发布求助
文献互助 智能选刊 最新文献

MTD '14最新文献

筛选
英文 中文
No free lunch in cyber security 网络安全领域没有免费的午餐
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663475
G. Cybenko, J. Hughes
{"title":"No free lunch in cyber security","authors":"G. Cybenko, J. Hughes","doi":"10.1145/2663474.2663475","DOIUrl":"https://doi.org/10.1145/2663474.2663475","url":null,"abstract":"Confidentiality, integrity and availability (CIA) are traditionally considered to be the three core goals of cyber security. By developing probabilistic models of these security goals we show that: the CIA goals are actually specific operating points in a continuum of possible mission security requirements; component diversity, including certain types of Moving Target Defenses, versus component hardening as security strategies can be quantitatively evaluated; approaches for diversity can be formalized into a rigorous taxonomy.\u0000 Such considerations are particularly relevant for so-called Moving Target Defense (MTD approaches that seek to adapt or randomize computer resources in a way to delay or defeat attackers. In particular, we explore tradeoffs between confidentiality and availability in such systems that suggest improvements in one may come at the expense of the other. In other words, there is \"No Free Lunch\" in cyber security.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130354065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
On the Challenges of Effective Movement 关于有效运动的挑战
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663480
Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, W. Streilein
{"title":"On the Challenges of Effective Movement","authors":"Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, W. Streilein","doi":"10.1145/2663474.2663480","DOIUrl":"https://doi.org/10.1145/2663474.2663480","url":null,"abstract":"Moving Target (MT) defenses have been proposed as a game-changing approach to rebalance the security landscape in favor of the defender. MT techniques make systems less deterministic, less static, and less homogeneous in order to increase the level of effort required to achieve a successful compromise. However, a number of challenges in achieving effective movement lead to weaknesses in MT techniques that can often be used by the attackers to bypass or otherwise nullify the impact of that movement. In this paper, we propose that these challenges can be grouped into three main types: coverage, unpredictability, and timeliness. We provide a description of these challenges and study how they impact prominent MT techniques. We also discuss a number of other considerations faced when designing and deploying MT defenses.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129426811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Towards a Theory of Moving Target Defense 移动目标防御理论探讨
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663479
Rui Zhuang, S. DeLoach, Xinming Ou
{"title":"Towards a Theory of Moving Target Defense","authors":"Rui Zhuang, S. DeLoach, Xinming Ou","doi":"10.1145/2663474.2663479","DOIUrl":"https://doi.org/10.1145/2663474.2663479","url":null,"abstract":"The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to show that MTD systems can work effectively in real systems. In fact, there is no standard definition of what an MTD is, what is meant by attack surface, or metrics to define the effectiveness of such systems. In this paper, we propose an initial theory that will begin to answer some of those questions. The paper defines the key concepts required to formally talk about MTD systems and their basic properties. It also discusses three essential problems of MTD systems, which include the MTD Problem (or how to select the next system configuration), the Adaptation Selection Problem, and the Timing Problem. We then formalize the MTD Entropy Hypothesis, which states that the greater the entropy of the system's configuration, the more effective the MTD system.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114074614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 230
Reinforcement Learning Algorithms for Adaptive Cyber Defense against Heartbleed 针对心脏出血的自适应网络防御的强化学习算法
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663481
Minghui Zhu, Zhisheng Hu, Peng Liu
{"title":"Reinforcement Learning Algorithms for Adaptive Cyber Defense against Heartbleed","authors":"Minghui Zhu, Zhisheng Hu, Peng Liu","doi":"10.1145/2663474.2663481","DOIUrl":"https://doi.org/10.1145/2663474.2663481","url":null,"abstract":"In this paper, we investigate a model where a defender and an attacker simultaneously and repeatedly adjust the defenses and attacks. Under this model, we propose two iterative reinforcement learning algorithms which allow the defender to identify optimal defenses when the information about the attacker is limited. With probability one, the adaptive reinforcement learning algorithm converges to the best response with respect to the attacks when the attacker diminishingly explores the system. With a probability arbitrarily close to one, the robust reinforcement learning algorithm converges to the min-max strategy despite that the attacker persistently explores the system. The algorithm convergence is formally proven and the algorithm performance is verified via numerical simulations.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125492913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Software Security and Randomization through Program Partitioning and Circuit Variation 通过程序划分和电路变化的软件安全性和随机化
