计算机科学技术学报 ›› 2019,Vol. 34 ›› Issue (1): 207-233.doi: 10.1007/s11390-019-1906-z

所属专题: 不能删除 Computer Architecture and Systems Data Management and Data Mining Computer Networks and Distributed Computing

• • 上一篇    下一篇

一项关于移动目标防卫策略的综述:从结构体系视角

Jianjun Zheng and Akbar Siami Namin   

  1. Department of Computer Science, Texas Tech University, Lubbock, Texas 79409, U.S.A.
  • 收稿日期:2018-07-15 修回日期:2018-10-14 出版日期:2019-01-05 发布日期:2019-01-12
  • 作者简介:Jianjun Zheng received his first Master's degree in computer science and his second Master's degree in statistics in 2004 and 2013, respectively, both from Texas Tech University, Lubbock. He is currently a Ph.D. candidate in the Department of Computer Science, Texas Tech University, Lubbock. His research focuses on modeling moving target defense and network defense strategy optimization.
  • 基金资助:
    This project was supported in part by the National Science Foundation of USA under Grant Nos. 1516636 and 1564293.

A Survey on the Moving Target Defense Strategies: An Architectural Perspective

Jianjun Zheng and Akbar Siami Namin   

  1. Department of Computer Science, Texas Tech University, Lubbock, Texas 79409, U.S.A.
  • Received:2018-07-15 Revised:2018-10-14 Online:2019-01-05 Published:2019-01-12
  • About author:Jianjun Zheng received his first Master's degree in computer science and his second Master's degree in statistics in 2004 and 2013, respectively, both from Texas Tech University, Lubbock. He is currently a Ph.D. candidate in the Department of Computer Science, Texas Tech University, Lubbock. His research focuses on modeling moving target defense and network defense strategy optimization.
  • Supported by:
    This project was supported in part by the National Science Foundation of USA under Grant Nos. 1516636 and 1564293.

PDF (PC)

827

补充材料

1

随着网络的复杂性和规模不断增加哦,网络运行的安全防卫管理已成为网络管理者所面临的挑战,并且很多网络设备不能及时升级,容易遭受潜在攻击。此外,现存的网络基础设备的静态特征给攻击者足够时间研究网络的静态配置,并且适时发起精准的攻击,此时安全卫士不得不忙于防卫网络安全。这种不对称,就时间的资金投入而言,已经让攻击者受益高于安全卫士,并且让安全防卫更具有挑战性。这急待新的创新方法解决。移动目标防卫(MTD)属于创新方法之一,落实了网络系统的多样化动态配置,复杂化攻击者可见的具体的攻击表面。因此,MTD策略系统状况不能被攻击者预测,难以被利用,并且应对不同形式的攻击更加灵活。现今,有很多现存的关于不同MTD技术的文献综述,但是,据我们所知,对于结构体系视角的MTD策略或一些新技术,如,物联网(IoT),的关注仍然不足。本文呈现了全网系统结构视角的MTD策略及其运用策略的综合性综述,涵盖了MTD动机,主要MTD概念解释,正在进行的在网络系统每个层面的MTD及其应用的研究工作,提供未来研究机遇的新技术,如,软件定义网络(SDN)和物联网(IoT)。

关键词: 移动目标防卫, 网络安全, 软件定义网络(SDN)

Abstract: As the complexity and the scale of networks continue to grow, the management of the network operations and security defense has become a challenging task for network administrators, and many network devices may not be updated timely, leaving the network vulnerable to potential attacks. Moreover, the static nature of our existing network infrastructure allows attackers to have enough time to study the static configurations of the network and to launch well-crafted attacks at their convenience while defenders have to work around the clock to defend the network. This asymmetry, in terms of time and money invested, has given attackers greater advantage than defenders and has made the security defense even more challenging. It calls for new and innovative ideas to fix the problem. Moving Target Defense (MTD) is one of the innovative ideas which implements diverse and dynamic configurations of network systems with the goal of puzzling the exact attack surfaces available to attackers. As a result, the system status with the MTD strategy is unpredictable to attackers, hard to exploit, and is more resilient to various forms of attacks. There are existing survey papers on various MTD techniques, but to the best of our knowledge, insufficient focus was given on the architectural perspective of MTD strategies or some new technologies such as Internet of Things (IoT). This paper presents a comprehensive survey on MTD and implementation strategies from the perspective of the architecture of the complete network system, covering the motivation for MTD, the explanation of main MTD concepts, ongoing research efforts of MTD and its implementation at each level of the network system, and the future research opportunities offered by new technologies such as Software-Defined Networking (SDN) and Internet of Things (IoT).

Key words: moving target defense, network security, Software-Defined Networking (SDN)

[1] Manadhata P K, Wing J M. An attack surface metric. IEEE Transactions on Software Engineering, 2011, 37(3):371-386.
[2] Zhuang R, Zhang S, DeLoach S A, Ou X M, Singhal A. Simulation-based approaches to studying effectiveness of moving-target network defense. In Proc. National Symposium on Moving Target Research, June 2012, pp.21-26.
[3] Peng W, Li F, Huang C, Zou X. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In Proc. IEEE International Conference on Communications, June 2014, pp.804-809.
[4] Okhravi H, Rabe M A, Mayberry T J, Leonard W G, Hobson T R, Bigelow D, Streilein W W. Survey of cyber moving target techniques. Technical Report, Massachusetts Institute of Technology, 2013. http://www.dtic.mil/dtic/tr/fulltext/u2/a591804.pdf, Sept. 2018.
[5] Cai G l, Wang B S, Hu W, Wang T Z. Moving target defense:State of the art and characteristics. Frontiers of Information Technology & Electronic Engineering, 2016, 17(11):1122-1153.
[6] Lei C, Zhang H Q, Tan J L, Zhang Y C, Liu X H. Moving target defense techniques:A survey. Security and Communication Networks, 2018, Article No. 3759626.
[7] Okhravi H, Comella A, Robinson E, Yannalfo S, Michaleas P, Haines J. Creating a cyber moving target for critical infrastructure applications. In Proc. the 5th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, March 2011, pp.107-123.
[8] Okhravi H, Comella A, Robinson E, Haines J. Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection, 2012, 5(1):30-39.
[9] Barrantes E G, Ackley D H, Forrest S, Palmer T S, Stefanovic D, Zovi D D. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.281-289.
[10] Kc G S, Keromytis A D, Prevelakis V. Countering codeinjection attacks with instruction-set randomization. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.272-280.
[11] Just J E, Cornwell M. Review and analysis of synthetic diversity for breaking monocultures. In Proc. the 2004 ACM Workshop on Rapid Malcode, October 2004, pp.23-32.
[12] Stamp M. Risks of monoculture. Communications of the ACM, March 2004, 47(3):120.
[13] Forrest S, Somayaji A, Ackley D H. Building diverse computer systems. In Proc. the 6th Workshop on Hot Topics in Operating Systems, May 1997, pp.67-72.
[14] Cox B, Evans D, Filipi A, Rowanhill J, Hu W, Davidson J, Knight J, Nguyen-Tuong A, Hiser J. N-variant systems:A secretless framework for security through diversity. In Proc. the 15th Conference on USENIX Security Symposium, July 2006, Article No. 16.
[15] Gherbi A, Charpentier R. Diversity-based approaches to software systems security. In Proc. International Conference on Security Technology, December 2011, pp.228-237.
[16] Neti S, Somayaji A, Locasto M E. Software diversity:Security, entropy and game theory. In Proc. the 7th USENIX Workshop on Hot Topics in Security, August 2012, Article No. 5.
[17] Jacob M, Jakubowski M H, Naldurg P, Saw C W, Venkatesan R. The superdiversifier:Peephole individualization for software protection. In Proc. the 3rd International Workshop on Security, November 2008, pp.100-120.
[18] Antonatos S, Akritidis P, Markatos E P, Anagnostakis K G. Defending against hitlist worms using network address space randomization. In Proc. the 2005 ACM Workshop on Rapid Malcode, November 2005, pp.30-40.
[19] Bangalore A K, Sood A K. Securing web servers using self cleansing intrusion tolerance (SCIT). In Proc. the 2nd International Conference on Dependability, June 2009, pp.60-65.
[20] Boyd S W, Keromytis A D. SQLrand:Preventing SQL injection attacks. In Proc. the 2nd International Conference on Applied Cryptography and Network Security, June 2004, pp.292-302.
[21] Portner J, Kerr J, Chu B. Moving target defense against cross-site scripting attacks (position paper). In Proc. the 7th International Symposium on Foundations and Practice of Security, November 2015, pp.85-91.
[22] Jia Q, Sun K, Stavrou A. MOTAG:Moving target defense against internet denial of service attacks. In Proc. the 22nd International Conference on Computer Communication and Networks, July 2013.
