{"title":"Session details: MTD Modeling and Evaluation I (regular papers)","authors":"Xinming Ou","doi":"10.1145/3253884","DOIUrl":"https://doi.org/10.1145/3253884","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84224414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christopher Morrell, R. Moore, R. Marchany, J. Tront
This paper introduces a new method of securely exchanging information through a moving blind rendezvous by leveraging the size and distributed nature of BitTorrent Mainline Distributed Hash Table (DHT) in order to bootstrap a connection between nodes in a network layer moving target defense (MTD) system. Specifically we demonstrate an implementation of this scheme integrated with an existing MTD implemented in the IPv6 space: the Moving Target IPv6 Defense (MT6D). We show how MT6D peers can use this protocol to exchange configuration information, allowing them to locate other nodes as they move around the Internet, and how they can securely establish connections and related association parameters with no prior knowledge of the other party's network state. We require a minimal amount of pre-shared information between nodes; only that peers have access to public key information. This scheme enables mobility for peers within the MT6D protocol, allows dynamically changing configurations, and allows an MT6D server to scale to supporting many clients without a quadratic explosion in the number of secret keys which need to be maintained.
{"title":"DHT Blind Rendezvous for Session Establishment in Network Layer Moving Target Defenses","authors":"Christopher Morrell, R. Moore, R. Marchany, J. Tront","doi":"10.1145/2808475.2808477","DOIUrl":"https://doi.org/10.1145/2808475.2808477","url":null,"abstract":"This paper introduces a new method of securely exchanging information through a moving blind rendezvous by leveraging the size and distributed nature of BitTorrent Mainline Distributed Hash Table (DHT) in order to bootstrap a connection between nodes in a network layer moving target defense (MTD) system. Specifically we demonstrate an implementation of this scheme integrated with an existing MTD implemented in the IPv6 space: the Moving Target IPv6 Defense (MT6D). We show how MT6D peers can use this protocol to exchange configuration information, allowing them to locate other nodes as they move around the Internet, and how they can securely establish connections and related association parameters with no prior knowledge of the other party's network state. We require a minimal amount of pre-shared information between nodes; only that peers have access to public key information. This scheme enables mobility for peers within the MT6D protocol, allows dynamically changing configurations, and allows an MT6D server to scale to supporting many clients without a quadratic explosion in the number of secret keys which need to be maintained.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"107 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86839684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order to gain access and progress through a network. We assume that the attacker follows a probabilistic spreading process on the attack graph and that the defender can only partially observe the attacker's capabilities at any given time. This leads to the formulation of the defender's problem as a partially observable Markov decision process (POMDP). We define and compute optimal defender countermeasure policies, which describe the optimal countermeasure action to deploy given the current information.
{"title":"Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs","authors":"Erik Miehling, M. Rasouli, D. Teneketzis","doi":"10.1145/2808475.2808482","DOIUrl":"https://doi.org/10.1145/2808475.2808482","url":null,"abstract":"The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order to gain access and progress through a network. We assume that the attacker follows a probabilistic spreading process on the attack graph and that the defender can only partially observe the attacker's capabilities at any given time. This leads to the formulation of the defender's problem as a partially observable Markov decision process (POMDP). We define and compute optimal defender countermeasure policies, which describe the optimal countermeasure action to deploy given the current information.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"9 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77243728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marc Green, D. C. MacFarland, Doran R. Smestad, Craig A. Shue
The moving target defense (MTD) strategy allows defenders to limit the effectiveness of attacker reconnaissance and exploitation. Many academic works have created MTDs in different deployment environments. However, network-based MTDs (NMTDs) share key components and properties that determine their effectiveness. In this work, we identify and define seven properties common to NMTDs which are key to ensuring the effectiveness of the approach. We then evaluate four NMTD systems using these properties and found two or more key concerns for each of the systems. This analysis shows that these properties may help guide developers of new NMTD systems by guiding the evaluation of these systems and can be used by others as a rubric to assess the strengths and limitations of each NMTD approach.
{"title":"Characterizing Network-Based Moving Target Defenses","authors":"Marc Green, D. C. MacFarland, Doran R. Smestad, Craig A. Shue","doi":"10.1145/2808475.2808484","DOIUrl":"https://doi.org/10.1145/2808475.2808484","url":null,"abstract":"The moving target defense (MTD) strategy allows defenders to limit the effectiveness of attacker reconnaissance and exploitation. Many academic works have created MTDs in different deployment environments. However, network-based MTDs (NMTDs) share key components and properties that determine their effectiveness. In this work, we identify and define seven properties common to NMTDs which are key to ensuring the effectiveness of the approach. We then evaluate four NMTD systems using these properties and found two or more key concerns for each of the systems. This analysis shows that these properties may help guide developers of new NMTD systems by guiding the evaluation of these systems and can be used by others as a rubric to assess the strengths and limitations of each NMTD approach.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"8 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87339185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is our great pleasure to welcome you to the 2015 ACM Workshop on Moving Target Defense -- MTD'15. This year's MTD workshop continues its tradition of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, nincluding models, systems, applications, and theory. The mission of the symposium is to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and identify new directions for future research and development. ACRONYM gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. The call for papers attracted submissions from Asia, Europe, and United States. Submissions are from both industry and academia. The workshop received 19 submissions. Each submitted paper has at least 3 review comments from TPC members. The program committee reviewed and accepted the following: Full Technical Papers submitted 19, accepted 8 Short Experience Reports submitted 19, accepted 4 We also encourage attendees to attend the keynote and invited talk presentations. These valuable and insightful talks can and will guide us to a better understanding of the future: From Fine Grained Code Diversity to Execute-Only-Memory: The Cat and Mouse Game Between Attackers and Defenders Continues, Michael Franz, (University of California, Irvine) Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation, Hamed Okhravi (MIT Lincoln Laboratory))
{"title":"Proceedings of the Second ACM Workshop on Moving Target Defense","authors":"G. Cybenko, Dijiang Huang","doi":"10.1145/2808475","DOIUrl":"https://doi.org/10.1145/2808475","url":null,"abstract":"It is our great pleasure to welcome you to the 2015 ACM Workshop on Moving Target Defense -- MTD'15. This year's MTD workshop continues its tradition of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, nincluding models, systems, applications, and theory. The mission of the symposium is to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and identify new directions for future research and development. ACRONYM gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. \u0000 \u0000The call for papers attracted submissions from Asia, Europe, and United States. Submissions are from both industry and academia. The workshop received 19 submissions. Each submitted paper has at least 3 review comments from TPC members. The program committee reviewed and accepted the following: \u0000Full Technical Papers submitted 19, accepted 8 \u0000Short Experience Reports submitted 19, accepted 4 \u0000 \u0000 \u0000 \u0000We also encourage attendees to attend the keynote and invited talk presentations. These valuable and insightful talks can and will guide us to a better understanding of the future: \u0000From Fine Grained Code Diversity to Execute-Only-Memory: The Cat and Mouse Game Between Attackers and Defenders Continues, Michael Franz, (University of California, Irvine) \u0000Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation, Hamed Okhravi (MIT Lincoln Laboratory))","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"59 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76017259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alessandro Cabutto, P. Falcarin, Bert Abrath, Bart Coppens, B. D. Sutter
The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool.
{"title":"Software Protection with Code Mobility","authors":"Alessandro Cabutto, P. Falcarin, Bert Abrath, Bart Coppens, B. D. Sutter","doi":"10.1145/2808475.2808481","DOIUrl":"https://doi.org/10.1145/2808475.2808481","url":null,"abstract":"The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"16 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90546318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rui Zhuang, Alexandru G. Bardas, S. DeLoach, Xinming Ou
Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems -- an attacker's biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quantifying the impact of MTD systems on security, users, and attackers. To analyze this impact, both the concepts of MTD systems and cyber attacks must be formalized. While a theory of MTD systems was proposed in [18], this paper presents a theory of cyber attacks that supports the understanding and analysis of the interaction between MTD systems and the attacks they hope to thwart. The theory defines key concepts that support precise discussion of attacker knowledge, attack types, and attack instances. The paper also presents concrete examples to show how these definitions and concepts can be used in realistic scenarios.
