Understanding and quantifying the impact of moving target defenses on computer networks
The goal of this research is to understand and quantify the potential and limitations of moving-target defense (MTD) systems to protect computer networks against the use of general vulnerability exploits to gain unauthorized access. To achieve this goal, we plan to create (1) a set of analytical models to quantify the effectiveness of MTD systems, and (2) a proof-of-concept MTD system that will automatically adapt multiple aspects of the network’s logical and physical configuration. Key research questions we plan to address include
Approach
-
Define models to help measure and predict the effectiveness of MTDs
-
Explicitly model mission goals, security goals and the network configuration
-
Use cloud technology to provide key functionality for system prototype
-
Combine purely adaptive and intrusion/vulnerability-driven adaptation
Impact
-
Eliminates foreign intelligence services’ current advantage of unlimited time to probe and attack 15,000+ statically defined
DoD networks
-
Significantly reduces life-spans of persistent and stealthy attacks - even zero-day vulnerabilities
-
Makes intrusion detection easier and provides opportunities to track and identify attackers
-
Simplifies network management by providing tools to automatically reconfigure the network
-
Provides network resilience for traditional failures
Highlights
-
Developed prototype MTD system using state-of-the-art cloud and configuration management technologies
-
Configures systems automatically from models
-
Theory of MTD defines concepts and formalizes moving target defenses and attacks showing how and why MTDs can thwart various
attacks
-
Developed models that predict MTD effectiveness – validated with simulation results that show potential benefits of MTD
Publications
- Rui Zhuang, Alexandru G. Bardas, Scott A. DeLoach, and Xinming Ou. A Theory of Cyber Attacks - A Step Towards Analyzing MTD Systems. Proceedings of the Second ACM Workshop on Moving Target Defense (MTD 2015). October 12, 2015, Denver, Colorado, USA
- Yi Cheng, Julia Deng, Jason Li, Scott A. DeLoach, Anoop Singhal, and Xinming Ou. "Metrics of Security." In Cyber Defense and Situational Awareness, pp. 263-295. Springer International Publishing, 2014.
- Rui Zhuang, Scott A. DeLoach, Xinming Ou. Towards a Theory of Moving Target Defense. Proceedings of the First ACM Workshop on Moving Target Defense (MTD 2014) November 3, 2014, Scottsdale, Arizona, USA
- Ian Unruh, Alexandru G. Bardas, Rui Zhuang, Xinming Ou, Scott A. DeLoach. Compiling Abstract Specifications into Concrete Systems – Bringing Order to the Cloud. USENIX Large Installation System Administration (LISA) Conference. November 9-14, 2014. Seattle, WA.
- Scott A. DeLoach, Simon Ou, Rui Zhuang, Su Zhang. Model-driven, Moving-Target Defense for Enterprise Network Security. In Uwe Aßmann, Nelly Bencomo, Gordon Blair, Betty H. C. Cheng, Robert France (eds) Models@run.time. Springer International Publishing, Switzerland. LNCS 8378, pp. 137-161 (in press).
- Rui Zhuang, Scott A. DeLoach, Xinming Ou. A Model for Analyzing the Effect of Moving Target Defenses on Enterprise Networks. Proceedings of the 9th Cyber and Information Security Research Conference April 8 - 10, 2014. Oak Ridge, Tennessee.
- Rui Zhuang, Su Zhang, Alex Bardas, Scott A. DeLoach, Xinming Ou, Anoop Singhal. Investigating the Application of Moving Target Defenses to Network Security. 1st International Symposium on Resilient Cyber Systems (ISRCS). August 13-15, 2013, San Francisco, CA.
- Justin Yackoski, Jason Li, Scott A. DeLoach, Xinming Ou. Mission-oriented Moving Target Defense Based on Cryptographically Strong Network Dynamics. Proceedings of the 8th Annual Cyber Security and Information Intelligence Research Workshop, Jan 8 - 10, 2013. Oak Ridge, Tennessee.
- Rui Zhuang, Su Zhang, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense. National Symposium on Moving Target Research. June 11, 2012, Annapolis, MD.
Sponsor: AFOSR/NM
Dates: 4/1/2012 - 9/30/2017
Popular News
Dr. DeLoach interview with Eric Chabrow of govInfoSecurity.com
Article in ACM News
K-State Press Release (sidebar, blog)