New techniques, referred to as moving target defense (MTD), seek to diversify the critical components of homogeneous information systems environments [1,2,3]. By diversifying the attack surface presented to the attacker, the defender can increase the operational costs of the attackers. Moving target defenses can reduce the attacker’s asymmetric advantage by dynamically changing the attack surface at run-time, complicating the attacker’s reconnaissance and exploitation efforts [4]. Moving target defenses encompass emerging methods that seek to make it more difficult for attackers to detect entry points into a system, reduce vulnerabilities, make remaining vulnerability exposures more transient, and decrease the effectiveness of attacks [5].
Organizations may be reluctant to deploy MTD techniques because many MTD measures can potentially negatively impact the network’s mission more than they positively impact security [6]. The inability of many proposed MTD techniques to guarantee that varying the attack surface will enhance security effectiveness presents a major roadblock to the adoption of MTD techniques [7]. Measuring an MTD’s effectiveness, or the degree to which an MTD enhances security while minimizing defender effort, is difficult. Hong and Kim [7] proposed a method to help measure the scalability and adaptability of MTD techniques using a hierarchical attack representation model. According to Hong and Kim’s research, the effectiveness of MTD techniques can be assessed by using a security model to measure changes in the performance and security before and after deploying an MTD. The proposed assessment technique may prove beneficial in measuring the effectiveness of individual techniques at protecting a component in isolation. However, the evaluation of the effectiveness of moving target techniques is further complicated since the attackers need only to exploit the weakest link [8].
Most systems operate with a static configuration, including the network, operating system, and application configurations. An attacker can probe these static systems to locate specific vulnerabilities for which the attacker has an exploit. The static configurations provide the attacker with time to conduct reconnaissance, develop a plan, and launch an attack [2]. Defenders use MTDs to make computer systems more dynamic, thus increasing the difficulty and the cost of cyber-attacks. Moving target defenses change the static nature of the system in various ways including changing properties over time, introducing randomness into the internals of a system to make them less deterministic, and increasing the diversity in the computing environment [8]. Moving target defenses attempt to minimize the advantages of the cyber attacker by introducing variances within the targeted system [2,9]. By dynamically changing the environment, MTDs increase the effort on the part of the attacker while decreasing the attacker’s certainty of success [10].
Techniques for MTD can be categorized by their purpose, either to disrupt exploits or to disrupt reconnaissance. Exploit-targeted MTD techniques work on diversifying processes, communications, operating systems, and programs to disrupt exploitation attempts [2]. Examples of exploit-targeted MTD techniques include randomization of the address space, instruction set, or data in memory. Exploit-targeted techniques typically work at the operating system level and do not require an understanding of the behaviors of the applications these methods protect. Whereas exploit-targeted MTD techniques seek to disrupt exploitation of a vulnerability, reconnaissance-targeted techniques seek to disrupt the attacker’s reconnaissance efforts. Reconnaissance-targeted approaches migrate components and change the attack surface through system reconfiguration using techniques such as temporal and response-based migrations and random changes to network addresses.
Dynamic migration between different platforms assumes that the attacker does not have resources to exploit vulnerabilities for all operating systems [1]. The migration between operating systems can decrease the ability of an attacker to maintain persistence on the target system. Assuming the attacker has limited resources, defenders can leverage temporal platform migration techniques which change the target system over time [9]. Defenders should introduce randomicity into MTDs. Moving target defenses that leverage randomicity can improve defense performance over the use of predictable MTDs [9].
Platform diversity methods change attributes of the operating environment, including the architecture of the instruction set, the process-calling convention, the operating system, and virtual machine, to increase the complexity of compromising the system [11]. The effectiveness of platform diversity defenses is largely related to the calculation of the time it takes an attacker to develop new exploits compared to the duration of the persistence the attacker maintains on the defender’s system [1]. Platform diversity makes the task of compromising a vulnerability more difficult for the attacker. However, platform diversity methods do not address the underlying vulnerability [11].
Concerns with Moving Target Defenses
There are concerns that organizations must address when considering MTD. Many moving target techniques can have negative performance impacts that may be prohibitive [8]. Also, organizations must take care to avoid implementing security solutions, including MTD methods, which add little value, increase operational costs, expand the attack surface, or create issues with existing security components [10].
The use of dynamic platforms can increase the overall attack surface as more components, i.e., more platforms, are exposed to exploitation by an attacker [8]. Platform diversity is not a solution to address all attacks. Platform diversity works best against persistent attacks that seek to disrupt services. The use of platform diversity to combat fast, single-compromise attacks may negatively impact the organization’s security posture [11]. Therefore, organizations must carefully consider the threat model that they face when deploying platform diversity techniques [11]. Deploying platform diversity methods that do not align closely with threat models the organization faces can inadvertently increase the attack surface, thereby decreasing the overall security posture.
References
[10] Atighetchi, M., Benyo, B., Eskridge, T. c., & Last, D. (2016). A decision engine for configuration of proactive defenses: Challenges and concepts. Resilience Week (pp. 8-12). Chicago, IL: IEEE. doi:10.1109/RWEEK.2016.7573299
[11] Carter, K. M., Okhravi, H., & Riordan, J. (2014). Quantitative analysis of active cyber defenses based on temporal platform diversity. OALib Journal. Retrieved from http://arxiv.org/abs/1401.8255v1
[2] Ge, L., Yu, W., Shen, D., Chen, G., Pham, K., Blasch, E., & Lu, C. (2014). Toward effectiveness and agility of network security situational awareness using moving target defense (MTD). SPIE – The International Society for Optical Engineering (pp. 1-9). San Diego, CA: International Society for Optical Engineering. doi:10.1117/12.2050782
[7] Hong, J. B., & Kim, D. S. (2015). Assessing the effectiveness of moving target defenses using security models. IEEE Transactions on Dependable and Secure Computing, 13(2), 163-177. doi:10.1109/TDSC.2015.2443790
[4] Li, Y. (2017). Towards optimal moving target defense – techniques and applications (Doctoral dissertation). Retrieved from ProQuest Dissertations and Theses database. (UMI No. 10284643)
[8] Okhravi, H., Streilein, W. W., & Bauer, K. S. (2016). Moving target techniques: Leveraging uncertainty for cyber defense. Lincoln Laboratory Journal, 22(1), 100-109. Retrieved from https://pdfs.semanticscholar.org/15ea/51017d7395fd9cddd626704d1fc82fc42e3e.pdf
[5] Soule, N., Simidchieva, B., Yaman, F., Loyall, J., Atighetchi, M., Carvalho, M., . . . Myers, D. F. (2015). Quantifying & Minimizing attack surfaces containing moving target defenses. Resilience Week. Philadelphia, PA: IEEE. doi:10.1109/RWEEK.2015.7287449
[3] Wang, H., Li, F., & Chen, S. (2016). Towards cost-effective moving target defense against DDoS and covert channel attacks. ACM Workshop on Moving Target Defense (pp. 15-25). Vienna, Austria: ACM. doi:10.1145/2995272.2995281
[9] Winterrose, M. L., & Carter, K. M. (2014). Strategic evolution of adversaries against temporal platform diversity active cyber defenses. Symposium on Agent Directed Simulation. Tampa, FL: Society for Computer Simulation International. Retrieved from http://dl.acm.org/citation.cfm?id=2665058
[1] Winterrose, M. L., Carter, K. M., Wagner, N., & Streilien, W. W. (2014). Adaptive attacker strategy development against moving target cyber defenses. ModSim World (pp. 1-11). Hampton, VA: ModSim World.
[6] Zaffarano, K., Taylor, J., & Hamilton, S. (2015). A quantitative framework for moving target defense effectiveness evaluation. MTD’15 (pp. 3-10). Denver, CO: Association for Computing Machinery. doi:10.1145/2808475.2808476