More Web Proxy on the site http://driver.im/

research-article

On the Challenges of Effective Movement

Authors:

William StreileinAuthors Info & Claims

MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

Pages 41 - 50

https://doi.org/10.1145/2663474.2663480

Published: 03 November 2014 Publication History

Abstract

Moving Target (MT) defenses have been proposed as a game-changing approach to rebalance the security landscape in favor of the defender. MT techniques make systems less deterministic, less static, and less homogeneous in order to increase the level of effort required to achieve a successful compromise. However, a number of challenges in achieving effective movement lead to weaknesses in MT techniques that can often be used by the attackers to bypass or otherwise nullify the impact of that movement. In this paper, we propose that these challenges can be grouped into three main types: coverage, unpredictability, and timeliness. We provide a description of these challenges and study how they impact prominent MT techniques. We also discuss a number of other considerations faced when designing and deploying MT defenses.

References

[1]

P. Barford and V. Yegneswaran. An inside look at botnets. In M. Christodorescu, S. Jha, D. Maughan, D. Song, and C. Wang, editors, Malware Detection, volume 27 of Advances in Information Security, pages 171--191. Springer US, 2007.

[2]

E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS '03, pages 281--289, New York, NY, USA, 2003. ACM.

Digital Library

[3]

A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh. Hacking blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.

Digital Library

[4]

S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In Proc. of the 17th ACM CCS, pages 559--572, 2010.

Digital Library

[5]

X. Chen. Aslr bypass apocalypse in recent zero-day exploits, 2013.

[6]

DoD. Lightweight portable security, 2014.

[7]

T. Durden. Bypassing pax aslr protection, 2002.

[8]

W. Herlands, T. Hobson, and P. Donovan. Effective entropy: Security-centric metric for memory randomization techniques. In Workshop on Cyber Security Experimentation and Test, 2014.

Digital Library

[9]

T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz. Diversifying the software stack using randomized nop insertion. In Moving Target Defense, pages 151--173. 2013.

[10]

G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security, CCS '03, pages 272--280, New York, NY, USA, 2003. ACM.

Digital Library

[11]

C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Proc. of ACSAC'06, pages 339--348. Ieee, 2006.

Digital Library

[12]

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. Sok: Automated software diversity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.

Digital Library

[13]

D. J. C. MacKay. Information Theory, Inference & Learning Algorithms. Cambridge University Press, New York, NY, USA, 2002.

Digital Library

[14]

P. K. Manadhata and J. M. Wing. An attack surface metric. Software Engineering, IEEE Transactions on, 37(3):371--386, 2011.

Digital Library

[15]

S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound: Highly compatible and complete spatial memory safety for c. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '09, pages 245--258, New York, NY, USA, 2009. ACM.

Digital Library

[16]

S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Cets: Compiler enforced temporal safety for c. In Proceedings of the 2010 International Symposium on Memory Management, ISMM '10, pages 31--40, New York, NY, USA, 2010. ACM.

Digital Library

[17]

Nergal. The advanced return-into-lib(c) exploits (pax case study). Phrack Magazine, 58(4):54, Dec 2001.

[18]

H. Okhravi, A. Comella, E. Robinson, and J. Haines. Creating a cyber moving target for critical infrastructure applications using platform diversity. Elsevier International Journal of Critical Infrastructure Protection, 5:30--39, Mar 2012.

[19]

H. Okhravi, T. Hobson, D. Bigelow, and W. Streilein. Finding focus in the blur of moving-target techniques. IEEE Security & Privacy, 12(2):16--26, Mar 2014.

[20]

PaX. Pax address space layout randomization, 2003.

[21]

G. Portokalidis and A. D. Keromytis. Fast and practical instruction-set randomization for commodity systems. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 41--48, New York, NY, USA, 2010. ACM.

Digital Library

[22]

B. Salamat, A. Gal, and M. Franz. Reverse stack execution in a multi-variant execution environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, 2008.

[23]

J. Seibert, H. Okhravi, and E. Soderstrom. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proc. of the 21st ACM CCS, 2014.

Digital Library

[24]

F. J. Serna. cve-2012-0769, the case of the perfect info leak, 2012.

[25]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. of ACM CCS, pages 552--561, 2007.

Digital Library

[26]

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proc. of ACM CCS, pages 298--307, 2004.

Digital Library

[27]

A. N. Sovarel, D. Evans, and N. Paul. Where's the feeb? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, volume 6, 2005.

