning, randomization, and scheduling have been proposed against side-channel attacks, yet they are seldom integrated into the decision logic of orchestration frameworks.

The objective of this PhD is to design an adaptive MTD orchestration framework that is aware of the underlying hardware state, capable of dynamically adjusting defense strategies according to system load, performance, and observed vulnerability. The central idea is to feed a reinforcement learning (RL) agent with information derived from hardware performance counters and local security metrics linked to shared cache dynamics, enabling it to select the optimal combination of MTD strategies based on the current system context.

The expected contributions include the definition of a hardware-informed local security metric capturing cache behavior, the graph-based modeling of dependencies between services, resources, and attack surfaces, the design of a unified RL-based decision agent for adaptive MTD selection, and a multi-criteria evaluation (security, performance, energy) on a realistic automotive use case.

This thesis aims to bridge system-level and hardware-level perspectives to build trustworthy orchestrators capable of anticipating and adapting defenses against evolving threats, paving the way toward intelligent and hardware-aware proactive security in distributed systems.