Characterizing the power of moving target defense via cyber epidemic dynamics

Moving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and quantitative characterization of the power of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to characterize the power of MTD. We define and investigate two complementary measures that are applicable when the defender aims to deploy MTD to achieve a certain security goal. One measure emphasizes the maximum portion of time during which the system can afford to stay in an undesired configuration (or posture), without considering the cost of deploying MTD. The other measure emphasizes the minimum cost of deploying MTD, while accommodating that the system has to stay in an undesired configuration (or posture) for a given portion of time. Our analytic studies lead to algorithms for optimally deploying MTD.

[1]  Per Larsen,et al.  Diversifying the Software Stack Using Randomized NOP Insertion , 2013, Moving Target Defense.

[2]  Kendrick,et al.  Applications of Mathematics to Medical Problems , 1925, Proceedings of the Edinburgh Mathematical Society.

[3]  M. Mariton,et al.  Jump Linear Systems in Automatic Control , 1992 .

[4]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[5]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[6]  Dan Williams,et al.  IBM Research Report VirtualWires for Live Migrating Virtual Networks across Clouds , 2013 .

[7]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[8]  Jennifer Rexford,et al.  Live migration of an entire network (and its hosts) , 2012, HotNets-XI.

[9]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[10]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[11]  Xiang Yu,et al.  Applying Self-Shielding Dynamics to the Network Architecture , 2013, Moving Target Defense.

[12]  Derek Bruening,et al.  An infrastructure for adaptive dynamic optimization , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[13]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[14]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[15]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[16]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[17]  Alessandro Vespignani,et al.  Epidemic dynamics in finite size scale-free networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[18]  Jack W. Davidson,et al.  ILR: Where'd My Gadgets Go? , 2012, 2012 IEEE Symposium on Security and Privacy.

[19]  M. A. Rami,et al.  Stability Criteria for SIS Epidemiological Models under Switching Policies , 2013, 1306.0135.

[20]  P. Van Mieghem,et al.  Virus Spread in Networks , 2009, IEEE/ACM Transactions on Networking.

[21]  Christos Faloutsos,et al.  Epidemic spreading in real networks: an eigenvalue viewpoint , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[22]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[23]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[24]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[25]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[26]  M. Manhart,et al.  Markov Processes , 2018, Introduction to Stochastic Processes and Simulation.

[27]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[28]  Sotiris Ioannidis,et al.  ASIST: architectural support for instruction set randomization , 2013, CCS.

[29]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[30]  A. M'Kendrick Applications of Mathematics to Medical Problems , 1925, Proceedings of the Edinburgh Mathematical Society.

[31]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[32]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[33]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[34]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[35]  Pratyusa K. Manadhata,et al.  Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[36]  Shouhuai Xu,et al.  Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights , 2012, TAAS.

[37]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[38]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[39]  T. Sideris Ordinary Differential Equations and Dynamical Systems , 2013 .

[40]  Per Larsen,et al.  Librando: transparent code randomization for just-in-time compilers , 2013, CCS.

[41]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[42]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[43]  Daniel Liberzon,et al.  Switching in Systems and Control , 2003, Systems & Control: Foundations & Applications.

[44]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[45]  Angelos D. Keromytis,et al.  On the General Applicability of Instruction-Set Randomization , 2010, IEEE Transactions on Dependable and Secure Computing.

[46]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[47]  Michalis Faloutsos,et al.  Virus Propagation on Time-Varying Networks: Theory and Immunization Algorithms , 2010, ECML/PKDD.

[48]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[49]  Shouhuai Xu,et al.  Adaptive Epidemic Dynamics in Networks , 2013, ACM Trans. Auton. Adapt. Syst..

[50]  XuLi,et al.  Adaptive Epidemic Dynamics in Networks , 2014 .

[51]  Vinod Yegneswaran,et al.  An Attacker-Defender Game for Honeynets , 2009, COCOON.

[52]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[53]  Shouhuai Xu,et al.  A Stochastic Model of Multivirus Dynamics , 2012, IEEE Transactions on Dependable and Secure Computing.

[54]  Elena Gabriela Barrantes,et al.  Known/Chosen Key Attacks against Software Instruction Set Randomization , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[55]  Shouhuai Xu,et al.  Cybersecurity dynamics , 2014, HotSoS '14.

[56]  L. Perko Differential Equations and Dynamical Systems , 1991 .