Moving Target Defense in Cyber Security

Slides:

Advertisements

Similar presentations

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Advertisements

CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Security+ Guide to Network Security Fundamentals, Third Edition

Crawler-Based Search Engine By: Bryan Chapman, Ryan Caplet, Morris Wright.

SQL Injection and Buffer overflow

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Address Space Layout Permutation

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Attacking Applications: SQL Injection & Buffer Overflows.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.

CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Database Security Lesson Introduction ●Understand the importance of securing data stored in databases ●Learn how the structured nature of data in databases.

Wireless and Mobile Security

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Protecting Software Code By Guards Hoi Chang and Mikhail J. Atallah CERIAS, Purdue University and Arxan Technologies, Inc.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Remix: On-demand Live Randomization

Web Application Security

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Secure Software Confidentiality Integrity Data Security Authentication

Providing Secure Storage on the Internet

Virtualization Layer Virtual Hardware Virtual Networking

Jefferson’s Polygraph

SoK: Automated Software Diversity

CYBER SECURITY SPACE OPERATIONS AND RESILIENCY.

Understanding and Preventing Buffer Overflow Attacks in Unix

Presentation transcript:

Moving Target Defense in Cyber Security Jianjun “Jeffrey” Zheng July 2014

Moving Target Defense in Cyber Security Introduction Problems in Current Cyber Security Defense Paradigm Moving Target Defense Concept Current Research on MDT Future Work

Cyber Security Defense Illustration Introduction Cyber Security Defense Illustration

Current Security Defense Problems in Current Security Defense Paradigm Passive Reactive Asymmetric in resources and cost Attackers have advantage

Moving Target Defense Approach

Moving Target Defense Approach Based on system diversity From stand-alone software to network system Dynamically change software or system configuration to add uncertainty, unpredictability, and diversity Cause system’s attack surface to change continuously Increase the cost for attackers As a result, the system is unpredictable to attackers, hard to be exploited, and is more resilient to attacks

Moving Target Defense Approach Moving Target Defense Research System Level Address Space Layout Randomization (ASLR) Proposed and implemented by Linux PaX project in 2001 Implemented in major OS systems, partially and completely Can prevent code injection attack Might be broken by entropy attack

Moving Target Defense Approach Moving Target Defense Research System Level Address Space Layout Randomization (ASLR)

Moving Target Defense Approach Moving Target Defense Research System Level Address Space Layout Randomization (ASLR)

Moving Target Defense Approach Moving Target Defense Research System Level Instruction Set Randomization (ISR) An execution environment to prevent code injection Reversible transformation between the processor and main memory

Moving Target Defense Approach Moving Target Defense Research System Level Data Randomization Randomize pointers (XOR pointer with random key) Randomize memory data (XOR data with random masks)

Moving Target Defense Approach Moving Target Defense Research System Level Compiler-based Randomization Use compiler to generate multiple functionally equivalent, but internally different variants of a program

Moving Target Defense Approach Moving Target Defense Research Application Level Diversify and randomize software using installer Software installed through the special installer will be tagged with a random key An execution environment will check and verify the random key If the key is valid, the software is authorized to execute. Otherwise, software will not run

Moving Target Defense Approach Moving Target Defense Research Application Level Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting SELECT id, name, description FROM products WHERE productid=$value 99999 OR 1=1 SELECT id, name, description FROM products WHERE productid=99999 OR 1=1

Moving Target Defense Approach Moving Target Defense Research Application Level Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting Rewrites all keywords with a random key appended After taking user input, removes the random key by using regular expression check If the check fails, the query will not be forwarded to database for execution

Moving Target Defense Approach Moving Target Defense Research Application Level Diversify commands to prevent SQL injection attack, command injection attack, and cross-site scripting SELECT123 id, name, description FROM123 products WHERE123 productid=$value 99999 OR 1=1 SELECT123 id, name, description FROM123 products WHERE123 productid=99999 OR 1=1

Moving Target Defense Approach Moving Target Defense Research Network Level Dynamic Resource Mapping System Randomly change the location of the system where important resources are stored A mapping system keeps track of the new locations

Moving Target Defense Approach Moving Target Defense Research Network Level Random Host Mutation Randomly change host IP address

Moving Target Defense Approach Moving Target Defense Research Network Level Mutable Network (MUTE) Random address hopping Random finger printing

Moving Target Defense Approach Challenges Deployable Minimum impact on mission critical system Scalable

Questions?