This talk will cover two topics, namely, modeling and design of Moving Target Defense (MTD), and DIFT games for modeling Advanced Persistent Threats (APTs). We will first present a game-theoretic approach to characterizing the trade-off between resource efficiency and defense effectiveness in decoy- and randomization-based MTD. We will then address the game formulation for APTs. APTs are mounted by intelligent and resourceful adversaries who gain access to a targeted system and gather information over an extended period of time. APTs consist of multiple stages, including initial system compromise, privilege escalation, and data exfiltration, each of which involves strategic interaction between the APT and the targeted system. While this interaction can be viewed as a game, the stealthiness, adaptiveness, and unpredictability of APTs imply that the information structure of the game and the strategies of the APT are not readily available. Our approach to modeling APTs is based on the insight that the persistent nature of APTs creates information flows in the system that can be monitored. One monitoring mechanism is Dynamic Information Flow Tracking (DIFT), which taints and tracks malicious information flows through a system and inspects the flows at designated traps. Since tainting all flows in the system will incur significant memory and storage overhead, efficient tagging policies are needed to maximize the probability of detecting the APT while minimizing resource costs. In this work, we develop a multi-stage stochastic game framework for modeling the interaction between an APT and a DIFT, as well as designing an efficient DIFT-based defense. Our model is grounded on APT data gathered using the Refinable Attack Investigation (RAIN) flow-tracking framework. We present the current state of our formulation, insights that it provides on designing effective defenses against APTs, and directions for future work.
本次演讲将涵盖两个主题,即移动目标防御(MTD)的建模和设计,以及用于建模高级持续威胁(apt)的DIFT游戏。我们将首先提出一种博弈论方法来表征基于诱饵和随机化的MTD中资源效率和防御有效性之间的权衡。然后我们将讨论apt的游戏公式。apt是由聪明且足智多谋的攻击者安装的,他们可以访问目标系统并在很长一段时间内收集信息。APT由多个阶段组成,包括初始系统入侵、特权升级和数据泄露,每个阶段都涉及APT与目标系统之间的战略交互。虽然这种互动可以被视为一种游戏,但APT的隐蔽性、适应性和不可预测性意味着游戏的信息结构和APT的策略并不容易获得。我们对apt建模的方法是基于apt的持久性在系统中创建信息流的洞察力,这些信息流可以被监控。一种监测机制是动态信息流跟踪(Dynamic Information Flow Tracking, DIFT),它可以污染和跟踪系统中的恶意信息流,并在指定的陷阱处检查信息流。由于污染系统中的所有流将导致大量内存和存储开销,因此需要有效的标记策略来最大化检测APT的概率,同时最小化资源成本。在这项工作中,我们开发了一个多阶段随机博弈框架,用于模拟APT和DIFT之间的相互作用,并设计了一个有效的基于DIFT的防御。我们的模型基于使用可细化攻击调查(RAIN)流跟踪框架收集的APT数据。我们介绍了我们的配方的当前状态,它提供了设计有效防御apt的见解,以及未来工作的方向。
{"title":"Dynamic Defense against Adaptive and Persistent Adversaries","authors":"R. Poovendran","doi":"10.1145/3268966.3268977","DOIUrl":"https://doi.org/10.1145/3268966.3268977","url":null,"abstract":"This talk will cover two topics, namely, modeling and design of Moving Target Defense (MTD), and DIFT games for modeling Advanced Persistent Threats (APTs). We will first present a game-theoretic approach to characterizing the trade-off between resource efficiency and defense effectiveness in decoy- and randomization-based MTD. We will then address the game formulation for APTs. APTs are mounted by intelligent and resourceful adversaries who gain access to a targeted system and gather information over an extended period of time. APTs consist of multiple stages, including initial system compromise, privilege escalation, and data exfiltration, each of which involves strategic interaction between the APT and the targeted system. While this interaction can be viewed as a game, the stealthiness, adaptiveness, and unpredictability of APTs imply that the information structure of the game and the strategies of the APT are not readily available. Our approach to modeling APTs is based on the insight that the persistent nature of APTs creates information flows in the system that can be monitored. One monitoring mechanism is Dynamic Information Flow Tracking (DIFT), which taints and tracks malicious information flows through a system and inspects the flows at designated traps. Since tainting all flows in the system will incur significant memory and storage overhead, efficient tagging policies are needed to maximize the probability of detecting the APT while minimizing resource costs. In this work, we develop a multi-stage stochastic game framework for modeling the interaction between an APT and a DIFT, as well as designing an efficient DIFT-based defense. Our model is grounded on APT data gathered using the Refinable Attack Investigation (RAIN) flow-tracking framework. We present the current state of our formulation, insights that it provides on designing effective defenses against APTs, and directions for future work.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"31 11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89745650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As evidenced by numerous high-profile security incidents such as the Target data breach and the Equifax hack, APTs (Advanced Persistent Threats) can significantly compromise the trustworthiness of cyber space. This work explores how to improve the effectiveness of cyber deception in hardening FTP (File Transfer Protocol) services against APTs. The main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment. To achieve deception consistency, we use logic constraints to characterize an attacker's best knowledge (either positive, negative, or uncertain). When migrating the attacker's FTP connection into a contained environment, we use these logic constraints to instantiate a new FTP file system that is guaranteed free of inconsistency. We performed deception experiments with student participants who just completed a computer security course. Following the design of Turing tests, we find that the participants' chances of recognizing deceptive environments are close to random guesses. Our experiments also confirm the importance of observation consistency in identifying deception.
{"title":"Ensuring Deception Consistency for FTP Services Hardened against Advanced Persistent Threats","authors":"Zhan Shu, Guanhua Yan","doi":"10.1145/3268966.3268971","DOIUrl":"https://doi.org/10.1145/3268966.3268971","url":null,"abstract":"As evidenced by numerous high-profile security incidents such as the Target data breach and the Equifax hack, APTs (Advanced Persistent Threats) can significantly compromise the trustworthiness of cyber space. This work explores how to improve the effectiveness of cyber deception in hardening FTP (File Transfer Protocol) services against APTs. The main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment. To achieve deception consistency, we use logic constraints to characterize an attacker's best knowledge (either positive, negative, or uncertain). When migrating the attacker's FTP connection into a contained environment, we use these logic constraints to instantiate a new FTP file system that is guaranteed free of inconsistency. We performed deception experiments with student participants who just completed a computer security course. Following the design of Turing tests, we find that the participants' chances of recognizing deceptive environments are close to random guesses. Our experiments also confirm the importance of observation consistency in identifying deception.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"65 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90449486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano
The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.
云服务在许多业务领域的大量采用极大地增加了对有效解决方案的需求,以改进已部署服务的安全性。采用安全服务水平协议(Security Service Level Agreements,简称sla)是一种有效的解决方案,可以正式声明云服务能够提供的安全保证。即使在部署和启动服务之前正确实现了服务提供者声明的安全策略,实际的安全级别也会随着时间的推移而降低,因为攻击者逐渐能够获得暴露的攻击面上的知识。在本文中,我们提出了一个安全SLA驱动的MTD框架,该框架允许通过在不同可接受的应用程序配置之间自动切换来将MTD策略应用于云应用程序,以便混淆攻击者并使其侦察工作无效,同时在重新配置中保留应用程序安全SLA。
{"title":"A Security SLA-Driven Moving Target Defense Framework to Secure Cloud Applications","authors":"V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano","doi":"10.1145/3268966.3268975","DOIUrl":"https://doi.org/10.1145/3268966.3268975","url":null,"abstract":"The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"44 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74951222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Keynote","authors":"Massimiliano Albanese","doi":"10.1145/3285946","DOIUrl":"https://doi.org/10.1145/3285946","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82003441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 1: Evaluation of MTD Techniques","authors":"I. Ray","doi":"10.1145/3285944","DOIUrl":"https://doi.org/10.1145/3285944","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79536234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-01DOI: 10.1007/978-1-4614-5416-8_8
Todd Jackson, Andrei Homescu, Stephen Crane, Per Larsen, Stefan Brunthaler, M. Franz
{"title":"Diversifying the Software Stack Using Randomized NOP Insertion","authors":"Todd Jackson, Andrei Homescu, Stephen Crane, Per Larsen, Stefan Brunthaler, M. Franz","doi":"10.1007/978-1-4614-5416-8_8","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_8","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"14 1","pages":"151-173"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78301649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-01DOI: 10.1007/978-1-4614-5416-8_1
P. Manadhata
{"title":"Game Theoretic Approaches to Attack Surface Shifting","authors":"P. Manadhata","doi":"10.1007/978-1-4614-5416-8_1","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_1","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"51 1","pages":"1-13"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76794598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-01DOI: 10.1007/978-1-4614-5416-8_2
Manish Jain, Bo An, Milind Tambe
{"title":"Security Games Applied to Real-World: Research Contributions and Challenges","authors":"Manish Jain, Bo An, Milind Tambe","doi":"10.1007/978-1-4614-5416-8_2","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_2","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"1 1","pages":"15-39"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86566909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-01DOI: 10.1007/978-1-4614-5416-8_4
Cleotilde González
{"title":"From Individual Decisions from Experience to Behavioral Game Theory: Lessons for Cybersecurity","authors":"Cleotilde González","doi":"10.1007/978-1-4614-5416-8_4","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_4","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"8 1","pages":"73-86"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91334190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-01DOI: 10.1007/978-1-4614-5416-8_3
D. Bilar, G. Cybenko, J. P. Murphy
{"title":"Adversarial Dynamics: The Conficker Case Study","authors":"D. Bilar, G. Cybenko, J. P. Murphy","doi":"10.1007/978-1-4614-5416-8_3","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_3","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"10 1","pages":"41-71"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80093765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}