Cyber Security Research Challenges & Approaches National Symposium on Recent Advances in Cyber...
Transcript of Cyber Security Research Challenges & Approaches National Symposium on Recent Advances in Cyber...
Cyber Security ResearchChallenges & Approaches
National Symposium on Recent Advances in Cyber security (RACS- 2013)
6-7th June 2013
Agenda
Cyber Security Challenges Need of indigenous R&D efforts in e-security Classification of security solutions C-DAC’s role - Focus Areas
Research Labs & Thrust Areas e-Security Products / Solutions/ Services Education, Awareness and Training Future Emphasis & On-going Research
Cyber Security Challenges
Typical Security Solution Deployment Scenario
Attack Sophistication vs. Intruder Technical Knowledge
Attack Scenario
Gaining Access
Taking ControlCovering traces
Reconnaissance
Cyber Attack
Types of cyber malware and attack modesMalware: A collective term for all types of malicious code and software
•Exploit– Taking advantage of computer vulnerability to cause unintended or unanticipated behaviour. This
includes gaining control of a computer system. •Virus/worm
– Computer programmes that replicate functional copies of themselves with varying effects ranging from mere annoyance and inconvenience to compromise of the confidentiality or integrity of information. Viruses need to attach themselves to an existing program, worms do not.
•Spyware– Malware that collects information about users without their knowledge.
•Trojan horse– Malicious program that acts in an automatic manner. Trojan horses can make copies of themselves,
steal information, or harm their host computer systems, or allow a hacker remote access to a target computer system.
•DDoS-attack– Attempt to make a computer or network resource unavailable to its intended users, mostly by
saturating the target machine with external communications requests so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.
•Advanced persistent threats– A cyber-attack category, which connotes an attack with a high degree of sophistication and
stealthiness over a prolonged duration of time. The attack objectives typically extend beyond immediate financial gain.
•Botnets (or bots)– A collection of compromised computers connected to the Internet. They run hidden and can be
exploited for further use by the person controlling them remotely.
AdvancedIntrudersDiscover NewVulnerability
CrudeExploit Tools
Distributed
Novice IntrudersUse Crude
Exploit Tools
AutomatedScanning/ExploitTools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Vulnerability Exploit Cycle
Normal Flow
Fabrication
Modification Interception
Interruption
Get it?
Repudiation
No!
No!
Sent it?
Network Security Issues
Requirement
Availability
Integrity Confidentiality
Authenticity Non Repudiation
Network Security Services
Attacks on the Protocol Stack
Specific Challenges
• High Speed Content Analysis• Intrusion Detection, Analysis & Prevention• Malware Research• Efficient Behavior Modeling • Datamining for Security• Attack Analysis & Modeling• Vulnerability & Threat Analysis• End System Security • Cyber Forensics Analysis
Cyber Security Goals and Technologies
Security Tools – More Than Just a Firewall
Authentication and Authorization Technologies•Role-Based Authorization Tools•Password Authentication•Challenge/Response Authentication •Physical/Token Authentication •Smart Card Authentication •Biometric Authentication •Location-Based Authentication•Password Distribution and Management Technologies•Device-to-Device Authentication
Filtering/Blocking/Access Control Technologies •Network Firewalls •Host-based Firewalls •Virtual Networks
Encryption Technologies and Data Validation •Symmetric (Secret) Key Encryption •Public Key Encryption and Key Distribution •Virtual Private Networks (VPNs)
Management, Audit, Measurement, Monitoring, and Detection Tools •Log Auditing Utilities •Virus and Malicious Code Detection Systems •Intrusion Detection Systems •Vulnerability Scanners •Forensics and Analysis Tools (FAT) •Host Configuration Management Tools •Automated Software Management Tools
Industrial Automation and Control Systems Computer Software Server and Workstation Operating Systems Real-time and Embedded Operating Systems Web Technologies
Physical Security Controls •Physical Protection •Personnel Security
Need of indigenous R&D efforts
e-Security Ecosystem
Classification of Security solutions
•Collection
•Detection
•Prevention
•Protection