[23] Venkatesan S, Albanese M, Amin K, Jajodia S, Wright M. A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In Proc. IEEE Conference on Communications and Network Security, October 2016, pp.198-206.
[24] Shacham H, Page M, Pfaff B, Goh E J, Modadugu N, Boneh D. On the effectiveness of address-space randomization. In Proc. the 11th ACM Conference on Computer and Communications Security, October 2004, pp.298-307.
[25] Bittau A, Belay A, Mashtizadeh A, Mazières D, Boneh D. Hacking blind. In Proc. IEEE Symposium on Security and Privacy, May 2014, pp.227-242.
[26] Hund R, Willems C, Holz T. Practical timing side channel attacks against kernel space ASLR. In Proc. IEEE Symposium on Security and Privacy, May 2013, pp.191-205.
[27] Seibert J, Okhravi H, Söderström E. Information leaks without memory disclosures:Remote side channel attacks on diversified code. In Proc. the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, pp.54-65.
[28] Pappas V, Polychronakis M, Keromytis A D. Smashing the gadgets:Hindering return-oriented programming using inplace code randomization. In Proc. IEEE Symposium on Security and Privacy, May 2012, pp.601-615.
[29] Wartell R, Mohan V, Hamlen K W, Lin Z Q. Binary stirring:Self-randomizing instruction addresses of legacy x86 binary code. In Proc. the 2012 ACM Conference on Computer and Communications Security, October 2012, pp.157-168.
[30] Snow K Z, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A R. Just-in-time code reuse:On the effectiveness of fine-grained address space layout randomization. In Proc. the 2013 IEEE Symposium on Security and Privacy, May 2013, pp.574-588.
[31] Hu W, Hiser J, Williams D, Filipi A, Davidson J W, Evans D, Knight J C, Nguyen-Tuong A, Rowanhill J. Secure and practical defense against code-injection attacks using software dynamic translation. In Proc. the 2nd International Conference on Virtual Execution Environments, June 2006, pp.2-12.
[32] Porras P. Inside risks:Reflections on Conficker. Communications of the ACM, 2009, 52(10):23-24.
[33] Portokalidis G, Keromytis A D. Global ISR:Toward a comprehensive defense against unauthorized code execution. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.49-76.
[34] Chen L M, Avizienis A. N-version programming:A faulttolerance approach to reliability of software operation. In Proc. the 25th International Symposium on Fault-Tolerant Computing, June 1995, pp.113-119.
[35] Massalin H. Superoptimizer:A look at the smallest program. In Proc. the 2nd International Conference on Architectual Support for Programming Languages and Operating Systems, October 1987, pp.122-126.
[36] Jackson T, Salamat B, Homescu A, Manivannan K, Wagner G, Gal A, Brunthaler S, Wimmer C, Franz M. Compilergenerated software diversity. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.77-98.
[37] Cabutto A, Falcarin P, Abrath B, Coppens B, De Sutter B. Software protection with code mobility. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.95-103.
[38] Franz M. E unibus pluram:Massive-scale software diversity as a defense mechanism. In Proc. the 2010 New Security Paradigms Workshop, September 2010, pp.7-16.
[39] Jackson T, Homescu A, Crane S, Larsen P, Brunthaler S, Franz M. Diversifying the software stack using randomized NOP insertion. In Moving Target Defense Ⅱ:Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.151-173.
[40] Hobson T, Okhravi H, Bigelow D, Rudd R, Streilein W. On the challenges of effective movement. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.41-50.
[41] Spinellis D. Reflection as a mechanism for software integrity verification. ACM Transactions on Information and System Security, 2000, 3(1):51-62.
[42] Msgna M, Markantonakis K, Naccache D, Mayes K. Verifying software integrity in embedded systems:A side channel approach. In Proc. the 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, April 2014, pp.261-280.
[43] Basili V R, Selby R W. Comparing the effectiveness of software testing strategies. IEEE Transactions on Software Engineering, 1987, SE-13(12):1278-1296.
