Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism

Cyber defenses based on dynamic platform techniques have been proposed as a way to make systems more resilient to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this work, we first measure the protection provided by a dynamic platform technique on a testbed. The counter-intuitive results obtained from the testbed guide us in identifying and quantifying the major effects contributing to the protection in such a system. Based on the abstract effects, we develop a generalized model of dynamic platform techniques which can be used to quantify their effectiveness. To verify and validate our results, we simulate the generalized model and show that the testbed measurements and the simulations match with small amount of error. Finally, we enumerate a number of lessons learned in our work which can be applied to quantitative evaluation of other defensive techniques.

[1]  Gabriel Rodríguez,et al.  CPPC: a compiler-assisted tool for portable checkpointing of message-passing applications , 2010 .

[2]  Margo I. Seltzer,et al.  An architecture a day keeps the hacker away , 2005, CARN.

[3]  Michael Franz,et al.  Runtime Defense against Code Injection Attacks Using Replicated Execution , 2011, IEEE Transactions on Dependable and Secure Computing.

[4]  Jeannette M. Wing,et al.  A Formal Model for a System's Attack Surface , 2011, Moving Target Defense.

[5]  Nikos E. Mastorakis,et al.  Proceedings of the European Computing Conference , 2009 .

[6]  Lee Badger,et al.  Security agility in response to intrusion detection , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[7]  Arun K. Sood,et al.  Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT) , 2009, 2009 Second International Conference on Dependability.

[8]  Arun K. Sood,et al.  Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security , 2006, J. Networks.

[9]  Michael Franz,et al.  On the effectiveness of multi-variant program execution for vulnerability detection and prevention , 2010, MetriSec '10.

[10]  Michael Franz,et al.  Reverse Stack Execution in a MultiVariant Execution Environment , 2012 .

[11]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[12]  Arun K. Sood,et al.  Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES) , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[13]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[14]  John Nguyen,et al.  Storage: high-availability file server with heartbeat , 2001 .

[15]  Jack W. Davidson,et al.  Strata: A Software Dynamic Translation Infrastructure , 2001 .

[16]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[17]  Yih Huang,et al.  Automating Intrusion Response via Virtualization for Realizing Uninterruptible Web Services , 2009, 2009 Eighth IEEE International Symposium on Network Computing and Applications.

[18]  Tamara Yu,et al.  Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics , 2012 .

[19]  Byoung-Joon Min,et al.  An approach to intrusion tolerance for mission-critical services using adaptability and diverse replication , 2004, Future Gener. Comput. Syst..

[20]  Valeri Mladenov,et al.  Modeling Diversity in Recovery Computer Systems , 2009 .

[21]  Jean Arlat,et al.  Dependability Modeling and Evaluation of Software Fault-Tolerant Systems , 1990, IEEE Trans. Computers.

[22]  Kirill Kolyshkin,et al.  VIRTUALIZATION IN LINUX , 2006 .

[23]  Tim Burke,et al.  A high-availability clustering architecture with data integrity guarantees , 2001, Proceedings 42nd IEEE Symposium on Foundations of Computer Science.

[24]  Michael Franz,et al.  Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities , 2008, 2008 International Conference on Complex, Intelligent and Software Intensive Systems.

[25]  Arun K. Sood,et al.  Incorruptible system self-cleansing for intrusion tolerance , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[26]  Vincent Nicomette,et al.  The Design of a Generic Intrusion-Tolerant Architecture for Web Servers , 2009, IEEE Transactions on Dependable and Secure Computing.

[27]  Jack W. Davidson,et al.  Security through Diversity: Leveraging Virtual Machine Technology , 2009, IEEE Security & Privacy.

[28]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[29]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[30]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[31]  Michael B. Crouse,et al.  A moving target environment for computer configurations using Genetic Algorithms , 2011, 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG).

[32]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[33]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.