CSIAC

Cyber Security and Information Systems Information Analysis Center

/ Journal Issues / Focus on Air Force Research Laboratory’s Information Directorate / Command and Control of Proactive Defense

Command and Control of Proactive Defense

Published in Journal of Cyber Security and Information Systems
Volume: 4 Number: 1 - Focus on Air Force Research Laboratory’s Information Directorate
Authors: David Last, David Myers, Matthew Heffernan, Meghan Caiazzo and Captain Nicholas Paltzer
| Leave a Comment

Background

Recognizing the attacker’s advantage gained with unlimited reconnaissance time, the cyber security research community has responded with the development of MTDs to mitigate this advantage. MTDs provide security by shifting the target system’s attack surface over time. With the target system’s attack surface changing over time, the adversary cannot rely on information gained from previous reconnaissance efforts.

A foundational survey of MTDs by Lincoln Laboratories categorizes these defenses by the system resources they manipulate [1]. Table 1. Description of the five MTD categories in regard to the modification defense type, what type of attack they were designed to defend against and the associated overhead for the general case [1]. shows each MTD category and its associated security benefits and resource impact. This information influences the development of defense configurations.

11
 

 

Table 1. Description of the five MTD categories in regard to the modification defense type, what type of attack they were designed to defend against and the associated overhead for the general case [1].
 

MTDs create new C2 challenges for mission assurance. Mission execution depends on deterministic system behavior, while MTDs create a non-deterministic attack surface. A CSA responsible for the security of a mission system currently does not have quantitative information about the effects of a defensive posture, mission resource requirements, or system vulnerabilities. Therefore, a CSA depends on intuition to develop a defensive posture COA to provide mission assurance. MTDs have the potential for providing enhanced cyber security. However, ad hoc defense deployments are as likely to create an internal denial of service as they are to prevent an external one. This inherent risk requires that various cyber defenses are quantified and characterized prior to deployment.

Metrics

There are many factors to consider when generating a cyber defense configuration. One of the most important factors is a measure of security or resistance to attack. Researchers have tried to develop a generalized method for measuring the security of an information system; Manadhata and Wing developed one of the most comprehensive approaches and codified it in terms of a measurement of the attack surface of the system [2] [3]. In their approach, an attack surface metric for an information system is based on an enumeration of all possible entry and exit points into the system, with each point weighted according to the ease of penetration and the consequences (to the defender) of penetration. This paper leverages this definition of an attack surface.

This attack surface measurement is generated by reasoning over models of a system. Models of the network, available defenses, and information flows that are part of the cyber mission are composed to represent the defender’s area of responsibility. Models of the adversary capabilities and available attack vectors in the system represent threats to system security. The attack vector model represents all possible adversary actions; they are combined to generate an attack graph that describes the system’s vulnerabilities. Different cyber defenses, including MTDs, disrupt different attack steps in the attack graph, reducing the number of attack paths available to the adversary to reach his goal. This attack surface measurement capability is used to reason over these models to characterize different defense configurations.

One of the limitations of building an attack surface metric as described above is the challenge of enumerating all possible attack steps available to an attacker. Attack step models must be based on known software vulnerabilities; however, vulnerabilities discovered in the future will result in new attack steps or change the attacker cost or defender consequences of an existing attack step. Any new attack step changes the attack surface measurement. Therefore, the attack step model must also account for zero-day attacks enabled by previously undiscovered vulnerabilities.

This research also addresses the forecasts for discovering the number, type, and severity of zero-day vulnerabilities. This work leverages previous research on Software Vulnerability Discovery Models [4] [5] to generate zero-day forecasts; Last details the current state of this research [6].

In order to ensure the validity of the attack surface measurements, the defense models must accurately describe the performance and behavior of defenses in an active system. Characterization profiles of these defenses include an analysis of the security they provide, measurement of their impact on system resources, and their potential interoperability issues with other defenses. This process generates characterization profiles for all defenses available to a CSA. These characterization profiles, along with mission information, aid in the generation of defense configurations.

Bibliography

[1] H. Okhravi, M. Rabe, T. Mayberry, W. Leonard and W. Streilein, “Survey of Cyber Moving Target Techniques,” Massachu

[2] P. K. Manadhata and J. M. Wing, “An attack surface metric,” Software Engineering, IEEE Transactions on, vol. 37, no. 3, pp. 371-386, 2011.

[3] P. Manadhata and J. M. Wing, “Measuring a system’s attack surface,” DTIC Document, 2004.

[4] O. H. Alhazmi and Y. K. Malaiya, “Prediction capabilities of vulnerability discovery models.,” in Reliability and Maintainability Symposium, 2006. RAMS’06. Annual, IEEE, 2006, pp. 86-91.

[5] J. Kim, Y. Malaiya and I. Ray, “Vulnerability discovery in multi-version software systems,” in High Assurance Systems Engineering Symposium, 2007. HASE’07. 10th IEEE, IEEE, 2007, pp. 141-148.

[6] D. Last, “Using Historical Software Vulnerability Data to Forecast Future Vulnerabilities,” in Resilience Week 2015, Proceedings of , Philadelphia, 2015.

[7] M. Carvahlo, T. C. Eskridge, K. Ferguson-Walter, N. Paltzer, D. Myers and D. Last, “MIRA: A Support Infrastructure for Cyber Command and Control Operations,” in Resilience Week 2015, Proceedings of, Philadelphia, 2015.

Release Statement

Distribution A: Approved for public release; distribution is unlimited. Case number 88ABW-2015-4680.

Authors

David Last
David Last
David Last earned his Bachelor’s and Doctorate degrees in Electrical and Computer Engineering from Auburn University in Auburn, Alabama. His research interests include computer and network security and resiliency and moving target defenses.
David Myers
David Myers
David Myers received his B.S., M.S., and Ph.D. in Industrial and Systems Engineering from the University at Buffalo, The State University of New York. His research interests are in the application of multi-criteria decision making for military and government domains.
Matthew Heffernan
Matthew Heffernan
Matthew Heffernan received his B.S. in Computer Engineering from Rochester Institute of Technology and is currently pursuing an M.S. in Computer Science from Syracuse University. His most recent research has been in data visualization and command and control systems.
Meghan Caiazzo
Meghan Caiazzo
Meghan Caiazzo received her B.S. in Computer Science and Mathematics from St. Joseph’s College and her M.S. in Cyber Security from New York University Polytechnic School of Engineering.
Captain Nicholas Paltzer
Captain Nicholas Paltzer
Captain Nicholas Paltzer (U.S. Air Force) has been a member of the United States Air Force for more than 20 years and has an extensive background intel e-communications and networking in both fixed base and deployed environments. He received his B.S. from the University of South Florida and his M.S from the Air Force Institute of Technology, both in Computer Engineering.

Reader Interactions

Leave a Comment