[44] Shacham H. The geometry of innocent flesh on the bone:Return-into-libc without function calls (on the x86). In Proc. the 14th ACM Conference on Computer and Communications Security, October 2007, pp.552-561.
[45] Pappas V, Polychronakis M, Keromytis A D. Practical software diversification using in-place code randomization. In Moving Target Defense Ⅱ:Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.175-202.
[46] Cui A, Stolfo S J. Symbiotes and defensive mutualism:Moving target defense. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.99-108.
[47] Zhuang R, Zhang S, Bardas A, DeLoach S A, Ou X, Singhal A. Investigating the application of moving target defenses to network security. In Proc. the 6th International Symposium on Resilient Control Systems, August 2013, pp.162-169.
[48] Al-Shaer E. Toward network configuration randomization for moving target defense. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.153-159.
[49] Dunlop M, Groat S, Urbanski W, Marchany R, Tront J. MT6D:A moving target IPv6 defense. In Proc. Military Communications Conference, November 2011, pp.1321-1326.
[50] Jafarian J H, Al-Shaer E, Duan Q. OpenFlow random host mutation:Transparent moving target defense using software defined networking. In Proc. the 1st Workshop on Hot Topics in Software Defined Networks, August 2012, pp.127-132.
[51] Groat S, Dunlop M, Urbanksi W, Marchany R, Tront J. Using an IPv6 moving target defense to protect the Smart Grid. In Proc. IEEE PES Innovative Smart Grid Technologies, January 2012.
[52] Clark A, Sun K, Poovendran R. Effectiveness of IP address randomization in decoy-based moving target defense. In Proc. the 52nd IEEE Conference on Decision and Control, December 2013, pp.678-685.
[53] Zheng J, Namin A S. The impact of address changes and host diversity on the effectiveness of moving target defense strategy. In Proc. the 40th Annual Computer Software and Applications Conference, June 2016, Volume 2, pp.553-558.
[54] Wang H, Xi Z, Li F, Chen S. WebTrap:A dynamic defense scheme against economic denial of sustainability attacks. In Proc. IEEE Conference on Communications and Network Security, October 2017.
[55] Yeung F, Cho P, Morrell C, Marchany R, Tront J. Modeling network based moving target defense impacts through simulation in Ns-3. In Proc. IEEE Military Communications Conference, November 2016, pp.746-751.
[56] Huang Y, Ghosh A K. Introducing diversity and uncertainty to create moving attack surfaces for web services. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.131-151.
[57] Bardas A G, Sundaramurthy S C, Ou X M, DeLoach S A. MTD CBITS:Moving target defense for cloud-based IT systems. In Proc. the 22nd European Symposium on Research in Computer Security, September 2017, pp.167-186.
[58] Stoll C. The Cuckoo's Egg:Tracking a Spy Through the Maze of Computer Espionage (1st edition). The Bodley Head Ltd, 1989.
[59] Kreutz D, Ramos F M V, Veríssimo P E, Rothenberg C E, Azodolmolky S, Uhlig S. Software-defined networking:A comprehensive survey. Proceedings of the IEEE, 2015, 103(1):14-76.
[60] MacFarland D C, Shue C A. The SDN shuffle:Creating a moving-target defense using host-based software-defined networking. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.37-41.
[61] Wang K, Chen X, Zhu Y F. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks. PLOS ONE, 2017, 12(5):Article No. e0177111.
[62] Skowyra R, Bauer K, Dedhia V, Okhravi H. Have No PHEAR:Networks without identifiers. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.3-14.
[63] Kampanakis P, Perros H, Beyene T. SDN-based solutions for moving target defense network protection. In Proc. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, June 2014.
[64] Chowdhary A, Pisharody S, Huang D. SDN based scalable MTD solution in cloud network. InProc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.27-36.
[65] Kil C, Jun J, Bookholt C, Xu J, Ning P. Address Space Layout Permutation (ASLP):Towards fine-grained randomization of commodity software. In Proc. the 22nd Annual Computer Security Applications Conference, December 2006, pp.339-348.
[66] Casola V, de Benedictis A, