Securing critical computer systems against cyber attacks is a continual struggle for system managers. Attackers often need only find one vulnerability (a flaw or bug that an attacker can exploit to penetrate or disrupt a system) to successfully compromise systems. Defenders, however, have the technically difficult task of discovering and fixing every vulnerability in a complex system, which usually comprises an operating system, device drivers, numerous software applications, and hardware components. Within cyberspace, this imbalance between a simple, one-vulnerability attack tactic and a complicated, multipart defense strategy favors attackers. While defensive applications have grown significantly in complexity and size over many years, malicious software, i.e., malware, has remained relatively simple, computationally small, and still effective in bypassing defensive applications [1]. A major contributing factor to the imbalanced security of cyberspace is the static nature of systems and defenses. The same copy of a popular software application with the same internals developed by a major software vendor may run on millions of machines. As a result, an attack designed to infect that software application is likely to compromise millions of machines. Similarly, many defensive applications are static; they discover suspicious inputs by applying a set of rules and checks commonly used by software built to detect attacks. Therefore, clever cyber invaders can craft attacks to bypass existing defenses by analyzing local copies of readily available defensive applications and then exploiting the weaknesses within those applications. Cyber moving target techniques involve randomizing cyber system components to reduce the likelihood of successful attacks, adding dynamics to a system to shorten attack lifetime, and diversifying otherwise homogeneous collections of systems to limit attack damage. A review of five dominant categories of cyber moving target techniques assesses their benefits and weaknesses.
[1]
Michael Franz,et al.
E unibus pluram: massive-scale software diversity as a defense mechanism
,
2010,
NSPW '10.
[2]
Hamed Okhravi,et al.
Creating a cyber moving target for critical infrastructure applications using platform diversity
,
2012,
Int. J. Crit. Infrastructure Prot..
[3]
Dan Kaufman.
An Analytical Framework for Cyber Security
,
2011
.
[4]
William W. Streilein,et al.
Finding Focus in the Blur of Moving-Target Techniques
,
2014,
IEEE Security & Privacy.
[5]
Evangelos P. Markatos,et al.
Defending against hitlist worms using network address space randomization
,
2005,
WORM '05.
[6]
Kevin M. Carter,et al.
Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism
,
2014,
RAID.
[7]
Michael Franz,et al.
Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities
,
2008,
2008 International Conference on Complex, Intelligent and Software Intensive Systems.
[8]
Jeff Seibert,et al.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code
,
2014,
CCS.
[9]
Hovav Shacham,et al.
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
,
2007,
CCS '07.
[10]
William W. Streilein,et al.
Timely Rerandomization for Mitigating Memory Disclosures
,
2015,
CCS.