Model-driven situational awareness for moving target defense

Jhawar, Ravi; Mauw, Sjouke

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Model-driven situational awareness for moving target defense

Jhawar, Ravi; Mauw, Sjouke

2017 • In Scanlon, Marc; Le-Khac, Nhien-An (Eds.) Proc. 16th European Conference on Cyber Warfare and Security

Peer reviewed

Permalink
https://hdl.handle.net/10993/33899

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

JhM17.pdf

Author preprint (614.27 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Abstract :

[en] Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's workload since she must continually re-assess, re-engineer and re-launch her attacks. Existing research has provided a number of MTD techniques but approaches for gaining situational awareness and deciding when/how to apply these techniques are not well studied. In this paper, we present a conceptual framework that closely integrates a set of models with the system and obtains up-to-date situational awareness following the OODA loop methodology. To realize the framework, as the first step, we propose a modelling approach that provides insights about the dynamics between potential attacks and defenses, impact of attacks and adaptations on the system, and the state of the system. Based on these models, we demonstrate techniques to quantitatively assess the effectiveness of MTD and show how to formulate decision-making problems.

Disciplines :

Computer science

Author, co-author :

Jhawar, Ravi ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

Model-driven situational awareness for moving target defense

Publication date :

2017

Event name :

16th European Conference on Cyber Warfare and Security (ECCWS'17)

Event place :

Dublin, Ireland

Event date :

June 29-30 2017

Audience :

International

Main work title :

Proc. 16th European Conference on Cyber Warfare and Security

Editor :

Scanlon, Marc

Le-Khac, Nhien-An

Publisher :

ACPI

Pages :

184-192

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR5809105 - Attack-defence Trees: Theory Meets Practice, 2013 (01/07/2014-30/06/2017) - Sjouke Mauw

Available on ORBilu :

since 10 January 2018

Statistics

Number of views

87 (3 by Unilu)

Number of downloads

75 (5 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Albanese, M., Battista, E., Jajodia, S., & Casola, V. (2014). Manipulating the attacker's view of a system's attack surface. IEEE CNS, (pp. 472-480). San Francisco, USA.
Albanese, M., Jajodia, S., Pugliese, A., & Subrahmanian, V. S. (2011). Scalable Analysis of Attack Scenarios. ESORICS (pp. 416-433). Leuven, Belgium: Springer.
Al-Shaer, E. (2011). Toward Network Configuration Randomization for MTD. In MTD: Creating Asymmetric Uncertainty for Cyber Threats (pp. 153-159).
Antonatos, S., Akritidis, P., Markatos, E. P., & Anagnostakis, K. G. (2005). Defending against hitlist worms using network address space randomization. ACM Workshop on Rapid Malcode, (pp. 30-40). Fairfax, VA, USA.
Chew, M., & Song, D. (2002). Mitigating buffer overflows by operating system randomization. CMUCS-02-197.
Donovan, P. J., McLamb, J. W., Okhravi, H., Riordan, J., & Wright, C. V. (2015). Quantitative evaluation of moving target technology. HST (pp. 1-7). IEEE.
Egesdal, M., Gomez-Jordana, A., Pelissier, C., Prause, M., Savani, R., & Stengel, B. (2015). Game Theory Explorer. Retrieved from http://gte.csc.liv.ac.uk/gte/builder/
Executive Office of the President, NST Council, USA. (2011). Retrieved from Trustworthy cyberspace: Strategic plan for the federal cybersecurity research and development program: https://www.whitehouse.gov/
Hong, J. B., & Kim, D. S. (2016). Assessing the effectiveness of moving target defenses using security models. IEEE Trans. on Dep. and Sec. Comp, 163-177.
Hutchins, E., Cloppert, M., & Amin, R. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. ICCWS. Washington, DC, USA.
Iyer, V., Kanitkar, A., Dasgupta, P., & Srinivasan, R. (2010). Preventing overflow attacks by memory randomization. ISSRE (pp. 339-347). IEEE.
Jhawar, R., Mauw, S., & Lounis, K. (2016). A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. STM. Heraklion, Greece: Springer.
Jhawar, R., Mauw, S., & Zakiuddin, I. (2016). Automated Cyber Defense Responses using Attack-Defense Trees and Game Theory. ECCWS, (pp. 163-172). Munich, Germany.
Jiang, X., Wangz, H. J., Xu, D., & Wang, Y. (2007). Randsys: Thwarting code injection attacks with system service interface randomization. SRDS. IEEE.
Jones, S., Outkin, A., Gearhart, J., Hobbs, J., Siirola, J., Phillips, C.,. Mulder, S. (2015). Evaluating Moving Target Defense with PLADD. Sandia National Laboratories.
Kil, C., Jun, J., Bookholt, C., Xu, J., & Ning, P. (2006). Address space layout permutation: Towards finegrained randomization of commodity software. ACSAC (pp. 339-348). IEEE.
Kordy, B., Mauw, S., Radomirovic, S., & Schweitzer, P. (2014). Attack-defense trees. Journal of Logic and Computation, 55-87
Kriaa, S., Bouissou, M., & Pietre-Cambacedes, L. (2012). Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments. CRiSIS, (pp. 1-8).
Manadhata, P. (2013). Game Theoretic Approaches to Attack Surface Shifting. In MTD II: Application of Game Theory and Adversarial Modeling (pp. 1-13). Advances in Inf. Sec., Springer.
Manadhata, P., & Wing, J. (2011). An attack surface metric. IEEE Trans. on Software Engg., 37(3):371-386.
Okhravi, H., Rabe, M. A., Mayberry, T. J., Leonard, W. G., Hobson, T. R., Bigelow, D., & Streilein, W. W. (2013). Survey of cyber moving target techniques. MIT Lincoln Lab.
Roeder, T., & Schneider, F. (2010). Proactive obfuscation. ACM Trans. Comp. Sys., 28(2):1-54.
Xu, J., Guo, P., Zhao, M., Erbacher, R. F., Zhu, M., & Liu, P. (2014). Comparing different moving target defense techniques. ACM Workshop on MTD, (pp. 97-107). Scottsdale, USA.
Zaffarano, K., Taylor, J., & Hamilton, S. (2015). A quantitative framework for moving target defense effectiveness evaluation. ACM Workshop on MTD, (pp. 3-10). Denver, USA.
Zhuang, R., DeLoach, S. A., & Ou, X. (2014). Towards a theory of moving target defense. ACM Workshop on MTD, (pp. 31-40). Scottsdale, USA.