{"title":"Proceedings of the 5th ACM Workshop on Moving Target Defense","authors":"","doi":"10.1145/3268966","DOIUrl":"https://doi.org/10.1145/3268966","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"29 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78138120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Daniel Fraunholz, Daniel Reti, S. D. Antón, H. Schotten
Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.
{"title":"Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services","authors":"Daniel Fraunholz, Daniel Reti, S. D. Antón, H. Schotten","doi":"10.1145/3268966.3268973","DOIUrl":"https://doi.org/10.1145/3268966.3268973","url":null,"abstract":"Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"2016 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86351459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hooman Alavizadeh, Jin B. Hong, Julian Jang, Dong Seong Kim
Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there is still a lack of systematic evaluation methods for assessing the effectiveness of the proposed MTD techniques, especially when multiple MTD techniques are to be used in combinations. In this paper, we aim to address the aforementioned issue by proposing an approach for modeling and analysis of MTD techniques. We consider four security metrics: system risk, attack cost, return on attack, and availability to quantify the security of the cloud before and after deploying MTD techniques. Moreover, we propose a Diversity MTD technique to deploy OS diversification with various variants on multiple VMs and also combined Shuffle, Diversity, and Redundancy MTD techniques to improve the security of the cloud. We analyze the security metrics before and after deploying the proposed techniques to show the effectiveness of them. We also utilize importance measures based on network centrality measures into security analysis phase to improve the scalability of the MTD evaluation.
{"title":"Comprehensive Security Assessment of Combined MTD Techniques for the Cloud","authors":"Hooman Alavizadeh, Jin B. Hong, Julian Jang, Dong Seong Kim","doi":"10.1145/3268966.3268967","DOIUrl":"https://doi.org/10.1145/3268966.3268967","url":null,"abstract":"Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there is still a lack of systematic evaluation methods for assessing the effectiveness of the proposed MTD techniques, especially when multiple MTD techniques are to be used in combinations. In this paper, we aim to address the aforementioned issue by proposing an approach for modeling and analysis of MTD techniques. We consider four security metrics: system risk, attack cost, return on attack, and availability to quantify the security of the cloud before and after deploying MTD techniques. Moreover, we propose a Diversity MTD technique to deploy OS diversification with various variants on multiple VMs and also combined Shuffle, Diversity, and Redundancy MTD techniques to improve the security of the cloud. We analyze the security metrics before and after deploying the proposed techniques to show the effectiveness of them. We also utilize importance measures based on network centrality measures into security analysis phase to improve the scalability of the MTD evaluation.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"209 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89735151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dieudonne Mulamba, A. Amarnath, Bruhadeshwar Bezawada, I. Ray
Protection of security-critical services, such as access-control reference monitors, is an important requirement in the modern era of distributed systems and services. The threat arises from hosting the service on a single server for a lengthy period of time, which allows the attacker to periodically enumerate the vulnerabilities of the service with respect to the server's configuration and launch targeted attacks on the service. In our work, we design and implement an efficient solution based on the moving "target" defense strategy, to protect security-critical services against such active adversaries. Specifically, we focus on implementing our solution for protecting the reference monitor service that enforces access control for users requesting access to sensitive resources. The key intuition of our approach is to increase the level of difficulty faced by the attacker to compromise a service by periodically moving the security-critical service among a group of heterogeneous servers. For this approach to be practically feasible, the movement of the service should be efficient and random, i.e., the attacker should not have a-priori information about the choice of the next server hosting the service. Towards this, we describe an efficient Byzantine fault-tolerant leader election protocol that achieves the desired security and performance objectives. We built a prototype implementation that moves the access control service randomly among a group of fifty servers within a time range of 250-440 ms. We show that our approach tolerates Byzantine behavior of servers, which ensures that a server under adversarial control has no additional advantage of being selected as the next active server.