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663484
T. Andel, Lindsey N. Whitehurst, J. McDonald
{"title":"Software Security and Randomization through Program Partitioning and Circuit Variation","authors":"T. Andel, Lindsey N. Whitehurst, J. McDonald","doi":"10.1145/2663474.2663484","DOIUrl":"https://doi.org/10.1145/2663474.2663484","url":null,"abstract":"The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations allowing security applications to operate at real-time speeds, such as firewall and packet scanning on high speed networks. However, the utilization of FPGAs to directly secure software vulnerabilities is seemingly non-existent.\u0000 Protecting program integrity and confidentiality is crucial as malicious attacks through injected code are becoming increasingly prevalent. This paper lays the foundation of continuing research in how to protect software by partitioning critical sections using reconfigurable hardware. This approach is similar to a traditional coprocessor approach to scheduling opcodes for execution on specialized hardware as opposed to running on the native processor. However, the partitioned program model enables the programmer the ability to split portions of an application to reconfigurable hardware at compile time. The fundamental underlying hypothesis is that synthesizing portions of programs onto hardware can mitigate potential software vulnerabilities. Further, this approach provides an avenue for randomization or diversity for software layout and circuit variation.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"260 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116233370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers 针对复杂攻击者的主动网络敏捷性的时空地址突变
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663483
J. H. Jafarian, E. Al-Shaer, Qi Duan
{"title":"Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers","authors":"J. H. Jafarian, E. Al-Shaer, Qi Duan","doi":"10.1145/2663474.2663483","DOIUrl":"https://doi.org/10.1145/2663474.2663483","url":null,"abstract":"The static one-to-one binding of hosts to IP addresses allows adversaries to conduct thorough reconnaissance in order to discover and enumerate network assets. Specifically, this fixed address mapping allows distributed network scanners to aggregate information gathered at multiple locations over different times in order to construct an accurate and persistent view of the network. The unvarying nature of this view enables adversaries to collaboratively share and reuse their collected reconnaissance information in various stages of attack planning and execution. This paper presents a novel moving target defense (MTD) technique which enables host-to-IP binding of each destination host to vary randomly across the network based on the source identity (spatial randomization) as well as time (temporal randomization). This spatio-temporal randomization will distort attackers' view of the network by causing the collected reconnaissance information to expire as adversaries transition from one host to another or if they stay long enough in one location. Consequently, adversaries are forced to re-scan the network frequently at each location or over different time intervals. These recurring probings significantly raises the bar for the adversaries by slowing down the attack progress, while improving its detectability. We introduce three novel metrics for quantifying the effectiveness of MTD defense techniques: deterrence, deception, and detectability. Using these metrics, we perform rigorous theoretical and experimental analysis to evaluate the efficacy of this approach. These analyses show that our approach is effective in countering a significant number of sophisticated threat models including collaborative reconnaissance, worm propagation, and advanced persistent threat (APT), in an evasion-free manner.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124142139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 85
A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses 动态平台防御策略决策的博弈论方法
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663478
K. Carter, J. Riordan, Hamed Okhravi
{"title":"A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses","authors":"K. Carter, J. Riordan, Hamed Okhravi","doi":"10.1145/2663474.2663478","DOIUrl":"https://doi.org/10.1145/2663474.2663478","url":null,"abstract":"Moving target defenses based on dynamic platforms have been proposed as a way to make systems more resistant to attacks by changing the properties of the deployed platforms. Unfortunately, little work has been done on discerning effective strategies for the utilization of these systems, instead relying on two generally false premises: simple randomization leads to diversity and platforms are independent. In this paper, we study the strategic considerations of deploying a dynamic platform system by specifying a relevant threat model and applying game theory and statistical analysis to discover optimal usage strategies. We show that preferential selection of platforms based on optimizing platform diversity approaches the statistically optimal solution and significantly outperforms simple randomization strategies. Counter to popular belief, this deterministic strategy leverages fewer platforms than may be generally available, which increases system security.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130592457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Software Profiling Options and Their Effects on Security Based Diversification 软件配置选项及其对基于多样化的安全性的影响