•Response (Analysis)
e-Security Products / Solutions of C-DAC
Collection Client-Server architecture based Dynamically Configurable Honeynet
Detection Malware Resist Malware Nivarak
Protection
The BharatiyaAFISTM Suite ENSAFE – End System Suraksha Framework STARS - Secure Two factor based Authentication for Remote Systems NAYAN – Network Abhigam niYantrAN USB Pratirodh
Prevention Guard Your Network –N/W Intrusion Prevention System Appliance Malware Prevention System
Response
StegoCheck Face Recognition Software CyberCheck Suite MobileCheck NeSA – Network Session Analyzer Enterprise Forensics System Win-Lift Suite TrueImager TrueLock TrueBack Bridge TrueTraveller
Focus AreasCentre Focus Areas
Bangalore
- Network Security (IDS/ IPS) - PKI and Key Management Systems- Insider Attack Detection- Grid and cloud Security- SCADA Security- Securing hardware systems
Chennai - Cloud Security
Hyderabad
- End Point Security- Malware Analysis and Prevention- Security and Privacy for Ubiquitous Computing- Device Control - Web Application Security- Mobile Security- Cloud and Virtualization Security
Kolkata
- Face Recognition- Network & Information Security - Cyber Forensics - Multimodal Biometrics
Centre Focus Areas
Mohali
- Honeypots / Honeynets- Bot detection
Mumbai
- Biometrics (Fingerprint, voice, Periocular and Iris, Vascular)
Noida- Capacity building through Awareness Generation and Content Creation
Thiruvananthapuram
- Cyber Forensic for Hardware and Software tools- Disk Forensics- Network Forensics- Mobiles and Handheld device Forensics- Live Forensics and Enterprise Forensics
Focus Areas
Research Labs
Title Centre
Industrial Control System Security Research & Cryptology Lab
Bangalore
Cyber Forensic Research Lab Thiruvananthapuram
Cyber Threat Research Lab Mohali
Malware Research LabHyderabad
Public Key Infrastructure (PKI) LabBangalore
Facial Detection Resource LabKolkata
Services
Service Offered @
Cyber Forensic Analysis Thiruvananthapuram
Malware Analysis Hyderabad & Mohali
Penetration Testing & Security Audits Bangalore, Hyderabad & Mohali
Web Application Security Testing Hyderabad
Wireless Security Assessment Hyderabad
Network Abhigam niYantrANProtects internal network from rapidly propagating threats and network misuse
NAYAN addresses the
access control and
authentication requirements
of end systems
Network Abhigam niYantrANProtects internal network from rapidly propagating threats and network misuse
Salient Features
• User and End System Authentication
• End System authentication is based on signature generated from hardware and software configuration
• Desktop Firewall
• Centralized Policy Management
• Automatic Policy Updating
• Role and Time Based Network Access Control
• Activity and Network Log
Detection Based on Runtime Behaviour. All running programs are monitored for a set of critical behaviors that could affect the normal functioning
Malware ResistSimplifying and Strengthening Security
Salient Features & Benefits
Detection Based on Runtime Behaviour
Capability to detect unknown malware based on heuristic technology
Small memory footprint and high detection rate
Co-exists with Anti Virus Solutions
Low False Positive Rate
Easy to Deploy and Use
Malware ResistSimplifying and Strengthening Security
USB PratirodhRegulating removable storage device access
USB Pratirodh is a
software solution
which controls
unauthorized usage
of portable USB
storage devices
USB PratirodhRegulating removable storage device access
Salient Features:
• It provides the facility for an end user to control USB usage on his/her end system
• User authentication • Device Control • Blocks Autorun.inf Malware • Password Protected uninstaller • Co-exists with Antivirus solutions
Guard Your Network (GYN) IPS Features
Performance – 1 Gbps throughputAttack Detection Methods
Signature Based Anomaly Based
Signature based Detection Buffer overflow SQL Injection Cross site scripting Directory Traversal Authentication bypass
attempt Command Execution
Attempt Backdoor detection OS and Protocol based
Attacks Server attacks
• Anomaly detection – Scan
– Flood
– DoS
– DDoS
• Security Analysis– Flow analysis– Threat analysis– Incident analysis– Event Correlation
• Management– Bridge mode operation– Alert generation– Web based GUI
• Anomaly detection – Scan
– Flood
– DoS
– DDoS
• Security Analysis– Flow analysis– Threat analysis– Incident analysis– Event Correlation
• Management– Bridge mode operation– Alert generation– Web based GUI
Intrusion Detection / Prevention Techniques - Overview
Intrusion Detection / Prevention System
Signature Based System Anomaly Based System
Uses Predefined Attack Patterns ( Signatures) Known attacks can be detected reliably with low false positive rate No learning required Unable to detect new attacks Unable to process encrypted packets
Creates a baseline profile of normal activities. Thereafter, any activity that deviates from base line is treated as possible intrusion Capable to detect new attacksSuitable to detect attacks which create variation in traffic patterns Setting a base line for normal activity is challenging
EDGE Features
Network Management
Wide Area Network
Local Area Network
Network Discovery
Active Discovery
Passive Discovery
Network Monitoring
Performance
Security
Traffic Profiling
Host based
Application based
• Anomaly Detection– Statistical based
– Protocol based
• Attack Detection – Scan
– Flood
– DoS
– DDoS
• Fast and light weight • Customized Report Generation
• Anomaly Detection– Statistical based
– Protocol based
• Attack Detection – Scan
– Flood
– DoS
– DDoS
• Fast and light weight • Customized Report Generation
Security Assessment System (SAS)• Vulnerability and threat assessment system for grid. • Conducts network audit • Performs vulnerability and threat assessment. • Visualization of threats and vulnerabilities • Can be customized for generic computer networks• Keeping track of network, cluster ,OS and applications • Provides the details of services and vulnerabilities • Health analysis of the nodes.• Provides various security assessment functions • Facilitates system administrators to be aware of
vulnerabilities• Provides alerts for applying patches for identified
vulnerabilities• Report generation
Cyber Forensics
• Cyber Forensics activities were started at CDAC Thiruvananthapuram in 2002 by establishing a Resource Centre for Cyber Forensics under the initiatives on cyber security by DIT
• Research objectives are– Development of cyber forensics tools– Provide state-of-the-art training to User Agencies– Provide technical support to User Agencies by
analyzing cyber crimes
Apr 19, 2023
Resource Centre for Cyber Forensics 41
Major Research Areas
• Disk Forensics• FAT, NTFS, Ex2fs, UFS, MAC, etc• Network Forensics• Email, Log Analysis, Packet Analysis
• Device Forensics• GSM/CDMA phones, PDA, Smart Phones
• Software / Financial Fraud Forensics• IPR, Database, etc
• Enterprise Forensics
Details on ready to use solutions/ Products and user agencies identified
• Ready to use Solutions / Products:1. CyberCheck Suite –
• TrueBack - Tool for Disk Imaging• CyberCheck – Tool for Data Recovery, Evidence Analysis and
Reporting.
2. NetForce Suite – • CyberInvestigator - Tool for Log Analysis• NeSA – Tool for Network Session Re-construction and Analysis
3. Enterprise Forensics System
4. MobileCheck – Tool for Device Forensics
5. TrueImager – H/W based high-speed disk imaging tool
6. TrueLock – H/W based drive lock for IDE devices
7. TrueTraveller – Portable CF Analysis workstation
E-Security in the Industrial Control Systems (ICS)• Cryptography and key management
– Research into uniquely secure and diverse escrow schemes and supporting key-management & cryptography in smartgrid.
• Advanced topics in cryptography– Research in privacy-enhancing cryptographic algorithms (homomorphic encryptions),
cryptographic in-network aggregation schemes, Identity-based encryption, access control without a mediated, trusted third party, etc.
• Architecting for bounded recovery & reaction– Research in different elasticity, tolerance and recovery mechanisms to study the timeliness of the
steady state of the system.
• Architecting real-time security– Research in this area should provide strategies for minimizing and making predictable the timing
impacts of security protections.
• Resiliency management and decision support– Model to measure & identify the scope of cyber attack and dynamic cyber threat.
• Advanced attack analysis– Research in advanced tools to provide deep analysis of cyber-physical systems.
• Internet usage in smartgrid (DoS/DDoS Resiliency)– Research into the methods to deal with denial of service using internet for specific type of
smartgrid applications.• Security Design & Verification Tools(SD&VT)
– Modeling of smart grid cyber & power systems using formal languages. Data analytics and intelligent methods verification tools.
