From Database to Cyber Security

In the cyber security landscape, the asymmetric relationship between defender and attacker tends to favor the attacker: while the defender needs to protect a system against all possible ways of breaching it, the attacker needs to identify and exploit only one vulnerable entry point in order to succeed. In this chapter, we show how we can effectively reverse such intrinsic asymmetry in favor of the defender by concurrently pursuing two complementary objectives: increasing the defender’s understanding of multiple facets of the cyber landscape – referred to as Cyber Situational Awareness (CSA) – and creating uncertainty for the attacker through Moving Target Defense (MTD) or Adaptive Cyber Defense (ACD) techniques. This chapter provides a brief overview of contributions in these areas, and discusses future research directions.

[1]  Vijay V. Raghavan,et al.  Visual Analytics of Time Evolving Large-scale Graphs , 2015, IEEE Intell. Informatics Bull..

[2]  Xinming Ou,et al.  Googling Attack Graphs , 2007 .

[3]  Shakil Akhtar,et al.  A study, analysis and deep dive on cloud PAAS security in terms of Docker container security , 2016, 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT).

[4]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[5]  Wenke Lee,et al.  Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection , 2012, RAID.

[6]  Yaozu Dong,et al.  A Full GPU Virtualization Solution with Mediated Pass-Through , 2014, USENIX Annual Technical Conference.

[7]  Dirk Merkel,et al.  Docker: lightweight Linux containers for consistent development and deployment , 2014 .

[8]  Roberto Di Pietro,et al.  Docker ecosystem - Vulnerability Analysis , 2018, Comput. Commun..

[9]  Jeremy Sugerman,et al.  GPU virtualization on VMware's hosted I/O architecture , 2008, OPSR.

[10]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[11]  Virginia N. L. Franqueira,et al.  Finding multi-step attacks in computer networks using heuristic search and mobile ambients , 2009 .

[12]  Ann Mary Joy,et al.  Performance comparison between Linux containers and virtual machines , 2015, 2015 International Conference on Advances in Computer Engineering and Applications.

[13]  Sushil Jajodia,et al.  Implementing interactive analysis of attack graphs using relational databases , 2008, J. Comput. Secur..

[14]  Long Chen,et al.  A Defense Method against Docker Escape Attack , 2017, ICCSP '17.

[15]  A. Volokyta,et al.  Secure virtualization in cloud computing , 2012, Proceedings of International Conference on Modern Problem of Radio Engineering, Telecommunications and Computer Science.

[16]  Roberto Di Pietro,et al.  Windows Mobile LiveSD Forensics , 2013, J. Netw. Comput. Appl..

[17]  Min Zhu,et al.  T-VMI: Trusted Virtual Machine Introspection in Cloud Environments , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[18]  Adina Crainiceanu,et al.  Rya: a scalable RDF triple store for the clouds , 2012, Cloud-I '12.

[19]  Mike Tanner,et al.  Computing the impact of cyber attacks on complex missions , 2011, 2011 IEEE International Systems Conference.

[20]  Steven Gianvecchio,et al.  Bot or Human? A Behavior-Based Online Bot Detection System , 2018, From Database to Cyber Security.

[21]  Roberto Di Pietro,et al.  CloRExPa: Cloud resilience via execution path analysis , 2014, Future Gener. Comput. Syst..

[22]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[23]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[24]  Akira Tanaka,et al.  Rollback mechanism of nested virtual machines for protocol fuzz testing , 2014, SAC.

[25]  Sushil Jajodia,et al.  Network Hardening: An Automated Approach to Improving Network Security , 2014 .

[26]  Wu-chun Feng,et al.  VOCL: An optimized environment for transparent virtualization of graphics processing units , 2012, 2012 Innovative Parallel Computing (InPar).

[27]  Jason Nieh,et al.  KVM/ARM: the design and implementation of the linux ARM hypervisor , 2014, ASPLOS.

[28]  Sushil Jajodia,et al.  Understanding complex network attack graphs through clustered adjacency matrices , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[29]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[30]  Scott Musman,et al.  A game theoretic approach to cyber security risk management , 2018 .