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663485
Mark Murphy, Per Larsen, Stefan Brunthaler, M. Franz
{"title":"Software Profiling Options and Their Effects on Security Based Diversification","authors":"Mark Murphy, Per Larsen, Stefan Brunthaler, M. Franz","doi":"10.1145/2663474.2663485","DOIUrl":"https://doi.org/10.1145/2663474.2663485","url":null,"abstract":"Imparting diversity to binaries by inserting garbage instructions is an effective defense against code-reuse attacks. Relocating and breaking up code gadgets removes an attacker's ability to craft attacks by merely studying the existing code on their own computer. Unfortunately, inserting garbage instructions also slows down program execution. The use of profiling enables optimizations that alleviate much of this overhead, while still maintaining the high level of security needed to deter attacks. These optimizations are performed by varying the probability for the insertion of a garbage instruction at any particular location in the binary. The hottest regions of code get the smallest amount of diversification, while the coldest regions get the most diversification.\u0000 We show that static and dynamic profiling methods both reduce run-time overhead to under 2.5% while preventing over 95% of original gadgets from appearing in any diversified binary. We compare static and dynamic profiling and find that dynamic profiling has a slight performance advantage in a best-case scenario. But we also show that dynamic profiling results can suffer greatly from bad training input. Additionally, we find that static profiling creates smaller binary files than dynamic profiling, and that the two methods offer nearly identical security characteristics.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129357033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Comparing Different Moving Target Defense Techniques 比较不同的移动目标防御技术
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663486
Jun Xu, Pinyao Guo, Mingyi Zhao, R. Erbacher, Minghui Zhu, Peng Liu
{"title":"Comparing Different Moving Target Defense Techniques","authors":"Jun Xu, Pinyao Guo, Mingyi Zhao, R. Erbacher, Minghui Zhu, Peng Liu","doi":"10.1145/2663474.2663486","DOIUrl":"https://doi.org/10.1145/2663474.2663486","url":null,"abstract":"Moving Target Defense techniques have been proposed to increase uncertainty and apparent complexity for attackers. When more than one Moving Target Defense techniques are effective to limit opportunities of an attack, it is required to compare these techniques and select the best defense choice. In this paper, we propose a three-layer model to evaluate and compare effectiveness of different Moving Target Defenses. This model is designed as an attempt to fill a gap among existing evaluation methods and works as a systematic framework for Moving Target Defense comparison.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"279 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131521569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 112
Moving Target Defense for Hardening the Security of the Power System State Estimation 加强电力系统状态估计安全性的运动目标防御
MTD '14 Pub Date : 2014-11-07 DOI: 10.1145/2663474.2663482
M. Rahman, E. Al-Shaer, R. Bobba
{"title":"Moving Target Defense for Hardening the Security of the Power System State Estimation","authors":"M. Rahman, E. Al-Shaer, R. Bobba","doi":"10.1145/2663474.2663482","DOIUrl":"https://doi.org/10.1145/2663474.2663482","url":null,"abstract":"State estimation plays a critically important role in ensuring the secure and reliable operation of the electric grid. Recent works have shown that the state estimation process is vulnerable to stealthy attacks where an adversary can alter certain measurements to corrupt the solution of the process, but evade the existing bad data detection algorithms and remain invisible to the system operator. Since the state estimation result is used to compute optimal power flow and perform contingency analysis, incorrect estimation can undermine economic and secure system operation. However, an adversary needs sufficient resources as well as necessary knowledge to achieve a desired attack outcome. The knowledge that is required to launch an attack mainly includes the measurements considered in state estimation, the connectivity among the buses, and the power line admittances. Uncertainty in information limits the potential attack space for an attacker. This advantage of uncertainty enables us to apply moving target defense (MTD) strategies for developing a proactive defense mechanism for state estimation.\u0000 In this paper, we propose an MTD mechanism for securing state estimation, which has several characteristics: (i) increase the knowledge uncertainty for attackers, (ii) reduce the window of attack opportunity, and (iii) increase the attack cost. In this mechanism, we apply controlled randomization on the power grid system properties, mainly on the set of measurements that are considered in state estimation, and the topology, especially the line admittances. We thoroughly analyze the performance of the proposed mechanism on the standard IEEE 14- and 30-bus test systems.","PeriodicalId":241301,"journal":{"name":"MTD '14","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134442305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 83
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信