{"title":"A Secure Hash Commitment Approach for Moving Target Defense of Security-critical Services","authors":"Dieudonne Mulamba, A. Amarnath, Bruhadeshwar Bezawada, I. Ray","doi":"10.1145/3268966.3268969","DOIUrl":"https://doi.org/10.1145/3268966.3268969","url":null,"abstract":"Protection of security-critical services, such as access-control reference monitors, is an important requirement in the modern era of distributed systems and services. The threat arises from hosting the service on a single server for a lengthy period of time, which allows the attacker to periodically enumerate the vulnerabilities of the service with respect to the server's configuration and launch targeted attacks on the service. In our work, we design and implement an efficient solution based on the moving \"target\" defense strategy, to protect security-critical services against such active adversaries. Specifically, we focus on implementing our solution for protecting the reference monitor service that enforces access control for users requesting access to sensitive resources. The key intuition of our approach is to increase the level of difficulty faced by the attacker to compromise a service by periodically moving the security-critical service among a group of heterogeneous servers. For this approach to be practically feasible, the movement of the service should be efficient and random, i.e., the attacker should not have a-priori information about the choice of the next server hosting the service. Towards this, we describe an efficient Byzantine fault-tolerant leader election protocol that achieves the desired security and performance objectives. We built a prototype implementation that moves the access control service randomly among a group of fifty servers within a time range of 250-440 ms. We show that our approach tolerates Byzantine behavior of servers, which ensures that a server under adversarial control has no additional advantage of being selected as the next active server.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84152154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart
Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.
{"title":"Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms","authors":"Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart","doi":"10.1145/3268966.3268974","DOIUrl":"https://doi.org/10.1145/3268966.3268974","url":null,"abstract":"Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91228281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Daniel Fraunholz, Daniel Krohmer, S. D. Antón, H. Schotten
In this paper, a framework for Moving Target Defense is introduced. This framework bases on three pillars: network address mutation, communication stack randomization and the dynamic deployment of decoys. The network address mutation is based on the concept of domain generation algorithms, where different features are included to fulfill the system requirements. Those requirements are time dependency, unpredictability and determinism. Communication stack randomization is applied additionally to increase the complexity of reconnaissance activity. By employing communication stack randomization, previously fingerprinted systems do not only differ in the network address but also in their communication pattern behavior. And finally, decoys are integrated into the proposed framework to detect attackers that have breached the perimeter. Furthermore, attacker's resources can be bound by interacting with the decoy systems. Additionally, the framework can be extended with more advanced Moving Target Defense methods such as obscuring port numbers of services.
{"title":"Catch Me If You Can: Dynamic Concealment of Network Entities","authors":"Daniel Fraunholz, Daniel Krohmer, S. D. Antón, H. Schotten","doi":"10.1145/3268966.3268970","DOIUrl":"https://doi.org/10.1145/3268966.3268970","url":null,"abstract":"In this paper, a framework for Moving Target Defense is introduced. This framework bases on three pillars: network address mutation, communication stack randomization and the dynamic deployment of decoys. The network address mutation is based on the concept of domain generation algorithms, where different features are included to fulfill the system requirements. Those requirements are time dependency, unpredictability and determinism. Communication stack randomization is applied additionally to increase the complexity of reconnaissance activity. By employing communication stack randomization, previously fingerprinted systems do not only differ in the network address but also in their communication pattern behavior. And finally, decoys are integrated into the proposed framework to detect attackers that have breached the perimeter. Furthermore, attacker's resources can be bound by interacting with the decoy systems. Additionally, the framework can be extended with more advanced Moving Target Defense methods such as obscuring port numbers of services.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"59 22 Suppl 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83956882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD provides an effective defense against the entire range of possible threats. One of the challenges facing MTD quantification efforts is predicting the cumulative effect of implementing multiple MTDs. We present a scenario where two MTDs are deployed in an experimental testbed created to model a realistic use case. This is followed by a probabilistic analysis of the effectiveness of both MTDs against a multi-step attack, along with the MTDs' impact on availability to legitimate users. Our work is essential to providing decision makers with the knowledge to make informed choices regarding cyber defense.
{"title":"Analysis of Concurrent Moving Target Defenses","authors":"W. Connell, L. Pham, Samuel Philip","doi":"10.1145/3268966.3268972","DOIUrl":"https://doi.org/10.1145/3268966.3268972","url":null,"abstract":"While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD provides an effective defense against the entire range of possible threats. One of the challenges facing MTD quantification efforts is predicting the cumulative effect of implementing multiple MTDs. We present a scenario where two MTDs are deployed in an experimental testbed created to model a realistic use case. This is followed by a probabilistic analysis of the effectiveness of both MTDs against a multi-step attack, along with the MTDs' impact on availability to legitimate users. Our work is essential to providing decision makers with the knowledge to make informed choices regarding cyber defense.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"32 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87234696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 3: Protection of Critical Services against Advanced Threats","authors":"V. Casola","doi":"10.1145/3285947","DOIUrl":"https://doi.org/10.1145/3285947","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76915767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Using Software-defined Networks in wide area (SDN-WAN) has been strongly emerging in the past years. Due to scalability and economical reasons, SDN-WAN mostly uses an in-band control mechanism, which implies that control and data sharing the same critical physical links. However, the in-band control and centralized control architecture can be exploited by attackers to launch distributed denial of service (DDoS) on SDN control plane by flooding the shared links and/or the Open flow agents. Therefore, constructing a resilient software designed network requires dynamic isolation and distribution of the control flow to minimize damage and significantly increase attack cost. Existing solutions fall short to address this challenge because they require expensive extra dedicated resources or changes in OpenFlow protocol. In this paper, we propose a moving target technique called REsilient COntrol Network architecture (ReCON) that uses the same SDN network resources to defend SDN control plane dynamically against the DDoS attacks. ReCON essentially, (1) minimizes the sharing of critical resources among data and control traffic, and (2) elastically increases the limited capacity of the software control agents on-demand by dynamically using the under-utilized resources from within the same SDN network. To implement a practical solution, we formalize ReCON as a constraints satisfaction problem using Satisfiability Modulo Theory (SMT) to guarantee a correct-by-construction control plan placement that can handle dynamic network conditions.
{"title":"In-design Resilient SDN Control Plane and Elastic Forwarding Against Aggressive DDoS Attacks","authors":"F. Gillani, E. Al-Shaer, Qi Duan","doi":"10.1145/3268966.3268968","DOIUrl":"https://doi.org/10.1145/3268966.3268968","url":null,"abstract":"Using Software-defined Networks in wide area (SDN-WAN) has been strongly emerging in the past years. Due to scalability and economical reasons, SDN-WAN mostly uses an in-band control mechanism, which implies that control and data sharing the same critical physical links. However, the in-band control and centralized control architecture can be exploited by attackers to launch distributed denial of service (DDoS) on SDN control plane by flooding the shared links and/or the Open flow agents. Therefore, constructing a resilient software designed network requires dynamic isolation and distribution of the control flow to minimize damage and significantly increase attack cost. Existing solutions fall short to address this challenge because they require expensive extra dedicated resources or changes in OpenFlow protocol. In this paper, we propose a moving target technique called REsilient COntrol Network architecture (ReCON) that uses the same SDN network resources to defend SDN control plane dynamically against the DDoS attacks. ReCON essentially, (1) minimizes the sharing of critical resources among data and control traffic, and (2) elastically increases the limited capacity of the software control agents on-demand by dynamically using the under-utilized resources from within the same SDN network. To implement a practical solution, we formalize ReCON as a constraints satisfaction problem using Satisfiability Modulo Theory (SMT) to guarantee a correct-by-construction control plan placement that can handle dynamic network conditions.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"148 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77372427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: