• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ Journal Issues / Focus on Air Force Research Laboratory’s Information Directorate / Command and Control of Proactive Defense

Command and Control of Proactive Defense

Published in Journal of Cyber Security and Information Systems
Volume: 4 Number: 1 - Focus on Air Force Research Laboratory’s Information Directorate

Authors: David Last, David Myers, Matthew Heffernan, Meghan Caiazzo and Captain Nicholas Paltzer
Posted: 03/08/2016 | Leave a Comment

Background

Recognizing the attacker’s advantage gained with unlimited reconnaissance time, the cyber security research community has responded with the development of MTDs to mitigate this advantage. MTDs provide security by shifting the target system’s attack surface over time. With the target system’s attack surface changing over time, the adversary cannot rely on information gained from previous reconnaissance efforts.

A foundational survey of MTDs by Lincoln Laboratories categorizes these defenses by the system resources they manipulate [1]. Table 1. Description of the five MTD categories in regard to the modification defense type, what type of attack they were designed to defend against and the associated overhead for the general case [1]. shows each MTD category and its associated security benefits and resource impact. This information influences the development of defense configurations.

11
 

 

Table 1. Description of the five MTD categories in regard to the modification defense type, what type of attack they were designed to defend against and the associated overhead for the general case [1].
 

MTDs create new C2 challenges for mission assurance. Mission execution depends on deterministic system behavior, while MTDs create a non-deterministic attack surface. A CSA responsible for the security of a mission system currently does not have quantitative information about the effects of a defensive posture, mission resource requirements, or system vulnerabilities. Therefore, a CSA depends on intuition to develop a defensive posture COA to provide mission assurance. MTDs have the potential for providing enhanced cyber security. However, ad hoc defense deployments are as likely to create an internal denial of service as they are to prevent an external one. This inherent risk requires that various cyber defenses are quantified and characterized prior to deployment.

Metrics

There are many factors to consider when generating a cyber defense configuration. One of the most important factors is a measure of security or resistance to attack. Researchers have tried to develop a generalized method for measuring the security of an information system; Manadhata and Wing developed one of the most comprehensive approaches and codified it in terms of a measurement of the attack surface of the system [2] [3]. In their approach, an attack surface metric for an information system is based on an enumeration of all possible entry and exit points into the system, with each point weighted according to the ease of penetration and the consequences (to the defender) of penetration. This paper leverages this definition of an attack surface.

This attack surface measurement is generated by reasoning over models of a system. Models of the network, available defenses, and information flows that are part of the cyber mission are composed to represent the defender’s area of responsibility. Models of the adversary capabilities and available attack vectors in the system represent threats to system security. The attack vector model represents all possible adversary actions; they are combined to generate an attack graph that describes the system’s vulnerabilities. Different cyber defenses, including MTDs, disrupt different attack steps in the attack graph, reducing the number of attack paths available to the adversary to reach his goal. This attack surface measurement capability is used to reason over these models to characterize different defense configurations.

One of the limitations of building an attack surface metric as described above is the challenge of enumerating all possible attack steps available to an attacker. Attack step models must be based on known software vulnerabilities; however, vulnerabilities discovered in the future will result in new attack steps or change the attacker cost or defender consequences of an existing attack step. Any new attack step changes the attack surface measurement. Therefore, the attack step model must also account for zero-day attacks enabled by previously undiscovered vulnerabilities.

This research also addresses the forecasts for discovering the number, type, and severity of zero-day vulnerabilities. This work leverages previous research on Software Vulnerability Discovery Models [4] [5] to generate zero-day forecasts; Last details the current state of this research [6].

In order to ensure the validity of the attack surface measurements, the defense models must accurately describe the performance and behavior of defenses in an active system. Characterization profiles of these defenses include an analysis of the security they provide, measurement of their impact on system resources, and their potential interoperability issues with other defenses. This process generates characterization profiles for all defenses available to a CSA. These characterization profiles, along with mission information, aid in the generation of defense configurations.

Pages: Page 1 Page 2 Page 3 Page 4

Previous Article:
« Introduction
Next Article:
A Science of Network Configuration »

Bibliography

[1] H. Okhravi, M. Rabe, T. Mayberry, W. Leonard and W. Streilein, “Survey of Cyber Moving Target Techniques,” Massachu

[2] P. K. Manadhata and J. M. Wing, “An attack surface metric,” Software Engineering, IEEE Transactions on, vol. 37, no. 3, pp. 371-386, 2011.