Digital Library

[28]

R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter. Breaking the memory secrecy assumption. In Proceedings of EuroSec '09, 2009.

Digital Library

[29]

L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In Proc. of IEEE Symposium on Security and Privacy, 2013.

Digital Library

[30]

M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On the expressiveness of return-into-libc attacks. In Proc. of RAID'11, pages 121--141, 2011.

Digital Library

Cited By

Jalowski ŁZmuda MRawski M(2022)A Survey on Moving Target Defense for Networks: A Practical ViewElectronics10.3390/electronics1118288611:18(2886)Online publication date: 12-Sep-2022
https://doi.org/10.3390/electronics11182886
Alavizadeh HAref SKim DJang-Jaccard J(2022)Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the CloudIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2022.315527210:4(1772-1788)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TETC.2022.3155272
Zheng YLi ZXu XZhao Q(2022)Dynamic defenses in cyber security: Techniques, methods and challengesDigital Communications and Networks10.1016/j.dcan.2021.07.0068:4(422-435)Online publication date: Aug-2022
https://doi.org/10.1016/j.dcan.2021.07.006
Show More Cited By

Index Terms

On the Challenges of Effective Movement
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research has proposed a variety of defenses with differing security, efficiency, and practicality characteristics. Whereas the majority of these solutions focus ...
ILR: Where'd My Gadgets Go?
SP '12: Proceedings of the 2012 IEEE Symposium on Security and Privacy

Through randomization of the memory space and the confinement of code to non-data pages, computer security researchers have made a wide range of attacks against program binaries more difficult. However, attacks have evolved to exploit weaknesses in ...
Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation
MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

November 2014

116 pages

ISBN:9781450331500

DOI:10.1145/2663474

Program Chairs:
Sushil Jajodia
George Mason University
,
Kun Sun
College of William and Mary

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. Department of Defense

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

MTD '14 Paper Acceptance Rate 9 of 16 submissions, 56%;

Overall Acceptance Rate 40 of 92 submissions, 43%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
429
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)4

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jalowski ŁZmuda MRawski M(2022)A Survey on Moving Target Defense for Networks: A Practical ViewElectronics10.3390/electronics1118288611:18(2886)Online publication date: 12-Sep-2022
https://doi.org/10.3390/electronics11182886
Alavizadeh HAref SKim DJang-Jaccard J(2022)Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the CloudIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2022.315527210:4(1772-1788)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TETC.2022.3155272
Zheng YLi ZXu XZhao Q(2022)Dynamic defenses in cyber security: Techniques, methods and challengesDigital Communications and Networks10.1016/j.dcan.2021.07.0068:4(422-435)Online publication date: Aug-2022
https://doi.org/10.1016/j.dcan.2021.07.006
Navas RCuppens FBoulahia Cuppens NToutain LPapadopoulos G(2021)MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoTIEEE Internet of Things Journal10.1109/JIOT.2020.30403588:10(7818-7832)Online publication date: 15-May-2021
https://doi.org/10.1109/JIOT.2020.3040358
Barker JHamada AAzab M(2021)Lightweight Proactive Moving-target Defense for Secure Data Exchange in IoT Networks2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)10.1109/IEMCON53756.2021.9623218(0317-0322)Online publication date: 27-Oct-2021
https://doi.org/10.1109/IEMCON53756.2021.9623218
Chen ZLu YQin JCheng Z(2021)An Optimal Seed Scheduling Strategy Algorithm Applied to Cyberspace Mimic DefenseIEEE Access10.1109/ACCESS.2021.31117359(129032-129050)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3111735
Zhang YMa DSun XChen KLiu F(2020)WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense2020 IEEE International Conference on Web Services (ICWS)10.1109/ICWS49710.2020.00054(364-371)Online publication date: Oct-2020
https://doi.org/10.1109/ICWS49710.2020.00054
Chen GShi GChen LHe XJiang S(2020)A Novel Model of Mimic Defense Based on Minimal L-Order Error ProbabilityIEEE Access10.1109/ACCESS.2020.30248478(180481-180490)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3024847
Guo WWu ZZhang FWu J(2020)Scheduling Sequence Control Method Based on Sliding Window in Cyberspace Mimic DefenseIEEE Access10.1109/ACCESS.2019.29616448(1517-1533)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2019.2961644
Jin HLi ZZou DYuan B(2019)DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based CloudIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.2916666(1-1)Online publication date: 2019
https://doi.org/10.1109/TDSC.2019.2916666
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents