Experimentation Support for Cyber Security Evaluations

To improve the information assurance of mission execution over modern IT infrastructure, new cyber defenses need to not only provide security benefits, but also perform within a given cost regime. Current approaches for validating and integrating cyber defenses heavily rely on manual trial-and-error, without a clear and systematic understanding of security versus cost tradeoffs. Recent work on model-based analysis of cyber defenses has led to quantitative measures of the attack surface of a distributed system hosting mission critical applications. These metrics show great promise, but the cost of manually creating the underlying models is an impediment to their wider adoption. This paper describes an experimentation framework for automating multiple activities associated with model construction and validation, including creating ontological system models from real systems, measuring and recording distributions of resource impact and end-to-end performance overhead values, executing real attacks to validate theoretic attack vectors found through analytic reasoning, and creating and managing multi-variable experiments.

[1]  Eric Eide,et al.  Toward Replayable Research in Networking and Systems , 2010 .

[2]  Mike Hibler,et al.  Large-scale Virtualization in the Emulab Network Testbed , 2008, USENIX ATC.

[3]  Terry V. Benzel The science of cyber security experimentation: the DETER project , 2011, ACSAC '11.

[4]  Calvin Ko,et al.  SEER: A Security Experimentation EnviRonment for DETER , 2007, DETER.

[5]  Thomas C. Eskridge,et al.  VINE: A Cyber Emulation Environment for MTD Experimentation , 2015, MTD@CCS.

[6]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[7]  Patrick Lardieri,et al.  National Cyber Range (NCR) automated test tools: Implications and application to network-centric support tools , 2010, 2010 IEEE AUTOTESTCON.

[8]  Marco Carvalho,et al.  Quantifying & minimizing attack surfaces containing moving target defenses , 2015, 2015 Resilience Week (RWS).

[9]  Akihiro Nakao,et al.  GENI: A federated testbed for innovative network experiments , 2014, Comput. Networks.

[10]  Michael G. Wabiszewski,et al.  Enhancing realistic hands-on network training in a virtual environment , 2009, SpringSim '09.

[11]  Jon Davis,et al.  A Survey of Cyber Ranges and Testbeds , 2013 .

[12]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[13]  William W. Streilein,et al.  Survey of Cyber Moving Target Techniques , 2013 .

[14]  Thomas Wilhelm,et al.  Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research , 2007 .