Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2014: Research in Attacks, Intrusions and Defenses pp 405–425Cite as

Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8688))

Abstract

Cyber defenses based on dynamic platform techniques have been proposed as a way to make systems more resilient to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this work, we first measure the protection provided by a dynamic platform technique on a testbed. The counter-intuitive results obtained from the testbed guide us in identifying and quantifying the major effects contributing to the protection in such a system. Based on the abstract effects, we develop a generalized model of dynamic platform techniques which can be used to quantify their effectiveness. To verify and validate our results, we simulate the generalized model and show that the testbed measurements and the simulations match with small amount of error. Finally, we enumerate a number of lessons learned in our work which can be applied to quantitative evaluation of other defensive techniques.

This work is sponsored by the Department of Defense under Air Force Contract #FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Networking, F., Research, I.T., (NITRD), D.: Federal Cybersecurity Game-change R&D Themes (2012), http://cybersecurity.nitrd.gov/page/federal-cybersecurity-1

  2. Williams, D., Hu, W., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: Leveraging virtual machine technology. IEEE Security and Privacy 7(1), 26–33 (2009)

    Article  Google Scholar 

  3. Salamat, B., Jackson, T., Wagner, G., Wimmer, C., Franz, M.: Runtime defense against code injection attacks using replicated execution. IEEE Transactions on Dependable and Secure Computing 8(4), 588–601 (2011)

    Article  Google Scholar 

  4. Salamat, B., Gal, A., Jackson, T., Manivannan, K., Wagner, G., Franz, M.: Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities. In: International Conference on Complex, Intelligent and Software Intensive Systems (2008)

    Google Scholar 

  5. Jackson, T., Salamat, B., Wagner, G., Wimmer, C., Franz, M.: On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, vol. 7, pp. 7:1–7:8 (2010)

    Google Scholar 

  6. Holland, D.A., Lim, A.T., Seltzer, M.I.: An architecture a day keeps the hacker away. SIGARCH Comput. Archit. News 33(1), 34–41 (2005)

    Article  Google Scholar 

  7. Okhravi, H., Comella, A., Robinson, E., Haines, J.: Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection 5(1), 30–39 (2012)

    Article  Google Scholar 

  8. Saidane, A., Nicomette, V., Deswarte, Y.: The design of a generic intrusion-tolerant architecture for web servers. IEEE Transactions on Dependable and Secure Computing 6(1), 45–58 (2009)

    Article  Google Scholar 

  9. Bangalore, A., Sood, A.: Securing web servers using self cleansing intrusion tolerance (scit). In: Second International Conference on Dependability, pp. 60 –65 (2009)

    Google Scholar 

  10. Huang, Y., Arsenault, D., Sood, A.: Incorruptible system self-cleansing for intrusion tolerance. In: 25th IEEE International on Performance, Computing, and Communications Conference, IPCCC 2006, vol. 4, p. 496 (April 2006)

    Google Scholar 

  11. Arsenault, D., Sood, A., Huang, Y.: Secure, resilient computing clusters: Self-cleansing intrusion tolerance with hardware enforced security (scit/hes). In: Proceedings of the Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 343–350. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  12. Okhravi, H., Hobson, T., Bigelow, D., Streilein, W.: Finding Focus in the Blur of Moving-Target Techniques. IEEE Security & Privacy (March/April 2014)

    Google Scholar 

  13. Scott, K., Davidson, J.: Strata: A Software Dynamic Translation Infrastructure. Technical Report CS-2001-17 (2001)

    Google Scholar 

  14. Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 89–100. ACM, New York (2007)

    Chapter  Google Scholar 

  15. Salamat, B., Gal, A., Franz, M.: Reverse stack execution in a multi-variant execution environment. In: Workshop on Compiler and Architectural Techniques for Application Reliability and Security (2008)

    Google Scholar 

  16. Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: A secretless framework for security through diversity. In: Proceedings of the 15th Conference on USENIX Security Symposium (2006)

    Google Scholar 

  17. Crouse, M., Fulp, E.: A moving target environment for computer configurations using genetic algorithms. In: 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG), pp. 1–7 (October 2011)

