Abstract
Designing robust mission-critical systems demands bringing together fault tolerance and security. The emergence of Advanced Persistent Threats (APT) has further added to the challenge of meeting mission assurance goals. Despite the advances in mission survivability, the existing solutions remain ineffective against APTs. In this paper, we propose a novel survivability architecture against APTs in a distributed environment. It involves tamper-resistant and surreptitious detection and node-to-node verification of suspicious events. The solution aims to identify Attacker Intent, Objectives and Strategies (AIOS) and to design targeted recoveries that promote survivability. Its security strength has been theoretically analyzed, while the performance and scalability aspects are measured via simulation. Our simulations demonstrate high scalability with respect to network size and application runtime and the time overhead for long running applications can be easily kept under 1 % of original runtime by carefully adjusting the security strength.
Similar content being viewed by others
References
Bajikar, S. (2002). Trusted Platform Module (TPM) based security on notebook PCs. White Paper, Mobile Platforms Group, Intel Corporation.
Brewer, R. (2014). Advanced persistent threats: minimizing the damage. Network Security, 4, 5–9.
Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., & Thomas, E. (2001). A framework for deception. Computers and Security (IFIP-TC11), pp. 3–40.
Ellison, R. J., Fisher, D. A., Linger, R. C., Lipson, H. F., Longstaff, T. A., & Mead, N. R. (1999). Survivability: protecting your critical systems. IEEE Internet Computing, 3, 55–63.
Gragido, W., & Pirc, J. (2011). Cyber Crime and Espionage: Seven Commonalities of Subversive Multi-vector Threats. Elsevier.
Kamhoua, C., Kwiat, K. A., Chatterjee, M., Park, J. S., & Hurley, P. (2013). Replication and diversity for survivability in cyberspace: a game theoretic approach. In Proceedings of the 8th International Conference on Information Warfare and Security (ICIW), pp. 116.
Kim, G. H., & Spafford, E. H. (1994). The design and implementation of tripwire: a file system integrity checker. In Proc. Second ACM Conference on Computer and Communications Security, pp. 18–29.
Mcwhorter, D. (2013). APT1: exposing one of China’s cyber espionage units. Mandiant Corporation.
Mehresh, R., & Upadhyaya, S. (2012). A deception framework for survivability against next generation cyber attacks. International Conference on Security and Management (SAM).
Mehresh, R., Upadhyaya, S., & Kwiat, K. A. (2010). A multi-step simulation approach toward secure fault tolerant system evaluation. International Workshop on Dependable Network Computing and Mobile Systems (DNCMS) in conjunction with IEEE Symposium on Reliable Distributed Systems, pp. 363–367.
Mehresh, R., Rao, J. J., Upadhyaya, S., Natarajan, S., & Kwiat, K. A. (2011). Tamper-resistant monitoring for securing multi-core environments. International Conference on Security and Management (SAM).
Mehresh, R., Upadhyaya, S., & Kwiat, K. (2012). Secure proactive recovery - a hardware based mission assurance scheme. Journal of Network Forensics, 3(32–48), 2011.
Repik, K. A. (2008). Defeating adversary network intelligence efforts with active cyber defense techniques. No. AFIT/ICW/ENG/08-11, Grad. School of Eng. and Management, Air Force Inst. of Tech.
Schryen, G., Volkamer, M., Ries, S., & Habib, S. M. (2011). A formal approach towards measuring trust in distributed system. In Proceedings of the ACM Symposium on Applied Computing, pp. 1739–1745.
Trusted Computing Group Incorporated. (2007). TCG Software Stack (TSS) Specification version 1.2.
Yuill, J., Denning, D., & Feer, F. (2006). Using deception to hide things from hackers: processes, principles, and techniques. Journal of Information Warfare, 26–40.
Acknowledgments
This research is supported in part by National Science Foundation Grant No. DGE -1241709. A preliminary version of this paper has been presented at the 6th Secure Knowledge Management Conference at Dubai, UAE, December 2014 and a PhD research paper has been presented at the 10th International Conference on Cyber Warfare and Security ICCWS-2015 at Kruger National Park, South Africa, March 2015.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mehresh, R., Upadhyaya, S. Surviving advanced persistent threats in a distributed environment – Architecture and analysis. Inf Syst Front 17, 987–995 (2015). https://doi.org/10.1007/s10796-015-9569-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-015-9569-y