Combining Moving Target Defense with Autonomic Systems Warren Connell 7 Dec 15
Problem / Motivation Related to area of Moving Target Defense (MTD) Few research papers devoted to effectiveness Few devoted to cost/overhead of MTD Still fewer related to both Security must be balanced with Quality of Service Possible with autonomous systems Metrics may be too coarse-grained / subjective Marry MTD technique with known performance with autonomic techniques for better overall utility Practice selection and design of utility functions
Background / Related Work One MTD technique: Randomly reassign roles, VM, hosts, and IP addresses Zhuang, Rui, et al. "Simulation-based approaches to studying effectiveness of movingtarget network defense." National Symposium on Moving Target Research. 212.
Background / Related Work Another MTD technique: protect against DDoS attacks by utilizing a rotating layer of secret proxies QuanJia; Kun Sun; Stavrou, A., "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," incomputer Communications and Networks (ICCCN), 213 22nd International Conference on, pp.1-9, July 3 213-Aug. 2 213.
Background / Related Work Combining QoSand Security in a streaming media application for various user preferences: MouradAlia, Marc Lacoste, RuanHe, and Frank Eliassen. 21. Putting together QoSand security in autonomic pervasive systems. InProceedings of the 6th ACM workshop on QoSand security for wireless and mobile networks(q2swinet '1). ACM, New York, NY, USA, 19-28.
Approach Multiple utility functions: Security utility from detection rates of database IDPS (use exponential average if multiple IDPSs): Response time utility from sigmoid based on SLO and parameters from linear queuing model: Global utility: Alomari, F.; Menasce, D., "An Autonomic Framework for Integrating Security and Quality of Service Support in Databases," insoftware Security and Reliability (SERE), 212 IEEE Sixth International Conference on, pp.51-6, 2-22 June 212.
Approach Another MTD technique: dynamically re-map association between addresses and systems Uses probabilistic models Static case: Probability of successful probe given k draws, v vulnerable machines out of n machines: Dynamic case: perfect shuffling (1 / probe attempt) Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," incommunications (ICC), 214 IEEE International Conference on, pp.71-76, 1-14 June 214
Approach Chances of finding 1 vulnerable computer as network size increases using perfect shuffling 1/e =.63 Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," incommunications (ICC), 214 IEEE International Conference on, pp.71-76, 1-14 June 214
Approach Experimentally determine failure rate as a function of shuffle rate Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," incommunications (ICC), 214 IEEE International Conference on, pp.71-76, 1-14 June 214
Preliminary Results 1 Leave U(security) = 1 (attacker success rate) Choose sigmoid parameters for connection loss: U(loss) = δ =.95 (SLO) σ= -1 (steepness) ( ) Initially choose α = β =.5 for relative weights U(g) = α*u(security) + β*u(loss)
Preliminary Results 1 Utility.7.6.5.4.3.2 α = β =.5 α =.75; β =.25 Utility vs. Shuffle Rate.5 5.2.25.3.35.4.45.5.55.6.65.7.75.8.85.9.95 1 Shuffle Rate α =.9; β = Utility.4.35.3.25.2 5.5 Utility.5.45.4.35.3.25.2 5.5.2.3.4.5.6.7.8.9 1 Shuffle Rate Utility vs. Shuffle Rate.5 5.2.25.3.35.4.45.5.55.6.65.7.75.8.85.9.95 1 Shuffle Rate U(Loss) U(Security)
Preliminary Results 2 Introduce additional 5% packet loss (α = β =.5) Utility function compensates by reducing shuffle rate Utility.7.6.5.4.3.2 Utility vs. Shuffle Rate.5 5.2.25.3.35.4.45.5.55.6.65.7.75.8.85.9.95 1 Shuffle Rate Utility.35.3.25.2 5.5 Utility vs. Shuffle Rate.5 5.2.25.3.35.4.45.5.55.6.65.7.75.8.85.9.95 1 Shuffle Rate U(Loss) U(Security)
Conclusion Can combine measures of security effectiveness with QoSin a utility function Need objective measure for security effectiveness QoS easily measured (connection loss, response time) Proper choices of utility function and parameters still require input from domain experts Sigmoidsmay not be required in all cases
Sources Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," incommunications (ICC), 214 IEEE International Conference on, pp.71-76, 1-14 June 214. QuanJia; Kun Sun; Stavrou, A., "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," incomputer Communications and Networks (ICCCN), 213 22nd International Conference on, pp.1-9, July 3 213-Aug. 2 213. Zhuang, Rui, et al. "Simulation-based approaches to studying effectiveness of movingtarget network defense." National Symposium on Moving Target Research. 212. RuiZhuang; Su Zhang; Bardas, A.; DeLoach, S.A.; XinmingOu; Singhal, A., "Investigating the application of moving target defenses to network security," inresilient Control Systems (ISRCS), 213 6th International Symposium on, pp.162-169, 13-15 Aug. 213. Alomari, F.; Menasce, D., "An Autonomic Framework for Integrating Security and Quality of Service Support in Databases," insoftware Security and Reliability (SERE), 212 IEEE Sixth International Conference on, pp.51-6, 2-22 June 212. MouradAlia, Marc Lacoste, RuanHe, and Frank Eliassen. 21. Putting together QoSand security in autonomic pervasive systems. In Proceedings of the 6th ACM workshop on QoS and security for wireless and mobile networks(q2swinet '1). ACM, New York, NY, USA, 19-28.