Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense最新文献

{"title":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","authors":"Nicholas J. Multari, A. Singhal, David O. Manz","doi":"10.1145/2994475","DOIUrl":"https://doi.org/10.1145/2994475","url":null,"abstract":"It is our great pleasure to welcome you to the SafeConfig'16 Workshop. This workshop is in its 9th year, each one focusing on different aspect of cyber systems. The 2016 workshop focuses on the testing and validation of cyber systems, specifically those involving active security and resilient systems. The premise is existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. This workshop will explore and discuss scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and \"test\" the various resilient and active technologies. This concept necessitates potentially wholesale new developments to ensure that resilientand agile-aware security testing is available to the research community. All testing, validation and experimentation must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researchers and practitioners. \u0000 \u0000The call for papers attracted submissions from Asia, Europe, and the United States. Of the 13 papers submitted, the program committee recommended acceptance of 6 for an overall acceptance rate of 46%. In addition to the six accepted papers, we are also excited to have one keynote and a panel to examine this topic from an academic, business, and government point of view. \u0000 \u0000The first keynote, Configuring Software and Systems for Defense-in-Depth will be given by Dr. Trent Jaeger from Penn State University. He will discuss how achieving defense in depth has a significant component in configuration. In particular, he advocates configuring security requirements for various layers of software defenses (e.g., privilege separation, authorization, and auditing) and generating software and systems defenses that implement such configurations (mostly) automatically. Dr. Jaeger will focus mainly on the challenge of retrofitting software with authorization code automatically to demonstrate the configuration problems faced by the community, and discuss how we may leverage these lessons to configuring software and systems for defense in depth. \u0000 \u0000The second keynote, From Cyber Security to Collaborative Cyber Resilience, will be given by Dr. George Sharkov, the Cybersecurity Coordinator for the Bulgarian Government. Dr. Sharkov will discuss his view of a holistic approach to cyber resilience as a means of preparing for the \"unknown unknowns\". He will also discuss the multi-stakeholder engagement needed and the complementarity of governance, law, and business/industry initiatives. He will end with an example of the collaborative model in the Bulgarian national strategy and its multi-national engagements. \u0000 \u0000Finally, we will have a panel of experts from diverse backgrounds to discuss their perspective of the subject of this workshop. The specific participants include: \u0000Ehab Al-Shaer, University of North Carolina Charlotte \u0000Bob Cowles, BrightLite Information","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117088099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Configuring Software and Systems for Defense-in-Depth","authors":"T. Jaeger","doi":"10.1145/2994475.2994483","DOIUrl":"https://doi.org/10.1145/2994475.2994483","url":null,"abstract":"The computer security community has long advocated defense in depth, building multiple layers of defense to protect a system. Realizing this vision is not yet practical, as software often ships with inadequate defenses, typically developed in an ad hoc fashion. Currently, programmers reason about security manually and lack tools to validate assurance that security controls provide satisfactory defenses. In this keynote talk, I will discuss how achieving defense in depth has a significant component in configuration. In particular, we advocate configuring security requirements for various layers of software defenses (e.g., privilege separation, authorization, and auditing) and generating software and systems defenses that implement such configurations (mostly) automatically. I will focus mainly on the challenge of retrofitting software with authorization code automatically to demonstrate the configuration problems faced by the community, and discuss how we may leverage these lessons to configuring software and systems for defense in depth.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130402258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SafeConfig'16: Testing and Evaluation for Active & Resilient Cyber Systems Panel Verification of Active and Resilient Systems: Practical or Utopian?","authors":"Nicholas J. Multari, A. Singhal, David O. Manz, Robert Cowles, Jorge Cuéllar, C. Oehmen, G. Shannon","doi":"10.1145/2994475.2994486","DOIUrl":"https://doi.org/10.1145/2994475.2994486","url":null,"abstract":"The premise of the SafeConfig'16 Workshop is existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. The objective for this workshop is the exploration and discussion of scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and \"test\" the various resilient and active technologies. This adaptation and change in focus necessitates at the very least modification, and potentially, wholesale new developments to ensure that resilient- and agile-aware security testing is available to the research community. All testing, validation and experimentation must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researchers and practitioners. The workshop will convene a panel of experts to explore this concept. The topic will be discussed from three different perspectives. One perspective is that of the practitioner. We will explore whether active and resilient technologies are or are planned for deployment and whether the verification methodology affects that decision. The second perspective will be that of the research community. We will address the shortcomings of current approaches and the research directions needed to address the practitioner's concerns. The third perspective is that of the policy community. Specifically, we will explore the dynamics between technology, verification, and policy.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"402 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115978902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks","authors":"Emilie Purvine, John R. Johnson, C. Lo","doi":"10.1145/2994475.2994476","DOIUrl":"https://doi.org/10.1145/2994475.2994476","url":null,"abstract":"Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133622876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Session details: Panel Session","authors":"David O. Manz","doi":"10.1145/3252798","DOIUrl":"https://doi.org/10.1145/3252798","url":null,"abstract":"","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131388995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Session details: Prevention, Detection and Metrics","authors":"David O. Manz","doi":"10.1145/3252797","DOIUrl":"https://doi.org/10.1145/3252797","url":null,"abstract":"","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133277717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AHEAD: A New Architecture for Active Defense","authors":"Fabio De Gaspari, S. Jajodia, L. Mancini, Agostino Panico","doi":"10.1145/2994475.2994481","DOIUrl":"https://doi.org/10.1145/2994475.2994481","url":null,"abstract":"Active defense is a popular defense technique based on systems that hinder an attacker's progress by design, rather than reactively responding to an attack only after its detection. Well-known active defense systems are honeypots. Honeypots are fake systems, designed to look like real production systems, aimed at trapping an attacker, and analyzing his attack strategy and goals. These types of systems suffer from a major weakness: it is extremely hard to design them in such a way that an attacker cannot distinguish them from a real production system. In this paper, we advocate that, instead of adding additional fake systems in the corporate network, the production systems themselves should be instrumented to provide active defense capabilities. This perspective to active defense allows containing costs and complexity, while at the same time provides the attacker with a more realistic-looking target, and gives the Incident Response Team more time to identify the attacker. The proposed proof-of-concept prototype system can be used to implement active defense in any corporate production network, with little upfront work, and little maintenance.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129433913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks","authors":"Stefan Marksteiner, Harald Lernbeiß, Bernhard Jandl-Scherf","doi":"10.1145/2994475.2994479","DOIUrl":"https://doi.org/10.1145/2994475.2994479","url":null,"abstract":"As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123954992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Cybersecurity to Collaborative Resiliency","authors":"George Sharkov","doi":"10.1145/2994475.2994484","DOIUrl":"https://doi.org/10.1145/2994475.2994484","url":null,"abstract":"This paper presents the holistic approach to cyber resilience as a means of preparing for the \"unknown unknowns\". Principles of augmented cyber risks management and resilience management model at national level are presented, with elaboration on multi-stakeholder engagement and partnership for the implementation of national cyber resilience collaborative framework. The complementarity of governance, law, and business/industry initiatives is outlined, with examples of the collaborative resilience model for the Bulgarian national strategy and its multi-national engagements.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122542703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Session details: Architectures, configurations and verification","authors":"Nicholas J. Multari","doi":"10.1145/3252796","DOIUrl":"https://doi.org/10.1145/3252796","url":null,"abstract":"","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124949210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}