• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 7
  • 2
  • Tagged with
  • 16
  • 16
  • 16
  • 12
  • 7
  • 5
  • 4
  • 3
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Optimizing a Network Layer Moving Target Defense by Translating Software from Python to C

Hardman, Owen Russell 10 January 2016 (has links)
The security of powerful systems and large networks is often addressed through complex defenses. While these types of defenses offer increased security, they are resource intensive and therefore impractical to implement on many new classes of networked systems, such as mobile phones and small, embedded network infrastructure devices. To provide security for these systems, new defenses must be created that provide highly efficient security. The Moving Target IPv6 Defense (MT6D) is a network layer moving target defense that dynamically changes Internet Protocol version 6 (IPv6) addresses mid-session while still maintaining continuous communication. MT6D was originally written in Python language, but this implementation suffers from severe performance limitations. By translating MT6D from Python to C and taking advantage of operating system specific application programming interfaces (APIs) and optimizations, MT6D can become a viable defense for resource constrained systems. The Python version of MT6D is analyzed initially to determine what functions might be performance bottlenecks that could be performed more efficiently using C. Based on this analysis, specific parts of the Python version are identified for improvement in the C version by either using functionality of the Linux kernel and network stack or by reworking the code in a more efficient way. After this analysis, the information gathered about the Python version is used to write the C version, using methods specific to a moving target defense to capture, analyze, modify, and tunnel packets. Finally, tests are designed and run to compare the performance of the Python and C versions. / Master of Science
2

Evaluating and quantifying the feasibility and effectiveness of whole IT system moving target defenses

Bardas, Alexandru Gavril January 1900 (has links)
Doctor of Philosophy / Computing and Information Sciences / Scott A. DeLoach / Xinming (Simon) Ou / The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity, and raising the costs of their reconnaissance and attack efforts. Intuitively, the idea of applying MTD techniques to a whole IT system should provide enhanced security; however, little research has been done to show that it is feasible or beneficial to the system’s security. This dissertation presents an MTD platform at the whole IT system level in which any component of the IT system can be automatically and reliably replaced with a fresh new one. A component is simply a virtual machine (VM) instance or a cluster of instances. There are a number of security benefits when leveraging such an MTD platform. Replacing a VM instance with a new one with the most up-to-date operating system and applications eliminates security problems caused by unpatched vulnerabilities and all the privileges the attacker has obtained on the old instance. Configuration parameters for the new instance, such as IP address, port numbers for services, and credentials, can be changed from the old ones, invalidating the knowledge the attackers already obtained and forcing them to redo the work to re-compromise the new instance. In spite of these obvious security benefits, building a system that supports live replacement with minimal to no disruption to the IT system’s normal operations is difficult. Modern enterprise IT systems have complex dependencies among services so that changing even a single instance will almost certainly disrupt the dependent services. Therefore, the replacement of instances must be carefully orchestrated with updating the settings of the dependent instances. This orchestration of changes is notoriously error-prone if done manually, however, limited tool support is available to automate this process. We designed and built a framework (ANCOR) that captures the requirements and needs of a whole IT system (in particular, dependencies among various services) and compiles them into a working IT system. ANCOR is at the core of the proposed MTD platform (ANCOR-MTD) and enables automated live instance replacements. In order to evaluate the platform’s practicality, this dissertation presents a series of experiments on multiple IT systems that show negligible (statistically non-significant) performance impacts. To evaluate the platform’s efficacy, this research analyzes costs versus security benefits by quantifying the outcome (sizes of potential attack windows) in terms of the number of adaptations, and demonstrates that an IT system deployed and managed using the proposed MTD platform will increase attack difficulty.
3

Achieving Security and Privacy in the Internet Protocol Version 6 Through the Use of Dynamically Obscured Addresses