[31]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[32]  Robert E. Tarjan,et al.  Network Flow Algorithms , 1989 .

[33]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[34]  Jari Saramäki,et al.  Temporal Networks , 2011, Encyclopedia of Social Network Analysis and Mining.

[35]  Yaozu Dong,et al.  NestCloud: Towards practical nested virtualization , 2011, 2011 International Conference on Cloud and Service Computing.

[36]  Dimitrios S. Nikolopoulos,et al.  GPU Virtualization and Scheduling Methods , 2017, ACM Computing Surveys.

[37]  Thomas Gross,et al.  VirtusCap: Capability-Based Access Control for Unikernels , 2017, 2017 IEEE International Conference on Cloud Engineering (IC2E).

[38]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[39]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[40]  Pascal van Eck,et al.  Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients , 2008, SAC '09.

[41]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[42]  Roberto Di Pietro,et al.  CUDA Leaks , 2013, ACM Trans. Embed. Comput. Syst..

[43]  Dharmesh Kakadia,et al.  Virtualization vs Containerization to Support PaaS , 2014, 2014 IEEE International Conference on Cloud Engineering.

[44]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[45]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[46]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[47]  Roberto Di Pietro,et al.  HyBIS: Advanced Introspection for Effective Windows Guest Protection , 2017, SEC.

[48]  Thomas R. Gross,et al.  Fine-grained user-space security through virtualization , 2011, VEE '11.

[49]  Ruby B. Lee,et al.  Characterizing hypervisor vulnerabilities in cloud computing servers , 2013, Cloud Computing '13.

[50]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[51]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[52]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[53]  Aurélien Francillon,et al.  Confidentiality Issues on a GPU in a Virtualized Environment , 2014, Financial Cryptography.

[54]  Tamas K. Lengyel Malware Collection and Analysis via Hardware Virtualization , 2015 .

[55]  Vanish Talwar,et al.  GViM: GPU-accelerated virtual machines , 2009, HPCVirt '09.

[56]  Daniele Sgandurra,et al.  Transparent Process Monitoring in a Virtual Environment , 2009, Electron. Notes Theor. Comput. Sci..

[57]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[58]  Roberto Di Pietro,et al.  To Docker or Not to Docker: A Security Perspective , 2016, IEEE Cloud Computing.

[59]  Frank Piessens,et al.  ICE: a passive, high-speed, state-continuity scheme , 2014, ACSAC.

[60]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[61]  Claudio Soriente,et al.  CReW: Cloud Resilience for Windows Guests through Monitored Virtualization , 2010, SRDS.

[62]  Srdjan Capkun,et al.  DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization , 2017, ArXiv.

[63]  Robert Buhren,et al.  Security Analysis of Encrypted Virtual Machines , 2016, VEE.

[64]  Edward Ray,et al.  Virtualization security , 2009, CSIIRW '09.

[65]  Todd R. Andel,et al.  Probing the Limits of Virtualized Software Protection , 2014, PPREW@ACSAC.

[66]  Ruby B. Lee Hardware-enhanced access control for cloud computing , 2012, SACMAT '12.

[67]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[68]  Srinivas Devadas,et al.  Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture , 2017, Found. Trends Electron. Des. Autom..

[69]  Alfons Laarman,et al.  Scalable multi-core model checking , 2014 .

[70]  Ravi S. Sandhu,et al.  Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling , 2015, SACMAT.

[71]  Lin Shi,et al.  vCUDA: GPU accelerated high performance computing in virtual machines , 2009, 2009 IEEE International Symposium on Parallel & Distributed Processing.

[72]  Mona Vij,et al.  Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment , 2017, HASP@ISCA.

[73]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[74]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[75]  Thomas Ristenpart,et al.  When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography , 2010, NDSS.

[76]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[77]  Fikret Sivrikaya,et al.  Distributed Attack Graph Generation , 2016, IEEE Transactions on Dependable and Secure Computing.