    Google Scholar 

  18. Huang, Y., Ghosh, A.K.: Introducing diversity and uncertainty to create moving attack surfaces for web services. In: Moving Target Defense, pp. 131–151 (2011)

    Google Scholar 

  19. Min, B.J., Choi, J.S.: An approach to intrusion tolerance for mission-critical services using adaptability and diverse replication. Future Gener. Comput. Syst, 303–313 (2004)

    Google Scholar 

  20. Kolyshkin, K.: Virtualization in linux. White paper, OpenVZ (September 2006)

    Google Scholar 

  21. Rodríguez, G., Martín, M.J., González, P., Touriño, J., Doallo, R.: Cppc: A compiler-assisted tool for portable checkpointing of message-passing applications. Concurr. Comput.: Pract. Exper. 22(6), 749–766 (2010)

    Google Scholar 

  22. Lippmann, R.P., Riordan, J.F., Yu, T.H., Watson, K.K.: Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics. Technical report. MIT Lincoln Laboratory (May 2012)

    Google Scholar 

  23. Bangalore, A.K., Sood, A.K.: Securing web servers using self cleansing intrusion tolerance (scit). In: Proceedings of the 2009 Second International Conference on Dependability, pp. 60–65 (2009)

    Google Scholar 

  24. Huang, Y., Arsenault, D., Arun, S.: Incorruptible self-cleansing intrusion tolerance and its application to dns security. A Journal of Networks 1(5), 21–30 (2006)

    Google Scholar 

  25. Huang, Y., Ghosh, A.: Automating intrusion response via virtualization for realizing uninterruptible web services. In: Eighth IEEE International Symposium on Network Computing and Applications, NCA 2009, pp. 114–117 (July 2009)

    Google Scholar 

  26. Blackmon, S., Nguyen, J.: High-availability file server with heartbeat. System Admin. The Journal for UNIX and Linux Systems Administration 10(9) (2001)

    Google Scholar 

  27. Rabbat, R., McNeal, T., Burke, T.: A high-availability clustering architecture with data integrity guarantees. In: IEEE International Conference on Cluster Computing (2001)

    Google Scholar 

  28. Petkac, M., Badger, L.: Security agility in response to intrusion detection. In: 16th Annual Computer Security Applications Conference (ACSAC), vol. 11 (2000)

    Google Scholar 

  29. Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Moving Target Defense, pp. 77–98 (2011)

    Google Scholar 

  30. Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 34th Annual International Symposium on Computer Architecture, ISCA 2007, pp. 494–505. ACM, New York (2007)

    Google Scholar 

  31. Manadhata, P.K., Wing, J.M.: A formal model for a system’s attack surface. In: Moving Target Defense, pp. 1–28 (2011)

    Google Scholar 

  32. Evans, D., Nguyen-Tuong, A., Knight, J.C.: Effectiveness of moving target defenses. In: Moving Target Defense, pp. 29–48 (2011)

    Google Scholar 

  33. Popov, G., Mladenov, V.: Modeling diversity in recovery computer systems. In: Mastorakis, N., Mladenov, V., Kontargyri, V.T. (eds.) Proceedings of the European Computing Conference. LNEE, vol. 27, pp. 223–233. Springer, US (2009)

    Chapter  Google Scholar 

  34. Arlat, J., Kanoun, K., Laprie, J.C.: Dependability modeling and evaluation of software fault-tolerant systems. IEEE Trans. Comput. 39(4), 504–513 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MIT Lincoln Laboratory, USA

    Hamed Okhravi, James Riordan & Kevin Carter

Authors
  1. Hamed Okhravi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. James Riordan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kevin Carter
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Angelos Stavrou

  2. VU University Amsterdam, The Netherlands

    Herbert Bos

  3. Stevens Institute of Technology, NJ, USA

    Georgios Portokalidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Okhravi, H., Riordan, J., Carter, K. (2014). Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11379-1_20

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11378-4

  • Online ISBN: 978-3-319-11379-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation