[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3011883.3011889acmotherconferencesArticle/Chapter ViewAbstractPublication PagesnspwConference Proceedingsconference-collections
research-article
Public Access

I'm not sure if we're okay: uncertainty for attackers and defenders

Published: 26 September 2016 Publication History

Abstract

Asymmetry and uncertainty have been written about at length in the context of computer security. Indeed, many cutting edge defensive techniques provide system protection by relying on attacker uncertainty about certain aspects of the system. However, with these defensive countermeasures, typically the defender has the ability to derive full knowledge of the system (as is the case in, for example, Instruction Set Randomization), but the attacker has limited knowledge.
In this paper, we concern ourselves with the case in which neither the attacker nor the defender have perfect knowledge of the system, but where the level of uncertainty tolerable to both parties is different. In particular, we explore scenarios where the attacker's need for certainty is lower than that of the defender, and ask if non-determinism can be used as a weapon. We provide an example in the malware arena, demonstrating the use of quorum sensing as a potential application of this technique. We argue that this idea of mutual uncertainty is a new paradigm which opens the way to novel solutions in the space.

References

[1]
S. Cabuk, C. E. Brodley, and C. Shields. Ip covert timing channels: design and detection. In Proceedings of the 11th ACM conference on Computer and Communications Security, pages 178--187. ACM, 2004.
[2]
J. Costerton, P. S. Stewart, and E. Greenberg. Bacterial biofilms: a common cause of persistent infections. Science, 284(5418):1318--1322, 1999.
[3]
R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, and K. Levitt. Sanitization models and their limitations. In Proceedings of the 2006 New Security Paradigms Workshop, NPSW '06, pages 41--56, New York, NY, USA, Sep. 2006. ACM.
[4]
F. Esponda and V. M. Guerrero. Surveys with negative questions for sensitive items. Statistics & Probability Letters, 79(24):2456--2461, 2009.
[5]
F. Esponda, K. Huerta, and V. M. Guerrero. A statistical approach to provide individualized privacy for surveys. PLOS ONE, 11(1):e0147314, 2016.
[6]
M. E. Fioravanti and R. Ford. Bacterial quorum sensing for coordination of targeted malware. In 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), 2014, pages 101--108. IEEE, 2014.
[7]
B. K. Hammer and B. L. Bassler. Quorum sensing controls biofilm formation in vibrio cholerae. Molecular Microbiology, 50(1):101--104, 2003.
[8]
A. Houmansadr, C. Brubaker, and V. Shmatikov. The parrot is dead: Observing unobservable network communications. In 2013 IEEE Symposium on Security and Privacy (SP), pages 65--79. IEEE, 2013.
[9]
Y. Huang and A. K. Ghosh. Introducing diversity and uncertainty to create moving attack surfaces for web services. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, volume 54 of Advances in Information Security, pages 131--151, New York, NY, USA, 2011. Springer.
[10]
S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang. Moving target defense: creating asymmetric uncertainty for cyber threats, volume 54. Springer Science & Business Media, 2011.
[11]
M. H. Kang, I. S. Moskowitz, and S. Chincheck. The pump: A decade of covert fun. In Computer Security Applications Conference, 21st Annual, pages 7--pp. IEEE, 2005.
[12]
M. H. Kang, I. S. Moskowitz, and D. C. Lee. A network pump. IEEE Transactions on Software Engineering, 22(5):329--338, 1996.
[13]
B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613--615, 1973.
[14]
K. Lewis. Persister cells, dormancy and infectious disease. Nature Reviews Microbiology, 5(1):48--56, 2007.
[15]
K. Lewis. Persister cells. Annual review of Microbiology, 64:357--372, 2010.
[16]
Q. Liang and W. Xiangsui. Unrestricted warfare. PLA Literature and Arts Publishing House Beijing, 1999.
[17]
N. Möker, C. R. Dean, and J. Tao. Pseudomonas aeruginosa increases formation of multidrug-tolerant persister cells in response to quorum-sensing signaling molecules. Journal of Bacteriology, 192(7):1946--1955, 2010.
[18]
I. S. Moskowitz and M. H. Kang. Discussion of a statistical channel. In Proceedings of IEEE-IMS Workshop on Information Theory and Statistics, Alexandria, VA. Citeseer, 1994.
[19]
W.-L. Ng and B. L. Bassler. Bacterial quorum-sensing network architectures. Annual Review of Genetics, 43:197--222, 2009.
[20]
M. Oram. Determined Adversaries and Targeted Attacks. Technical report, Microsoft Corp., Redmond, WA, USA, June 2012.
[21]
D. Pavlovic. Gaming security by obscurity. In Proceedings of the 2011 workshop on New security paradigms workshop NPSW '11, pages 125--140. ACM, 2011.
[22]
S. T. Rutherford and B. L. Bassler. Bacterial quorum sensing: its role in virulence and possibilities for its control. Cold Spring Harbor Perspectives in Medicine, 2(11):a012427, 2012.
[23]
P. Schöttle and R. Böhme. Game theory and adaptive steganography. IEEE Transactions on Information Forensics and Security, 11(4):760--773, 2016.
[24]
W. Schwartau. Asymmetrical adversaries. Orbis, 44(2):197--205, 2000.
[25]
H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security, pages 298--307. ACM, 2004.
[26]
D. Shah, Z. Zhang, A. B. Khodursky, N. Kaldalu, K. Kurg, and K. Lewis. Persisters: a distinct physiological state of e. coli. BMC Microbiology, 6(1):53, 2006.
[27]
B. Spengler. Pax: The guaranteed end of arbitrary code execution. G-Con2: Mexico City, Mexico, 2003.
[28]
P. Szor. The art of computer virus research and defense. Pearson Education, 2005.
[29]
M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest. Flipit: The game of "stealthy takeover". Cryptology ePrint Archive, Report 2012/103, 2012.
[30]
L. Yao, X. Zi, L. Pan, and J. Li. A study of on/off timing channel based on packet delay distribution. Computers & Security, 28(8):785--794, 2009.

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
NSPW '16: Proceedings of the 2016 New Security Paradigms Workshop
September 2016
113 pages
ISBN:9781450348133
DOI:10.1145/3011883
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • ACSA: Applied Computing Security Assoc
  • The National Science Foundation
  • DELL
  • CISCO

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 September 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. asymmetry
  2. computer security
  3. defense
  4. randomization
  5. uncertainty

Qualifiers

  • Research-article

Funding Sources

Conference

NSPW '16
Sponsor:
  • ACSA
NSPW '16: New Security Paradigms Workshop 2016
September 26 - 29, 2016
Colorado, Granby, USA

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 312
    Total Downloads
  • Downloads (Last 12 months)49
  • Downloads (Last 6 weeks)6
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media