Stuxnet
• A worm that is believed to be created by US and Israel to target Iran’s Nuclear facilities in 2010
• Spreads via MS-Windows and targets Siemens SCADA (Supervisory Control and Data Acquisition) equipments
• Contains a specialized malware payload that re-programs PLC (Programmable Logic Controller)
SCADA Topology Representation ISA 99 Standard
SCADA Vulnerabilities & Attacks
Architectural vulnerabilities• Weak separation between process network & field network• Lack of authentication among the active components
Security Policy vulnerabilities• Patch management policies • Anti virus update policies• Access policies
Software Vulnerabilities• Buffer overflows• SQL-injection• Format string• Web-application vulnerabilities
Communication Protocols Vulnerabilities in • DNP 3.0 (IP based)• IEC 870-part 5 101 profile• IEC 870 part 5 104 profile (IP based)• Inter Control Centre Protocol (ICCP, IP based)• ELCOM 90 (IP based, LAN protocol)
Architectural vulnerabilities• Weak separation between process network & field network• Lack of authentication among the active components
Security Policy vulnerabilities• Patch management policies • Anti virus update policies• Access policies
Software Vulnerabilities• Buffer overflows• SQL-injection• Format string• Web-application vulnerabilities
Communication Protocols Vulnerabilities in • DNP 3.0 (IP based)• IEC 870-part 5 101 profile• IEC 870 part 5 104 profile (IP based)• Inter Control Centre Protocol (ICCP, IP based)• ELCOM 90 (IP based, LAN protocol)
SCADA Attack Scenarios
SCADA protocol oriented attacks• Malware DoS Scenario (email-infection, infection through phishing , DoS
worm) • Unauthorized command execution Scenario(normal commands, maintenance
commands)• System Data poisoning• Replay-attacks• Compromised masters
Process network attacks• SCADA Server Denial-of-Service (DoS)• SCADA Server Corruption
– Unauthorized command execution– Data poisoning– System stop
• SCADA Server data flow corruption• HMI corruption
Exchange network attacks• Real Time Databases attacks
– Data poisoning attacks– RT-database shutdown attacks
• Diagnostic Server attacks
SCADA protocol oriented attacks• Malware DoS Scenario (email-infection, infection through phishing , DoS
worm) • Unauthorized command execution Scenario(normal commands, maintenance
commands)• System Data poisoning• Replay-attacks• Compromised masters
Process network attacks• SCADA Server Denial-of-Service (DoS)• SCADA Server Corruption
– Unauthorized command execution– Data poisoning– System stop
• SCADA Server data flow corruption• HMI corruption
Exchange network attacks• Real Time Databases attacks
– Data poisoning attacks– RT-database shutdown attacks
• Diagnostic Server attacks
Multi Agent Based
Security Information Event Management (SIEM)
Multi Agent Based
SIEMTest bed Setup
Corporate Network – Test bed
MTUMTU
RTU 1IEC 870-5-101
RTU 1IEC 870-5-101
Protocol HardenerProtocol Hardener
Protocol HardenerProtocol Hardener
Front End ProcessorFront End Processor
Communication MediumCommunication Medium
RTU 1IEC 870-5-101
RTU 1IEC 870-5-101
Protocol HardenerProtocol Hardener
Protocol HardenerProtocol Hardener
Based on IEC 62351
Standards
Based on IEC 62351
Standards
SCADA Protocol Hardening mechanism for RTUs Compatible with IEC 870-5-101SCADA Protocol Hardening mechanism for RTUs Compatible with IEC 870-5-101
Face Recognition System
CENTRE FOR DEVELOPMENT OF ADVANCED COMPUTING TECHNOLOGY CONCLAVE - 2013
In the context of Machine Vision, a Face Recognition System is a computerized system to identify human faces.
?Facial Database
Query Face
Systems Developed by CDAC
1. Face Verification System : 1:1 match
2. Face Identification System for Watch-list.
Application areas:
• Visitor management system.
• Attendance recording system.
• Access control system.
• Authentication of facial images in electoral roll.
Application areas: (for reduction of search space out of large database)
• Sieving duplicate entry in large database (passport, electoral roll etc.)
• Missing person enquiry.
• Identification of suspect in disguise.Human investigator has to recognize the peer matched face from the
short-listed set of faces.
Sub-disciplines of Information HidingInformation Hiding
Cryptography Covered writing Anonymous communication
Steganography Robust copyright marking
Linguistic Steganography
Technical Steganograph
Fingerprinting Watermarking
Imperceptible Visible
Message Surveillance - Steganography
Cover MediaTypes ( Still
image, Audio, Video, Printed Text and Fax).
Message ~ text or, image to
ensure precise and accurate
communication
Research Areas
Cyber Attack Capturing and Monitoring Technologies– Passive technologies
• Web Application Honeypot• Hybrid Honeynet system• Distributed Honeynet system
– Active technologies• Active Honeypot system for Drive-By-download
attacks Analysis
– Bot detection and Botnet tracking– Malicious website detection– Cyber Attack profiling & attack trend
establishment– Attack Mitigation by development of attack
signatures
www.infosecawareness.in
ISEA Material Developed
Posters for Parents
Parents/TeachersHandbooks Children ComicBook
Posters for Children
Why PKI
• Assurance of the following properties are essential for safe, secure and reliable communication
– Confidentiality: preventing disclosure of information to unauthorized individuals or systems
– Integrity : Data cannot be modified without authorization
– Availability: The information must be available when it is needed
– Authenticity: Ensuring that the user, data, transactions, communications or documents are genuine
– Non-Repudiability: One party of a transaction can not deny having sent/received a transaction
Digital Signature
• A digital signature of a message depends on – the signer (in fact the keys of the signer) and – on the content of the message being signed
• Digital Signatures are verifiable
• To digitally sign an electronic document the signer uses his/her Private key
• To verify a digital signature the verifier uses the signer’s Public key
Signature & Verification
Sender
Receiver
Hashing + Encryption (Private Key) = Signature Creation
Signature + Decryption (Public Key) = Signature Verification (Hashing)
Transmitted Message
Signature
MessageDigest
Hash Function
If these are the same, then the message has not changed
Alice
Jai
MessageDigest
Hash Function
Encrypt
Signature
ExpectedDigest
Decrypt
Veeru
PKI Activities
• Conduct awareness programs for end users of PKI
• Conduct training programs for PKI developers of various platforms
• Conduct specialized programs for PKI Administrators
• Contribute to the adoption of PKI in mobile and ubiquitous environments
• Assist in setup of PKI Resource Centre• Evolve and Compose the PKI Body of
Knowledge
e-Security Products / Solutions of C-DAC
Collection Client-Server architecture based Dynamically Configurable Honeynet
Detection Enterprise Network Management Solution (EDGE) Adrisya – Flow Based Anomaly Detection System Malware Resist
Protection
The BharatiyaAFISTM Suite ENSAFE – End System Suraksha Framework STARS - Secure Two factor based Authentication for Remote Systems NAYAN – Network Abhigam niYantrAN USB Pratirodh
Prevention Guard Your Network –N/W Intrusion Prevention System Appliance Malware Nivarak AppSamvid
Response
StegoCheck Face Recognition Software CyberCheck Suite MobileCheck NeSA – Network Session Analyzer Enterprise Forensics System Win-Lift Suite TrueImager TrueLock TrueBack Bridge TrueTraveller
Research Labs
Title Centre
Cryptanalysis Research Lab Bangalore (KP)
Cyber Forensic Research Lab Thiruvananthapuram
Cyber Threat Research Lab Mohali
Industrial Control System Security Research LabBangalore (KP)
Malware Research Lab Hyderabad
Public Key Infrastructure (PKI) Lab Bangalore (EC)
Steganography Resource Lab Kolkata
Thrust Research Areas
• Advanced Cyber Forensics• Auditing and Security Quality Assurance• Biometrics• Cryptography and Cryptanalysis• Disaster Recovery Solutions• Digital Provenance• Distributed Honeynets• Dynamic Firewall & Network Management • Grid, Cloud and Virtualization Security• Hardware Security Modules• Insider Attack Detection • Intrusion Detection, Prevention & Analysis• Large scale test beds for realistic
experimentation• Large scale Identity management &device
control solutions• Malware and Botnets (analysis, detection
and prevention)• PKI Evaluation Lab & Development• Securing Time Critical Systems (SCADA,
Smart Grid etc)
• Security Visualization• Security Evaluation in SDLC
• Security Metrics and Tools• Securing Cyber Physical Systems (ATMs,
EVMs etc)• Self Adaptive and Self Healing Software
Systems• Software Security and Formal Methods • Steganography and Steganalysis• Survivable Systems• Threat Modeling • Trusted Platform (Hardware and Software)• Unified Threat Management• Usable Security & Privacy• Vulnerability Discovery• Web Security• Whitelisting and Modeling correct software
behavior• Wireless & Mobile Security
Services
Service Offered @
Cyber Forensic Analysis Thiruvananthapuram
Malware Analysis Hyderabad & Mohali
Penetration Testing & Security Audits Bangalore (EC) Hyderabad & Mohali
Web Application Security Testing Hyderabad
Wireless Security Assessment Hyderabad
Online Courses
Name Duration Offered @
PKI Training Programme Self Paced Bangalore (EC)
C-DAC Certified Cyber Security Professional (CCCSP)
Self Paced (3 – 6 Months)
Hyderabad
e-Learning courses on e-Security 4 to 12 weeks Noida
Education and Training Programmes
Training Program Duration Offered @
Full Time Post-Graduate Diploma in Information Security 6 Months
Bangalore (EC) & Mumbai
NESEC (Network Security) 1 Week
Database Security 1 Week
C-HAT (Ethical Hacking) 2 Days
C-NET (Network Administration) 3 Days
C-PET (PKI Application Development) 2 Days
C-SEC (Perimeter Security) 3 Days
Database Security and Auditing 3 Days
Education and Training Programmes
Training Program Duration Offered @
CNSS - Certificate Course on Networking and System Security
22 Weeks
Hyderabad
Network Programming and Security Engineering 2 Weeks
e-Suraksha – A Practical Approach in Network Security
1 Week
Internetworking Devices Security 1 Week
Malware Reverse Engineering Techniques 1 Week
Web Application Security 1 Week
Wireless Security 2 Days
Information Security Awareness for Master Trainers 1 Day
Training Program Duration Offered @
Advanced Diploma in Networking & System Security 26 Weeks
Mohali
Training Program on Network Security Assessment and Proactive Defense
8 Weeks
Training program on Information and Network Security
8 Weeks
Ethical Hacking & Network Defense 6 Weeks
Network Security Engineering 6 Weeks
Perimeter Security Solutions 2 Weeks
Information Security Threat Assessment 2 Weeks
Information Security A Practical Approach 2 Weeks
Security Administration Linux 2 Weeks
Education and Training Programmes
Training Program Duration Offered @
Post Graduate Diploma Programme in Information security
2 Semesters (1 Year)
NoidaCertificate course in Information Security (Noida) 1 Semesters
(6 Months)
Basic Cyber Forensics 3 – 5 Days
ThiruvananthapuramAdvanced Cyber Forensics 2 Weeks
Education and Training Programmes
Future Emphasis
• Scalable, Robust and Standard compliant security solutions• Securing Hardware Systems• Common Criteria Certification • Secure Software engineering & coding practices• End to End Enterprise Security Suite• Gear up for Global Competition• Standardizing the training programmes across centres
Ongoing Research
Ongoing Research• Cyber Forensics• Enhancements in Enterprise Forensics System • Development of Advanced Cyber Forensics Tools
• Tools for Cloud Forensics; Multimedia Forensics; Financial Fraud Analysis; Satellite phones & GPS devices Forensics; Malware Forensics; Data Mining & Visualization
• Embedded & Critical Systems Forensics• Data Recovery from Damaged & Magnetically erased media• Setting up of CF training centre
Cloud Security
Mobile Security
SCADA Security
Ongoing ResearchUTM (Unified Threat Management) Appliance • Stateful Analysis • Intrusion detection and Prevention• Gateway antivirus• Gateway anti-spyware• Content filtering • IPSEC & VPN• Network and Bandwidth Management
Dynamic Firewall• Behaviour model for evolving new firewall rules dynamically• Methods to validate and verify the rules against conflicts, errors and
inconsistency.
Insider Attack Detection• Data collection
• Extensive Logging (Network and Host)• Traffic capture, decode application specific protocols (like HTTP, DNS..)• Collect Vulnerability Assessment information of all hosts
• Behavior Based model• Event Correlation
Moving Towards Trustworthy Systems: R&D Essentials
• “If you are playing a game you can’t win, Change the Game”
• Three game Changing Concepts:– Moving Target (MT) – systems that move in multiple
dimensions to the attacker’s disadvantage and to increase resiliency
– Tailored Trustworthy Spaces (TTS) – Security tailored to the needs of a particular transaction rather than the reverse
– Cybereconomic Incentives- a landscape of incentives that reward good cyber security and ensure that crime does not pay