[3] P. Manadhata and J. M. Wing, “Measuring a system’s attack surface,” DTIC Document, 2004.

[4] O. H. Alhazmi and Y. K. Malaiya, “Prediction capabilities of vulnerability discovery models.,” in Reliability and Maintainability Symposium, 2006. RAMS’06. Annual, IEEE, 2006, pp. 86-91.

[5] J. Kim, Y. Malaiya and I. Ray, “Vulnerability discovery in multi-version software systems,” in High Assurance Systems Engineering Symposium, 2007. HASE’07. 10th IEEE, IEEE, 2007, pp. 141-148.

[6] D. Last, “Using Historical Software Vulnerability Data to Forecast Future Vulnerabilities,” in Resilience Week 2015, Proceedings of , Philadelphia, 2015.

[7] M. Carvahlo, T. C. Eskridge, K. Ferguson-Walter, N. Paltzer, D. Myers and D. Last, “MIRA: A Support Infrastructure for Cyber Command and Control Operations,” in Resilience Week 2015, Proceedings of, Philadelphia, 2015.

Release Statement

Distribution A: Approved for public release; distribution is unlimited. Case number 88ABW-2015-4680.

Authors

David Last
David Last
David Last earned his Bachelor’s and Doctorate degrees in Electrical and Computer Engineering from Auburn University in Auburn, Alabama. His research interests include computer and network security and resiliency and moving target defenses.
David Myers
David Myers
David Myers received his B.S., M.S., and Ph.D. in Industrial and Systems Engineering from the University at Buffalo, The State University of New York. His research interests are in the application of multi-criteria decision making for military and government domains.
Matthew Heffernan
Matthew Heffernan
Matthew Heffernan received his B.S. in Computer Engineering from Rochester Institute of Technology and is currently pursuing an M.S. in Computer Science from Syracuse University. His most recent research has been in data visualization and command and control systems.
Meghan Caiazzo
Meghan Caiazzo
Meghan Caiazzo received her B.S. in Computer Science and Mathematics from St. Joseph’s College and her M.S. in Cyber Security from New York University Polytechnic School of Engineering.
Captain Nicholas Paltzer
Captain Nicholas Paltzer
Captain Nicholas Paltzer (U.S. Air Force) has been a member of the United States Air Force for more than 20 years and has an extensive background intel e-communications and networking in both fixed base and deployed environments. He received his B.S. from the University of South Florida and his M.S from the Air Force Institute of Technology, both in Computer Engineering.

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Cully Patch

An internal CSIAC SME with a passion for learning, teaching, and supporting the warfighter, Mr. Cully Patch has been a member of the CSIAC staff for 5 years. Cully was instrumental in leading the development and instruction of an extensive course on DoD Cybersecurity Analysis and Reporting (DoDCAR) - a threat-based approach to addressing system cybersecurity. As a senior program manager for cybersecurity and intelligence, Mr. Patch has extensive experience in providing cybersecurity training and education to both university students and military operators. Cully is a retired US Air Force military officer with career accomplishments in the fields of research, Intelligence, cybersecurity operations, planning, and technical course instruction. CSIAC is honored to have Mr. Patch as a subject matter expert, where he leads teams of technologists through problem solving, training program development, scientific and technical information generation, and analysis of complex system requirements.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Securing the Soft Underbelly of a Supercomputer with BPF Probes Series: The CSIAC Podcast
  • Defense Modeling and Simulation (M&S) Catalog: Art of the Possible Series: CSIAC Webinars
  • Explore the Innovare Advancement Center Series: The CSIAC Podcast
  • Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance Series: The CSIAC Podcast
  • Deep Learning for Radio Frequency Target Classification Series: CSIAC Webinars
View all Podcasts

Upcoming Events

Thu 29

Data Connectors Phoenix Virtual Cybersecurity Summit

April 29
Organizer: Data Connectors
636-778-9495
May 17

SANS Purple Team Summit & Training 2021

May 17 - May 28
Organizer: SANS Institute
May 27

DockerCon LIVE 2021

May 27 @ 06:00 - 14:00 EDT
May 28

LayerOne 2021

May 28 - May 30
Oct 18

IEEE Secure Development Conference

October 18 - October 21
Organizer: Institute of Electrical and Electronics Engineers (IEEE)
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT