moving target defense in cyber security
DESCRIPTION
Moving Target Defense in Cyber Security. Jianjun “Jeffrey” Zheng July 2014. Moving Target Defense in Cyber Security. Introduction Problems in Current Cyber Security Defense Paradigm Moving Target Defense Concept Current Research on MDT Future Work. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/1.jpg)
Moving Target Defense in Cyber SecurityJianjun “Jeffrey” Zheng
July 2014
![Page 2: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/2.jpg)
Moving Target Defense in Cyber Security
• Introduction• Problems in Current Cyber Security
Defense Paradigm• Moving Target Defense Concept• Current Research on MDT• Future Work
![Page 3: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/3.jpg)
Introduction
Cyber Security Defense Illustration
![Page 4: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/4.jpg)
Current Security Defense
Problems in Current Security Defense Paradigm Passive Reactive Asymmetric in resources and cost Attackers have advantage
![Page 5: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/5.jpg)
Moving Target Defense Approach
Moving Target Defense Approach
![Page 6: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/6.jpg)
Moving Target Defense Approach
Moving Target Defense Approach Based on system diversity
• From stand-alone software to network system• Dynamically change software or system configuration to
add uncertainty, unpredictability, and diversity• Cause system’s attack surface to change continuously• Increase the cost for attackers• As a result, the system is unpredictable to attackers, hard
to be exploited, and is more resilient to attacks
![Page 7: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/7.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Address Space Layout Randomization (ASLR)– Proposed and implemented by Linux PaX project in 2001– Implemented in major OS systems, partially and completely– Can prevent code injection attack– Might be broken by entropy attack
![Page 8: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/8.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Address Space Layout Randomization (ASLR)
![Page 9: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/9.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Address Space Layout Randomization (ASLR)
![Page 10: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/10.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Instruction Set Randomization (ISR)– An execution environment to prevent code injection– Reversible transformation between the processor and main memory
![Page 11: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/11.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Data Randomization– Randomize pointers (XOR pointer with random key)– Randomize memory data (XOR data with random masks)
![Page 12: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/12.jpg)
Moving Target Defense Approach
Moving Target Defense Research System Level
• Compiler-based Randomization– Use compiler to generate multiple functionally equivalent, but
internally different variants of a program
![Page 13: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/13.jpg)
Moving Target Defense Approach
Moving Target Defense Research Application Level
• Diversify and randomize software using installer– Software installed through the special installer will be tagged with a
random key– An execution environment will check and verify the random key – If the key is valid, the software is authorized to execute. Otherwise,
software will not run
![Page 14: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/14.jpg)
Moving Target Defense Approach
Moving Target Defense Research Application Level
• Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting
– SELECT id, name, description FROM products WHERE productid=$value
– 99999 OR 1=1– SELECT id, name, description FROM products WHERE
productid=99999 OR 1=1
![Page 15: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/15.jpg)
Moving Target Defense Approach
Moving Target Defense Research Application Level
• Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting
– Rewrites all keywords with a random key appended– After taking user input, removes the random key by using regular
expression check– If the check fails, the query will not be forwarded to database for
execution
![Page 16: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/16.jpg)
Moving Target Defense Approach
Moving Target Defense Research Application Level
• Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting
– SELECT123 id, name, description FROM123 products WHERE123 productid=$value
– 99999 OR 1=1– SELECT123 id, name, description FROM123 products WHERE123
productid=99999 OR 1=1
![Page 17: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/17.jpg)
Moving Target Defense Approach
Moving Target Defense Research Network Level
• Dynamic Resource Mapping System– Randomly change the location of the system where important resources
are stored– A mapping system keeps track of the new locations
![Page 18: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/18.jpg)
Moving Target Defense Approach
Moving Target Defense Research Network Level
• Random Host Mutation– Randomly change host IP address
![Page 19: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/19.jpg)
Moving Target Defense Approach
Moving Target Defense Research Network Level
• Mutable Network (MUTE)– Random address hopping– Random finger printing
![Page 20: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/20.jpg)
Moving Target Defense Approach
Challenges Deployable Minimum impact on mission critical system Scalable
![Page 21: Moving Target Defense in Cyber Security](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56815e99550346895dcd2b46/html5/thumbnails/21.jpg)
Questions?