Cyber Defense & Network Assurance (CyberDNA) Center. Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte

Transcription

1 Cyber Defense & Network Assurance (CyberDNA) Center Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte March 5, 2012

2 About CyberDNA Vision CyberDNA Center is to enable assurable and usable security and privacy for a smart open society by making cyber defense provable, measurable, and automated. (1) promoting automated analytics and synthesis of designing, configuration and evaluation of mission oriented security systems, (2) offering leap ahead research by integrating multidisciplinary research from security, networking, reliability, risk management, economical, behavioral and physical world communities, and (3) developing deployable tools to facilitate technology transfer and workforce (students) education and preparation. Application Domains Enterprise & Clouds networks Cyber Physical Systems & Critical infrastructure (e.g., secure systems fir smart planet) Software defined network environment

3 Research Team Scale of Expertise Domains Team Objectives Secure Coding Application Security Policies Security Protocols OS / VM Network MAC Physical Ehab Al-Shaer Bill Chu Heather Lipford Mohamed Shehab Weichao Wang Yongge Wang Xintao Wu Cryptology/ Privacy Integrity Availability/ Dependability Usage / Authorization Usability/ Complexity

4 CyberDNA Research Themes Security Configuration Analytics Automated security Configuration verification, diagnosis and hardening (bottom up approach) Automated configuration synthesis(top down approach) Proactive Security for Smart Grid Moving Target Defense Mutable Random Configurations (Host IP, Routes etc) MTD Effectiveness Analysis Secure Remote Health Care Home based assistant living health care Secure and dependable telesurgery Data Mining and Privacy Usable Security Management of Smart phone access control Social networks privacy interfaces

5 On the Effectiveness of Mutable Hosts for Moving Target Defense TO appear in SIGCOMM SDN 2012

6 MTD (IP Mutation) 3D Goals Attack Distribution completely or partially. Attack Deception (e.g., network mapping or fingerprinting). Attack Deterrence (e.g., slow down worms; increase required scanning) to make attacks more observable. Creating metrics and techniques to measure and evaluate MTD according to these goals is still an open challenging problem.

7 MTD for Countering Reconnaissance Attacks Network reconnaissance is a precursory step for any attackers Reconnaissance Attacks include external scanners, worm scanning, and network mappers. Reconnaissance techniques have many different strategies and parameters. E.g., Many worms propagation techniques exist

8 Objectives Mutation: assign/change hosts virtual IPs (VIP) randomly and synchronously over time while preserving the system requirements. Random mutation to increase the uncertainty on the adversary Frequent mutation to outperform powerful automated scanners Safety: Correct mutation to preserve network configuration integrity Non-intrusiveness: Seamless mutation to minimize service disruption and traffic delays Transparency: Transparent architecture to deploy RHM on existing networks with no significant changes in the end-hosts or network infrastructure.

9 Architecure

10 RHM Optimization Problem Routing delay convergence Unpredictability Non-Similarity Mutation Speed Routing Table Size

11 Evaluation Objectives: How much MTD can protect? Given the scanning model, what is a the probability (θ) of that a MT host will not be identified/infected (Called MTD Protection Effectiveness (MPE)? How MTD parameters (such as speed, address space, random function, etc) can impact MPE? How scanning attack strategies (e.g., hit list, sequential, repeatable random, non repeatable random, intelligent, coordinated) can impact MPE? How to measure/assess the overhead (operational and management) of MTD? Our approach is to answer these questions analytically as well empirically (using simulation), and show that they match! Our ultimate goal is to balance MTD Effectiveness and Overhead.

12 MTD Evaluation Framework Modeling and Analysis We developed a flexible MTD simulator Low Frequency Mutation (LFM) for moving network ID IP address High Frequency Mutation for moving host ID IP address We developed many different classes of scan and worm propagation strategies: Repeatable vs. non Repeatable Random vs. intelligent Decentralized vs. coordinated Simulation Parameters: Network size, K (speed ratio), % of MT hosts,

13 MTD Effeteness with Repeatable Random Worms MTD Increasing MT Speed does not help Infection is inevitable but detectability is significantly increased (4 times)

14 NSF Industry & University Cooperative Research Center (I/UCRC) for Configuration Analytics and Automation (CCAA) 14

15 Universities and Principal Investigators (PI) University of North Carolina at Charlotte (lead) Dr. Ehab Al Shaer George Mason University Dr. Sushil Jajodia University of California Davis Dr. Felix Wu Pending: UNC Chapel Hill and NCSU 15

16 Center for Configuration Analytics and Automation (CCAA) Vision The internationally recognized collaborative research activity focused on configuration analytics and automation for complex information and communication networks/systems. Mission Enabling collaborative industry and government directed research in configuration analytics and automation capabilities and their integration for the efficient, accurate and timely operations management and defense of complex networked information systems and networks; and the encouragement and development of top quality graduates with knowledge and experience in this field. The CCAA objective is to address the pressing challenges and create leap ahead innovative research in configuration analytics and automation to improve manageability, assurability, security and sustainability of the following complex system of systems: Enterprise networking, clouds and data centers, Critical and mission oriented infrastructures Hybrid and cyber physical systems Smart configurable end services Virtual overlays and ubiquitous systems. 16

17 Center for Configuration Analytics and Automation (CCAA) Initial Goals Establish a multi university research Center for Configuration Analytics and Automation under the National Science Foundation s (NSF s) Industry/University Cooperative Research Center (I/UCRC) Program. Begin industry and government center member directed research in the spring of Develop a collaborative framework and research roadmap to advance capabilities for enterprise level configuration management analytics and automated defense of targeted complex ICT environments and systems. Expand the participation in the CCAA activities through inclusion of multidiscipline researchers and members to achieve an integration of new techniques to yield broader commercial interest. 17

18 Center for Configuration Analytics and Automation (CCAA) Benefits to Prospective International Members Unique collaborative environment with academic, industry and government agencies Faculty and Students collaboration Providing opportunity to international universities to attract local industry and share resources Create and direct IP shared specific pre competitive research efforts required in this field. Opportunity to collaboratively guide and support a broad research capability through member developed research initiatives. Participate in a historically successful NSF approach that advances important capabilities needed by critical elements of societies. Influence ongoing research quality and future research efforts through annual advisory board reviews conducted twice a year by members. 18

19 High ROI 10% overhead Cost effective teaming Costeffective Timely problems Usable Deployable Case study Practical CCAA Innovation Long term/leapahead research Multi disciplinary High risk and high payoff High Impact Open source & Tech transfer Standardization Education and workforce 19

20 Examples of Potential Research Project Areas* Configuration Query Language (CQL) for Integrated Management (UNC Charlotte) Closing the Automation Loop (UNC Charlotte) Proactive/Dynamic Configuration Management (George Mason and UNC Charlotte) Security Considerations in Data Center Configuration Management (George Mason and UNC Charlotte) Usable Configurations for Trustworthy Social Informatics (UC Davis & UNC Charlotte) CNS: Configuration Nervous System (UNC Charlotte) Risk based IT Management Analytics (George Mason & UNC Charlotte) Automated Analytics of Smart Critical Infrastructures (UNC Charlotte) Automating Network Design (UNC Charlotte) Social Aware Cloud Computing (George Mason & UNC Charlotte) * See details at 20