Understanding and quantifying the impact of moving target defenses on computer networks

The goal of this research is to understand and quantify the potential and limitations of moving-target defense (MTD) systems to protect computer networks against the use of general vulnerability exploits to gain unauthorized access. To achieve this goal, we plan to create (1) a set of analytical models to quantify the effectiveness of MTD systems, and (2) a proof-of-concept MTD system that will automatically adapt multiple aspects of the network’s logical and physical configuration. Key research questions we plan to address include

Approach

• Define models to help measure and predict the effectiveness of MTDs
• Explicitly model mission goals, security goals and the network configuration
• Use cloud technology to provide key functionality for system prototype
• Combine purely adaptive and intrusion/vulnerability-driven adaptation

Impact

• Eliminates foreign intelligence services’ current advantage of unlimited time to probe and attack 15,000+ statically defined DoD networks
• Significantly reduces life-spans of persistent and stealthy attacks - even zero-day vulnerabilities
• Makes intrusion detection easier and provides opportunities to track and identify attackers
• Simplifies network management by providing tools to automatically reconfigure the network
• Provides network resilience for traditional failures

Highlights

• Developed prototype MTD system using state-of-the-art cloud and configuration management technologies
• Configures  systems automatically from models
• Theory of MTD defines concepts and formalizes moving target defenses and attacks showing how and why MTDs can thwart various attacks
• Developed models that predict MTD effectiveness – validated with simulation results that show potential benefits of MTD

Publications

• Rui Zhuang, Alexandru G. Bardas, Scott A. DeLoach, and Xinming Ou. A Theory of Cyber Attacks - A Step Towards Analyzing MTD Systems. Proceedings of the Second ACM Workshop on Moving Target Defense (MTD 2015). October 12, 2015, Denver, Colorado, USA
• Yi Cheng, Julia Deng, Jason Li, Scott A. DeLoach, Anoop Singhal, and Xinming Ou. "Metrics of Security." In Cyber Defense and Situational Awareness, pp. 263-295. Springer International Publishing, 2014.
• Rui Zhuang, Scott A. DeLoach, Xinming Ou. Towards a Theory of Moving Target Defense. Proceedings of the First ACM Workshop on Moving Target Defense (MTD 2014) November 3, 2014, Scottsdale, Arizona, USA
• Ian Unruh, Alexandru G. Bardas, Rui Zhuang, Xinming Ou, Scott A. DeLoach. Compiling Abstract Specifications into Concrete Systems – Bringing Order to the Cloud. USENIX Large Installation System Administration (LISA) Conference. November 9-14, 2014. Seattle, WA.
• Scott A. DeLoach, Simon Ou, Rui Zhuang, Su Zhang. Model-driven, Moving-Target Defense for Enterprise Network Security. In Uwe Aßmann, Nelly Bencomo, Gordon Blair, Betty H. C. Cheng, Robert France (eds) Models@run.time. Springer International Publishing, Switzerland. LNCS 8378, pp. 137-161 (in press).
• Rui Zhuang, Scott A. DeLoach, Xinming Ou. A Model for Analyzing the Effect of Moving Target Defenses on Enterprise Networks. Proceedings of the 9th Cyber and Information Security Research Conference April 8 - 10, 2014. Oak Ridge, Tennessee.
• Rui Zhuang, Su Zhang, Alex Bardas, Scott A. DeLoach, Xinming Ou, Anoop Singhal. Investigating the Application of Moving Target Defenses to Network Security. 1^st International Symposium on Resilient Cyber Systems (ISRCS). August 13-15, 2013, San Francisco, CA.
• Justin Yackoski, Jason Li, Scott A. DeLoach, Xinming Ou. Mission-oriented Moving Target Defense Based on Cryptographically Strong Network Dynamics. Proceedings of the 8th Annual Cyber Security and Information Intelligence Research Workshop, Jan 8 - 10, 2013. Oak Ridge, Tennessee.
• Rui Zhuang, Su Zhang, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense. National Symposium on Moving Target Research. June 11, 2012, Annapolis, MD.

Sponsor: AFOSR/NM

Dates: 4/1/2012 - 9/30/2017

Popular News

Dr. DeLoach interview with Eric Chabrow of govInfoSecurity.com

Article in ACM News

K-State Press Release (sidebar, blog)

• UPI
• ACM Tech News
• Info Security Magazine
• Insurance Journal
• Science Daily
• Science Business
• Industrial Safety and Security Source
• ComputerWorld
• Yahoo! Finance
• Homeland Security News Wire
• InfoSec Island
• Digital Forensics Investigators News