Markov Modeling of Moving Target Defense Games

We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of a broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multilevel composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies.

[1]  L. Badger,et al.  Security agility for dynamic execution environments , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Shouhuai Xu,et al.  Characterizing the power of moving target defense via cyber epidemic dynamics , 2014, HotSoS '14.

[3]  Harish Sethu,et al.  On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.

[4]  Scott A. DeLoach,et al.  Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense | NIST , 2012 .

[5]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[6]  Robert H. Deng,et al.  On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities , 2009, DIMVA.

[7]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[8]  Fred B. Schneider,et al.  Proactive obfuscation , 2010, TOCS.

[9]  Niall M. Adams,et al.  Dynamic Networks and Cyber-Security , 2016 .

[10]  Paul Ammann,et al.  Data Diversity: An Approach to Software Fault Tolerance , 1988, IEEE Trans. Computers.

[11]  Michael Franz,et al.  On the effectiveness of multi-variant program execution for vulnerability detection and prevention , 2010, MetriSec '10.

[12]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[13]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[14]  Michael Franz,et al.  Reverse Stack Execution in a MultiVariant Execution Environment , 2012 .

[15]  Somesh Jha,et al.  End-to-End Software Diversification of Internet Services , 2011, Moving Target Defense.

[16]  Ehab Al-Shaer,et al.  Security and Resiliency Analytics for Smart Grids , 2016, Advances in Information Security.

[17]  Pratyusa K. Manadhata,et al.  Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[18]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[19]  M. Castro,et al.  Data Randomization , 2008 .

[20]  C. F. Larry Heimann,et al.  Simulation and Game-Theoretic Analysis of an Attacker-Defender Game , 2012, GameSec.

[21]  Jack W. Davidson,et al.  Security through redundant data diversity , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[22]  Leyla Bilge,et al.  G-Free: defeating return-oriented programming through gadget-less binaries , 2010, ACSAC '10.

[23]  Rui Zhuang,et al.  A theory for understanding and quantifying moving target defense , 2015 .

[24]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[25]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[26]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[27]  Joshua Taylor,et al.  A Quantitative Framework for Moving Target Defense Effectiveness Evaluation , 2015, MTD@CCS.

[28]  Margo I. Seltzer,et al.  An architecture a day keeps the hacker away , 2005, CARN.

[29]  Michael Franz,et al.  Runtime Defense against Code Injection Attacks Using Replicated Execution , 2011, IEEE Transactions on Dependable and Secure Computing.

[30]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[31]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[32]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[33]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[34]  Devavrat Shah,et al.  Computing the Stationary Distribution Locally , 2013, NIPS.

[35]  Scott A. DeLoach,et al.  A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems , 2015, MTD@CCS.

[36]  Scott A. DeLoach,et al.  A model for analyzing the effect of moving target defenses on enterprise networks , 2014, CISR '14.

[37]  Ehab Al-Shaer,et al.  Security and Resiliency Analytics for Smart Grids: Static and Dynamic Approaches , 2016 .

[38]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.