{"title":"A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems","authors":"Rui Zhuang, Alexandru G. Bardas, S. DeLoach, Xinming Ou","doi":"10.1145/2808475.2808478","DOIUrl":"https://doi.org/10.1145/2808475.2808478","url":null,"abstract":"Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems -- an attacker's biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quantifying the impact of MTD systems on security, users, and attackers. To analyze this impact, both the concepts of MTD systems and cyber attacks must be formalized. While a theory of MTD systems was proposed in [18], this paper presents a theory of cyber attacks that supports the understanding and analysis of the interaction between MTD systems and the attacks they hope to thwart. The theory defines key concepts that support precise discussion of attacker knowledge, attack types, and attack instances. The paper also presents concrete examples to show how these definitions and concepts can be used in realistic scenarios.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84151516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, proactive strategies have received much attention as they make a system more dynamic and difficult to predict, therefore reducing the impact of adversary attacks. In this paper, we aim at modeling and evaluating the effectiveness of proactive cyber maneuvers to protect the critical path between a source-destination pair for mission operations in a mobile ad-hoc network (MANET) in the presence of an adversary. We propose a generic framework to analytically model cyber maneuvers and define their associated utilities. With the proposed framework, we develop the optimal solution to maximize the lifetime of the critical path with security assurance. We find that sufficient statistical information in the network is vital for the network defender to be proactive, choose the best cyber maneuvers to protect the critical path, and consequently outperform conventional reactive strategies. We also use simulations to validate the effectiveness of our solution.
{"title":"To Be Proactive or Not: A Framework to Model Cyber Maneuvers for Critical Path Protection in MANETs","authors":"Zhuo Lu, L. Marvel, Cliff X. Wang","doi":"10.1145/2808475.2808479","DOIUrl":"https://doi.org/10.1145/2808475.2808479","url":null,"abstract":"Recently, proactive strategies have received much attention as they make a system more dynamic and difficult to predict, therefore reducing the impact of adversary attacks. In this paper, we aim at modeling and evaluating the effectiveness of proactive cyber maneuvers to protect the critical path between a source-destination pair for mission operations in a mobile ad-hoc network (MANET) in the presence of an adversary. We propose a generic framework to analytically model cyber maneuvers and define their associated utilities. With the proposed framework, we develop the optimal solution to maximize the lifetime of the critical path with security assurance. We find that sufficient statistical information in the network is vital for the network defender to be proactive, choose the best cyber maneuvers to protect the critical path, and consequently outperform conventional reactive strategies. We also use simulations to validate the effectiveness of our solution.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"58 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78475156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and to update the diversification frequently during the execution of the program. This way, we can significantly reduce the time frame in which attackers can let a program leak useful address space information and subsequently use the leaked information in memory exploits. A proof of concept implementation is evaluated, showing that even though code is recompiled frequently, we can achieved smaller overheads than the previous state of the art, which generated diversity only once during the whole execution of a program.
{"title":"Adaptive Just-In-Time Code Diversification","authors":"Abhinav Jangda, Mohit Mishra, B. D. Sutter","doi":"10.1145/2808475.2808487","DOIUrl":"https://doi.org/10.1145/2808475.2808487","url":null,"abstract":"We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and to update the diversification frequently during the execution of the program. This way, we can significantly reduce the time frame in which attackers can let a program leak useful address space information and subsequently use the leaked information in memory exploits. A proof of concept implementation is evaluated, showing that even though code is recompiled frequently, we can achieved smaller overheads than the previous state of the art, which generated diversity only once during the whole execution of a program.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"8 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84215115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: MTD Modeling and Evaluation II","authors":"Zhou Lu","doi":"10.1145/3253887","DOIUrl":"https://doi.org/10.1145/3253887","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74123227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}