Static Analysis Opportunities for Improving Agile and Moving Target Defenses
Pages 43 - 44
Abstract
Agile defenses have been proposed to enable systems to change their defensive posture dynamically to thwart attacks. Researchers have suggested a variety of agile defenses that leverage renaming (e.g., for network services), migration (e.g., for cloud instances), variation (e.g., for application configurations), and patching (e.g., for programs), among others. These agile defenses demonstrate promise for achieving a key goal: increasing the cost of launching a successful attack. However, agile defenses also incur non-trivial costs in overhead and/or complexity to defenders as well, leaving defenders hesitant to employ such defenses without further justification for their necessity. A question we examine in this keynote is how to develop techniques that may aid defenders in choosing when to employ agile defenses and which agile defenses to employ.
References
[1]
Stefan Achleitner, Quinn Burke, Patrick McDaniel, Trent Jaeger, Thomas La Porta, and Srikanth Krishnamurthy. 2019. MLSNet: A Policy Complying Multilevel Security Framework for Software Defined Networking. Technical Report INSR-TR-500--2019. Institute of Networking and Security Research, Penn State University.
[2]
Stefan Achleitner, Thomas La Porta, Trent Jaeger, and Patrick McDaniel. 2017. Adversarial Network Forensics in Software Defined Networking. In Proceedings of the 2017 ACM Symposium on SDN Research.
[3]
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Mathias Payer, Srikanth Krishnamurthy, Zhiyun Qian, and Paul Yu. 2019. Employing Attack Graphs for Intrusion Detection. In Proceedings of the 2019 New Security Paradigms Workshop (NSPW).
[4]
Zhen Huang, David Lie, Gang Tan, and Trent Jaeger. 2019. Using Safety Properties to Generate Vulnerability Patches. In Proceedings of the 40th IEEE Symposium on Security and Privacy.
[5]
Kyriakos Ispoglou, Bader Al Bassam, Trent Jaeger, and Mathias Payer. 2018. Block Oriented Programming: Automating Data-Only Attacks. In Proceedings of the 25th ACM Conference on Computer and Communications Security (ACM CCS).
[6]
Shen Liu, Dongrui Zeng, Yongzhe Huang, Frank Capobianco, Stephen McCamant, Trent Jaeger, and Gang Tan. 2019. Program-mandering: Quantitative Privilege Separation. In Proceedings of the 26th ACM Conference on Computer and Communications Security (ACM CCS).
[7]
Patrick McDaniel, Trent Jaeger, Thomas La Porta, Nicolas Papernot, Robert J. Walls, Alexander Kott, Lisa Marvel, Anathram Swami, Prasant Mohapatra, Srikanth Krishnamurthy, and Iulian Neamtiu. 2014. Science and Security of Agility. In Proceedings of the ACM Moving Target Defense Workshop.
[8]
Jonathon Tidswell and Trent Jaeger. 2000. An Access Control Model for Simplifying Constraint Expression. In Proceedings of the ACM Conference on Computer and Communications Security. 154--163.
[9]
Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, and Trent Jaeger. 2014. JIGSAW: Protecting Resource Access by Inferring Programmer Expectations. In Proceedings of the 23rd USENIX Security Symposium.
[10]
Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger. 2012. Integrity Walls: Finding attack surfaces from mandatory access control policies. In 7th ACM Symposium on Information, Computer, and Communications Security (ASIACCS).
Index Terms
- Static Analysis Opportunities for Improving Agile and Moving Target Defenses
Recommendations
Analysis of Concurrent Moving Target Defenses
MTD '18: Proceedings of the 5th ACM Workshop on Moving Target DefenseWhile Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD ...
Hardware Moving Target Defenses against Physical Attacks: Design Challenges and Opportunities
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseThe concept of moving target defense (MTD) has entrenched itself as a viable strategy to reverse the typical asymmetries in cyber warfare. MTDs are technologies that seek to make target systems dynamically change in order to limit the time and ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel ProcessingAbstractWith the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Comments
Information & Contributors
Information
Published In
Copyright © 2020 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 November 2020
Check for updates
Author Tags
Qualifiers
- Keynote
Funding Sources
Conference
CCS '20
Sponsor:
CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security
November 9, 2020
Virtual Event, USA
Acceptance Rates
Overall Acceptance Rate 40 of 92 submissions, 43%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 116Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in