Leveraging a LiveNirtual/Constructive Testbed for the Evaluation of Moving Target Defenses

Adversary sophistication in the cyber domain is a constantly growing threat. As more systems become accessible from the Internet, the risk of breach, exploitation, and malice grows. To thwart reconnaissance and exploitation, Moving Target Defense (MTD) has been researched and deployed in various systems to modify the threat surface of a system. Tools are necessary to analyze the security, reliability, and resilience of their information systems against cyber-attack and measure the effectiveness of the MTD technologies. Today's security analyses utilize (1) real systems such as computers, network routers, and other network equipment; (2) computer emulations (e.g., virtual machines); and (3) simulation models separately. In this paper, we describe the progress made in developing and utilizing hybrid Live, Virtual, Constructive (LVC) environments for the evaluation of a set of MTD technologies. The LVC methodology has been most rooted in the Modeling & Simulation (MS) work of the Department of Defense. With the recent advances in virtualization and software-defined networking, Sandia has taken the blueprint for LVC and extended it by crafting hybrid environments of simulation, emulation, and human-in-the-loop. Furthermore, we discuss the empirical analysis of MTD technologies and approaches with LVC-based experimentation, incorporating aspects that may impact an operational deployment of the MTD under evaluation.

[1]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[2]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[3]  Minghui Zhu,et al.  Comparing Different Moving Target Defense Techniques , 2014, MTD '14.

[4]  William W. Streilein,et al.  Survey of Cyber Moving Target Techniques , 2013 .

[5]  Brian P. Van Leeuwen,et al.  MTD assessment framework with cyber attack modeling , 2016, 2016 IEEE International Carnahan Conference on Security Technology (ICCST).

[6]  Douglas A. Bodner,et al.  Lessons Learned From Evaluating an Enterprise Modeling Methodology , 2018, IEEE Systems Journal.

[7]  Wei Hu,et al.  Moving target defense: state of the art and characteristics , 2016, Frontiers of Information Technology & Electronic Engineering.

[8]  Nathaniel Evans,et al.  Multiple OS rotational environment an implemented Moving Target Defense , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[9]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[10]  Patrick G. Xavier,et al.  LDRD project final report : hybrid AI/cognitive tactical behavior framework for LVC. , 2012 .

[11]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[12]  Brian P. Van Leeuwen,et al.  Operational cost of deploying Moving Target Defenses defensive work factors , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[13]  Bryan Richardson,et al.  Supervisory Command and Data Acquisition (SCADA) system cyber security analysis using a live, virtual, and constructive (LVC) testbed , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[14]  Andreas Tolk,et al.  The Levels of Conceptual Interoperability Model , 2003 .

[15]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[16]  Vincent Urias,et al.  Performing cyber security analysis using a live, virtual, and constructive (LVC) testbed , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.