Dunlop, Matthew William 24 April 2012 (has links)
Society's increased use of network applications, such as email, social networking, and web browsing, creates a massive amount of information floating around in cyber space. An attacker can collect this information to build a profile of where people go, what their interests are, and even what they are saying to each other. For certain government and corporate entities, the exposure of this information could risk national security or loss of capital. This work identifies vulnerabilities in the way the Internet Protocol version 6 (IPv6) forms addresses. These vulnerabilities provide attackers with the ability to track a node's physical location, correlate network traffic with specific users, and even launch attacks against users' systems. A Moving Target IPv6 Defense (MT6D) that rotates through dynamically obscured network addresses while maintaining existing connections was developed to prevent these addressing vulnerabilities.MT6D is resistant to the IPv6 addressing vulnerabilities since addresses are not tied to host identities and continuously change. MT6D leverages the immense address space of IPv6 to provide an environment that is infeasible to search efficiently. Address obscuration in MT6D occurs throughout ongoing sessions to provide continued anonymity, confidentiality, and security to communicating hosts. Rotating addresses mid-session prevents an attacker from determining that the same two hosts are communicating. The dynamic addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful attack. A proof of concept was developed that demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. Also demonstrated is MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions.This work makes three contributions to the state-of-the-art IPv6 research. First, it fully explores the security vulnerabilities associated with IPv6 address formation and demonstrates them on a production IPv6 network. Second, it provides a method for dynamically rotating network addresses that defeats these vulnerabilities. Finally, a functioning prototype is presented that proves how network addresses can be dynamically rotated without losing established network connections. If IPv6 is to be globally deployed, it must not provide additional attack vectors that expose user information. / Ph. D.
4

Improving the Security, Privacy, and Anonymity of a Client-Server Network through the Application of a Moving Target Defense

Morrell, Christopher Frank 03 May 2016 (has links)
The amount of data that is shared on the Internet is growing at an alarming rate. Current estimates state that approximately 2.5 exabytes of data were generated every day in 2012. This rate is only growing as people continue to increase their on-line presence. As the amount of data grows, so too do the number of people who are attempting to gain access to the data. Attackers try many methods to gain access to information, including a number of attacks that occur at the network layer. A network-based moving target defense is a technique that obfuscates the location of a machine on the Internet by arbitrarily changing its IP address periodically. MT6D is one of these techniques that leverages the size of the IPv6 address space to make it statistically impossible for an attacker to find a specific target machine. MT6D was designed with a number of limitations that include manually generated static configurations and support for only peer to peer networks. This work presents extensions to MT6D that provide dynamically generated configurations, a secure and dynamic means of exchanging configurations, and with these new features, an ability to function as a server supporting a large number of clients. This work makes three primary contributions to the field of network-based moving target defense systems. First, it provides a means to exchange arbitrary information in a way that provides network anonymity, authentication, and security. Second, it demonstrates a technique that gives MT6D the capability to exchange configuration information by only sharing public keys. Finally, it introduces a session establishment protocol that clients can use to establish concurrent connections with an MT6D server. / Ph. D.
5

Micro-Moving Target IPv6 Defense for 6LoWPAN and the Internet of Things

Sherburne, Matthew Gilbert 07 May 2015 (has links)
The Internet of Things (IoT) is composed of billions of sensors and actuators that have varying tasks aimed at making industry, healthcare, and home life more efficient. These sensors and actuators are mainly low-powered and resource-constrained embedded devices with little room for implementing IP security in addition to their main function. With the fact that more of these devices are using IPv6 addressing, we seek to adapt a moving-target defense measure called Moving Target IPv6 Defense for use with embedded devices in order to add an additional layer of security. This adaptation, which we call Micro-Moving Target IPv6 Defense, operates within IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) which is used in IEEE 802.15.4 wireless networks in order to establish IPv6 communications. The purpose of this defense is to obfuscate the communications between a sensor and a server in order to thwart a potential attacker from performing eavesdropping, denial-of-service, or man-in-the-middle attacks. We present our work in establishing this security mechanism and analyze the required control overhead on the wireless network. / Master of Science
6

Strengthening MT6D Defenses with Darknet and Honeypot capabilities

Basam, Dileep Kumar 09 December 2015 (has links)
With the ever increasing adoption of IPv6, there has been a growing concern for security and privacy of IPv6 networks. Mechanisms like the Moving Target IPv6 Defense (MT6D) leverage the immense address space available with the new 128-bit addressing scheme to improve security and privacy of IPv6 networks. MT6D allows participating hosts to hop onto new addresses, that are cryptographically computed, without any disruption to ongoing conversations. However, there is no feedback mechanism in the current MT6D implementation to substantiate the core strength of the scheme i.e., to find an attacker attempting to discover and target any MT6D addresses. This thesis proposes a method to monitor the intruder activity targeting the relinquished addresses to extract information for reinforcing the defenses of the MT6D scheme. Our solution identifies and acquires IPv6 addresses that are being discarded by MT6D hosts on a local network, in addition to monitoring and visualizing the incoming traffic on these addresses. This is essentially equivalent to forming a darknet out of the discarded MT6D addresses. The solution's architecture also includes an ability to deploy a virtual (LXC-based) honeypot on-demand, based on any interesting traffic pattern observed on a discarded address. With this solution in place, we can become cognizant of an attacker trailing an MT6D-host along the address changes, as well as understanding the composition of attack traffic hitting the discarded MT6D addresses. With the honeypot deployment capabilities, the solution can take the conversation forward with the attacker to collect more information on attacker methods and delay further tracking attempts. The solution architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This feature allows the MT6D host to identify any suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution's feasibility and scalability. / Master of Science
7

Reasoning about Moving Target Defense in Attack Modeling Formalisms / Resonemang om Rörligt Målförsvar i Attackmodelleringsformalismer

Ballot, Gabriel January 2022 (has links)
Since 2009, Moving Target Defense (MTD) has become a new paradigm of defensive mechanism that frequently changes the state of the target system to confuse the attacker. This frequent change is costly and leads to a trade-off between misleading the attacker and disrupting the quality of service. Optimizing the MTD activation frequency is necessary to develop this defense mechanism when facing realistic, multi-step attack scenarios. Attack modeling formalisms based on DAG are prominently used to specify these scenarios. It represents the attack goal in the root of a tree that is recursively refined into subgoals to show the different ways the attacker can compromise the system. According to some specific models, the tree is augmented with countermeasures, time, costs, or probabilities. Our contribution is a new DAG-based formalism for MTDs and its translation into a Price Timed Markov Decision Process to find the best activation frequencies against the attacker’s time/cost-optimal strategies. For the first time, MTD activation frequencies are analyzed in a state-of-the-art DAG-based representation. Moreover, this is the first paper that considers the specificity of MTDs in the automatic analysis of attack modeling formalisms. Finally, we present some experimental results using UPPAAL STRATEGO to demonstrate its applicability and relevance. / Sedan 2009 har Moving Target Defense (MTD) blivit ett nytt paradigm av defensiv mekanism som ofta ändrar målsystemets tillstånd för att förvirra angriparen. Denna frekventa förändring är kostsam och leder till en avvägning mellan att vilseleda angriparen och att störa målsystemets tillförlitlighet. Att optimera MTD-aktiveringsfrekvensen är nödvändigt för att utveckla denna försvarsmekanism när man står inför realistiska attackscenarier i flera steg. Attackmodelleringsformalismer baserade på DAG är de främst använda metoderna för att specificera dessa scenarier. Metoden representer attackmålet i roten av ett träd som rekursivt förfinas till delmål för att visa de olika sätt som angriparen kan äventyra systemet. Enligt vissa specifika modeller är trädet utökat med motåtgärder, tid, kostnader eller sannolikheter. Vårt bidrag är en ny DAG-baserad formalism för MTD:er och dess översättning till en Price Timed Markov Decision Process för att hitta de bästa aktiveringsfrekvenserna mot angriparens tids-/kostnadsoptimala strategier. För första gången analyseras MTD-aktiveringsfrekvenser i en toppmodern DAG-baserad representation. Dessutom är detta det första rapporten som överväger specificiteten hos MTD:er i den automatiska analysen av attackmodelleringsformalismer. Slutligen presenterar vi några experimentella resultat med UPPAAL STRATEGO för att visa dess tillämpbarhet och relevans.
8

A theory for understanding and quantifying moving target defense

Zhuang, Rui January 1900 (has links)
Doctor of Philosophy / Computing and Information Sciences / Scott A. DeLoach / The static nature of cyber systems gives attackers a valuable and asymmetric advantage - time. To eliminate this asymmetric advantage, a new approach, called Moving Target Defense (MTD) has emerged as a potential solution. MTD system seeks to proactively change system configurations to invalidate the knowledge learned by the attacker and force them to spend more effort locating and re-locating vulnerabilities. While it sounds promising, the approach is so new that there is no standard definition of what an MTD is, what is meant by diversification and randomization, or what metrics to define the effectiveness of such systems. Moreover, the changing nature of MTD violates two basic assumptions about the conventional attack surface notion. One is that the attack surface remains unchanged during an attack and the second is that it is always reachable. Therefore, a new attack surface definition is needed. To address these issues, I propose that a theoretical framework for MTD be defined. The framework should clarify the most basic questions such as what an MTD system is and its properties such as adaptation, diversification and randomization. The framework should reveal what is meant by gaining and losing knowledge, and what are different attack types. To reason over the interactions between attacker and MTD system, the framework should define key concepts such as attack surface, adaptation surface and engagement surface. Based on that, this framework should allow MTD system designers to decide how to use existing configuration choices and functionality diversification to increase security. It should allow them to analyze the effectiveness of adapting various combinations of different configuration aspects to thwart different types of attacks. To support analysis, the frame- work should include an analytical model that can be used by designers to determine how different parameter settings will impact system security.
9

Moving Target Defense Using Live Migration of Docker Containers

January 2017 (has links)
abstract: Today the information technology systems have addresses, software stacks and other configuration remaining unchanged for a long period of time. This paves way for malicious attacks in the system from unknown vulnerabilities. The attacker can take advantage of this situation and plan their attacks with sufficient time. To protect our system from this threat, Moving Target Defense is required where the attack surface is dynamically changed, making it difficult to strike. In this thesis, I incorporate live migration of Docker container using CRIU (checkpoint restore) for moving target defense. There are 460K Dockerized applications, a 3100% growth over 2 years[1]. Over 4 billion containers have been pulled so far from Docker hub. Docker is supported by a large and fast growing community of contributors and users. As an example, there are 125K Docker Meetup members worldwide. As we see industry adapting to Docker rapidly, a moving target defense solution involving containers is beneficial for being robust and fast. A proof of concept implementation is included for studying performance attributes of Docker migration. The detection of attack is using a scenario involving definitions of normal events on servers. By defining system activities, and extracting syslog in centralized server, attack can be detected via extracting abnormal activates and this detection can be a trigger for the Docker migration. / Dissertation/Thesis / Masters Thesis Computer Science 2017
10

Moving Target Defense for Web Applications

January 2018 (has links)
abstract: Web applications continue to remain as the most popular method of interaction for businesses over the Internet. With it's simplicity of use and management, they often function as the "front door" for many companies. As such, they are a critical component of the security ecosystem as vulnerabilities present in these systems could potentially allow malicious users access to sensitive business and personal data. The inherent nature of web applications enables anyone to access them anytime and anywhere, this includes any malicious actors looking to exploit vulnerabilities present in the web application. In addition, the static configurations of these web applications enables attackers the opportunity to perform reconnaissance at their leisure, increasing their success rate by allowing them time to discover information on the system. On the other hand, defenders are often at a disadvantage as they do not have the same temporal opportunity that attackers possess in order to perform counter-reconnaissance. Lastly, the unchanging nature of web applications results in undiscovered vulnerabilities to remain open for exploitation, requiring developers to adopt a reactive approach that is often delayed or to anticipate and prepare for all possible attacks which is often cost-prohibitive. Moving Target Defense (MTD) seeks to remove the attackers' advantage by reducing the information asymmetry between the attacker and defender. This research explores the concept of MTD and the various methods of applying MTD to secure Web Applications. In particular, MTD concepts are applied to web applications by implementing an automated application diversifier that aims to mitigate specific classes of web application vulnerabilities and exploits. Evaluation is done using two open source web applications to determine the effectiveness of the MTD implementation. Though developed for the chosen applications, the automation process can be customized to fit a variety of applications. / Dissertation/Thesis / Masters Thesis Computer Science 2018

Page generated in 0.0823 seconds