Proceedings of the 5th ACM Workshop on Moving Target Defense最新文献

筛选
英文 中文
Proceedings of the 5th ACM Workshop on Moving Target Defense 第五届美国计算机学会移动目标防御研讨会论文集
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-10-15 DOI: 10.1145/3268966
{"title":"Proceedings of the 5th ACM Workshop on Moving Target Defense","authors":"","doi":"10.1145/3268966","DOIUrl":"https://doi.org/10.1145/3268966","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"29 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78138120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services Cloxy: Web服务的上下文感知欺骗即服务反向代理
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268973
Daniel Fraunholz, Daniel Reti, S. D. Antón, H. Schotten
{"title":"Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services","authors":"Daniel Fraunholz, Daniel Reti, S. D. Antón, H. Schotten","doi":"10.1145/3268966.3268973","DOIUrl":"https://doi.org/10.1145/3268966.3268973","url":null,"abstract":"Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"2016 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86351459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Session details: Session 2: Novel MTD Frameworks and Techniques 会议详情:会议2:新的MTD框架和技术
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3285945
W. Connell
{"title":"Session details: Session 2: Novel MTD Frameworks and Techniques","authors":"W. Connell","doi":"10.1145/3285945","DOIUrl":"https://doi.org/10.1145/3285945","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"54 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79104336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Comprehensive Security Assessment of Combined MTD Techniques for the Cloud 面向云的组合MTD技术的综合安全评估
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268967
Hooman Alavizadeh, Jin B. Hong, Julian Jang, Dong Seong Kim
{"title":"Comprehensive Security Assessment of Combined MTD Techniques for the Cloud","authors":"Hooman Alavizadeh, Jin B. Hong, Julian Jang, Dong Seong Kim","doi":"10.1145/3268966.3268967","DOIUrl":"https://doi.org/10.1145/3268966.3268967","url":null,"abstract":"Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there is still a lack of systematic evaluation methods for assessing the effectiveness of the proposed MTD techniques, especially when multiple MTD techniques are to be used in combinations. In this paper, we aim to address the aforementioned issue by proposing an approach for modeling and analysis of MTD techniques. We consider four security metrics: system risk, attack cost, return on attack, and availability to quantify the security of the cloud before and after deploying MTD techniques. Moreover, we propose a Diversity MTD technique to deploy OS diversification with various variants on multiple VMs and also combined Shuffle, Diversity, and Redundancy MTD techniques to improve the security of the cloud. We analyze the security metrics before and after deploying the proposed techniques to show the effectiveness of them. We also utilize importance measures based on network centrality measures into security analysis phase to improve the scalability of the MTD evaluation.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"209 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89735151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
A Secure Hash Commitment Approach for Moving Target Defense of Security-critical Services 安全关键服务移动目标防御的安全哈希承诺方法
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268969
Dieudonne Mulamba, A. Amarnath, Bruhadeshwar Bezawada, I. Ray
{"title":"A Secure Hash Commitment Approach for Moving Target Defense of Security-critical Services","authors":"Dieudonne Mulamba, A. Amarnath, Bruhadeshwar Bezawada, I. Ray","doi":"10.1145/3268966.3268969","DOIUrl":"https://doi.org/10.1145/3268966.3268969","url":null,"abstract":"Protection of security-critical services, such as access-control reference monitors, is an important requirement in the modern era of distributed systems and services. The threat arises from hosting the service on a single server for a lengthy period of time, which allows the attacker to periodically enumerate the vulnerabilities of the service with respect to the server's configuration and launch targeted attacks on the service. In our work, we design and implement an efficient solution based on the moving \"target\" defense strategy, to protect security-critical services against such active adversaries. Specifically, we focus on implementing our solution for protecting the reference monitor service that enforces access control for users requesting access to sensitive resources. The key intuition of our approach is to increase the level of difficulty faced by the attacker to compromise a service by periodically moving the security-critical service among a group of heterogeneous servers. For this approach to be practically feasible, the movement of the service should be efficient and random, i.e., the attacker should not have a-priori information about the choice of the next server hosting the service. Towards this, we describe an efficient Byzantine fault-tolerant leader election protocol that achieves the desired security and performance objectives. We built a prototype implementation that moves the access control service randomly among a group of fifty servers within a time range of 250-440 ms. We show that our approach tolerates Byzantine behavior of servers, which ensures that a server under adversarial control has no additional advantage of being selected as the next active server.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84152154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms 使用近重复检测算法量化软件多样性的有效性
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268974
Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart
{"title":"Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms","authors":"Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart","doi":"10.1145/3268966.3268974","DOIUrl":"https://doi.org/10.1145/3268966.3268974","url":null,"abstract":"Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91228281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Catch Me If You Can: Dynamic Concealment of Network Entities 抓我如果你可以:网络实体的动态隐藏
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268970
Daniel Fraunholz, Daniel Krohmer, S. D. Antón, H. Schotten
{"title":"Catch Me If You Can: Dynamic Concealment of Network Entities","authors":"Daniel Fraunholz, Daniel Krohmer, S. D. Antón, H. Schotten","doi":"10.1145/3268966.3268970","DOIUrl":"https://doi.org/10.1145/3268966.3268970","url":null,"abstract":"In this paper, a framework for Moving Target Defense is introduced. This framework bases on three pillars: network address mutation, communication stack randomization and the dynamic deployment of decoys. The network address mutation is based on the concept of domain generation algorithms, where different features are included to fulfill the system requirements. Those requirements are time dependency, unpredictability and determinism. Communication stack randomization is applied additionally to increase the complexity of reconnaissance activity. By employing communication stack randomization, previously fingerprinted systems do not only differ in the network address but also in their communication pattern behavior. And finally, decoys are integrated into the proposed framework to detect attackers that have breached the perimeter. Furthermore, attacker's resources can be bound by interacting with the decoy systems. Additionally, the framework can be extended with more advanced Moving Target Defense methods such as obscuring port numbers of services.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"59 22 Suppl 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83956882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Analysis of Concurrent Moving Target Defenses 同步移动目标防御分析
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268972
W. Connell, L. Pham, Samuel Philip
{"title":"Analysis of Concurrent Moving Target Defenses","authors":"W. Connell, L. Pham, Samuel Philip","doi":"10.1145/3268966.3268972","DOIUrl":"https://doi.org/10.1145/3268966.3268972","url":null,"abstract":"While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD provides an effective defense against the entire range of possible threats. One of the challenges facing MTD quantification efforts is predicting the cumulative effect of implementing multiple MTDs. We present a scenario where two MTDs are deployed in an experimental testbed created to model a realistic use case. This is followed by a probabilistic analysis of the effectiveness of both MTDs against a multi-step attack, along with the MTDs' impact on availability to legitimate users. Our work is essential to providing decision makers with the knowledge to make informed choices regarding cyber defense.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"32 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87234696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Session details: Session 3: Protection of Critical Services against Advanced Threats 会议详细信息:会议3:保护关键服务免受高级威胁
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3285947
V. Casola
{"title":"Session details: Session 3: Protection of Critical Services against Advanced Threats","authors":"V. Casola","doi":"10.1145/3285947","DOIUrl":"https://doi.org/10.1145/3285947","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76915767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
In-design Resilient SDN Control Plane and Elastic Forwarding Against Aggressive DDoS Attacks 设计弹性SDN控制平面和弹性转发抵御DDoS攻击
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268968
F. Gillani, E. Al-Shaer, Qi Duan
{"title":"In-design Resilient SDN Control Plane and Elastic Forwarding Against Aggressive DDoS Attacks","authors":"F. Gillani, E. Al-Shaer, Qi Duan","doi":"10.1145/3268966.3268968","DOIUrl":"https://doi.org/10.1145/3268966.3268968","url":null,"abstract":"Using Software-defined Networks in wide area (SDN-WAN) has been strongly emerging in the past years. Due to scalability and economical reasons, SDN-WAN mostly uses an in-band control mechanism, which implies that control and data sharing the same critical physical links. However, the in-band control and centralized control architecture can be exploited by attackers to launch distributed denial of service (DDoS) on SDN control plane by flooding the shared links and/or the Open flow agents. Therefore, constructing a resilient software designed network requires dynamic isolation and distribution of the control flow to minimize damage and significantly increase attack cost. Existing solutions fall short to address this challenge because they require expensive extra dedicated resources or changes in OpenFlow protocol. In this paper, we propose a moving target technique called REsilient COntrol Network architecture (ReCON) that uses the same SDN network resources to defend SDN control plane dynamically against the DDoS attacks. ReCON essentially, (1) minimizes the sharing of critical resources among data and control traffic, and (2) elastically increases the limited capacity of the software control agents on-demand by dynamically using the under-utilized resources from within the same SDN network. To implement a practical solution, we formalize ReCON as a constraints satisfaction problem using Satisfiability Modulo Theory (SMT) to guarantee a correct-by-construction control plan placement that can handle dynamic network conditions.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"148 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77372427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信