Combining MTD and Autonomic Systemsmenasce/cs788/slides/TP2-Connell-W-Combinin… · Service...
14
Combining Moving Target Combining Moving Target Combining Moving Target Combining Moving Target Defense with Autonomic Defense with Autonomic Defense with Autonomic Defense with Autonomic Systems Systems Systems Systems Warren Connell 7 Dec 15
Transcript of Combining MTD and Autonomic Systemsmenasce/cs788/slides/TP2-Connell-W-Combinin… · Service...
Combining Moving Target Combining Moving Target Combining Moving Target Combining Moving Target Defense with Autonomic Defense with Autonomic Defense with Autonomic Defense with Autonomic
SystemsSystemsSystemsSystemsWarren Connell
7 Dec 15
Problem / MotivationProblem / MotivationProblem / MotivationProblem / Motivation
• Related to area of Moving Target Defense (MTD)
• Few research papers devoted to effectiveness
• Few devoted to cost/overhead of MTD
• Still fewer related to both
• Security must be balanced with Quality of Service
• Possible with autonomous systems
• Metrics may be too coarse-grained / subjective
• Marry MTD technique with known performance with autonomic techniques for better overall utility
• Practice selection and design of utility functions
Background Background Background Background ////Related Related Related Related WorkWorkWorkWork
• One MTD technique: Randomly reassign roles, VM, hosts, and IP addresses
• Zhuang, Rui, et al. "Simulation-based approaches to studying effectiveness of moving-target network defense." National Symposium on Moving Target Research. 2012.
Background Background Background Background ////Related Related Related Related WorkWorkWorkWork
• Another MTD technique: protect against DDoS attacks by utilizing a rotating layer of secret proxies
• Quan Jia; Kun Sun; Stavrou, A., "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," in Computer Communications and Networks (ICCCN), 2013 22nd International Conference on, pp.1-9, July 30 2013-Aug. 2 2013.
Background Background Background Background ////Related Related Related Related WorkWorkWorkWork
• Combining QoS and Security in a streaming media application for various user preferences:
• Mourad Alia, Marc Lacoste, Ruan He, and Frank Eliassen. 2010. Putting together QoS and security in autonomic pervasive systems. In Proceedings of the 6th ACM workshop on QoS and security for wireless and mobile networks (Q2SWinet '10). ACM, New York, NY, USA, 19-28.
ApproachApproachApproachApproach
• Multiple utility functions:
• Security utility from detection rates of database IDPS
(use exponential average if multiple IDPSs):
• Response time utility from sigmoid based on SLO and parameters from linear queuing model:
• Global utility:
• Alomari, F.; Menasce, D., "An Autonomic Framework for Integrating Security and Quality of Service Support in Databases," in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on, pp.51-60, 20-22 June 2012.
ApproachApproachApproachApproach
• Another MTD technique: dynamically re-map association between addresses and systems
• Uses probabilistic models
• Static case: Probability of successful probe given k draws, v vulnerable machines out of n machines:
• Dynamic case: perfect shuffling (1 / probe attempt)
• Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," in Communications (ICC), 2014 IEEE International Conference on, pp.701-706, 10-14 June 2014
ApproachApproachApproachApproach
• Chances of finding 1 vulnerable computer as network size increases – using perfect shuffling
• Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," in Communications (ICC), 2014 IEEE International Conference on, pp.701-706, 10-14 June 2014
1/e = 0.63
ApproachApproachApproachApproach
• Experimentally determine failure rate as a function of shuffle rate
• Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," in Communications (ICC), 2014 IEEE International Conference on, pp.701-706, 10-14 June 2014
Preliminary Preliminary Preliminary Preliminary Results 1Results 1Results 1Results 1
• Leave U(security) = 1 – (attacker success rate)
• Choose sigmoid parameters for connection loss:
U(loss) = �
����(���)
• δ = 0.95 (SLO)
• σ = -100 (steepness)
• Initially choose α = β = 0.5 for relative weights
• U(g) = α*U(security) + β*U(loss)
Preliminary Results 1Preliminary Results 1Preliminary Results 1Preliminary Results 1
α = β = 0.5 α = 0.75; β = 0.25
α = 0.9; β = 0.1
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0
0.0
5
0.1
0.1
5
0.2
0.2
5
0.3
0.3
5
0.4
0.4
5
0.5
0.5
5
0.6
0.6
5
0.7
0.7
5
0.8
0.8
5
0.9
0.9
5 1
Uti
lity
Shuffle Rate
Utility vs. Shuffle Rate
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
0.45
0.5
0
0.0
5
0.1
0.1
5
0.2
0.2
5
0.3
0.3
5
0.4
0.4
5
0.5
0.5
5
0.6
0.6
5
0.7
0.7
5
0.8
0.8
5
0.9
0.9
5 1
Uti
lity
Shuffle Rate
Utility vs. Shuffle Rate
U(Loss)
U(Security)
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Uti
lity
Shuffle Rate
Preliminary Results 2Preliminary Results 2Preliminary Results 2Preliminary Results 2
• Introduce additional 5% packet loss (α = β = 0.5)
• Utility function compensates by reducing shuffle rate
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0
0.0
5
0.1
0.1
5
0.2
0.2
5
0.3
0.3
5
0.4
0.4
5
0.5
0.5
5
0.6
0.6
5
0.7
0.7
5
0.8
0.8
5
0.9
0.9
5 1
Uti
lity
Shuffle Rate
Utility vs. Shuffle Rate
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0
0.0
5
0.1
0.1
5
0.2
0.2
5
0.3
0.3
5
0.4
0.4
5
0.5
0.5
5
0.6
0.6
5
0.7
0.7
5
0.8
0.8
5
0.9
0.9
5 1
Uti
lity
Shuffle Rate
Utility vs. Shuffle Rate
U(Loss)
U(Security)
ConclusionConclusionConclusionConclusion
• Can combine measures of security effectiveness with QoS in a utility function
• Need objective measure for security effectiveness
• QoS easily measured (connection loss, response time)
• Proper choices of utility function and parameters still require input from domain experts
• Sigmoids may not be required in all cases
SourcesSourcesSourcesSources
• Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of network address shuffling as a moving target defense," in Communications (ICC), 2014 IEEE International Conference on, pp.701-706, 10-14 June 2014.
• Quan Jia; Kun Sun; Stavrou, A., "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," in Computer Communications and Networks (ICCCN), 2013 22nd International Conference on, pp.1-9, July 30 2013-Aug. 2 2013.
• Zhuang, Rui, et al. "Simulation-based approaches to studying effectiveness of moving-target network defense." National Symposium on Moving Target Research. 2012.
• Rui Zhuang; Su Zhang; Bardas, A.; DeLoach, S.A.; Xinming Ou; Singhal, A., "Investigating the application of moving target defenses to network security," in Resilient Control Systems (ISRCS), 2013 6th International Symposium on, pp.162-169, 13-15 Aug. 2013.
• Alomari, F.; Menasce, D., "An Autonomic Framework for Integrating Security and Quality of Service Support in Databases," in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on, pp.51-60, 20-22 June 2012.
• Mourad Alia, Marc Lacoste, Ruan He, and Frank Eliassen. 2010. Putting together QoS and security in autonomic pervasive systems. In Proceedings of the 6th ACM workshop on QoSand security for wireless and mobile networks (Q2SWinet '10). ACM, New York, NY, USA, 19-28.
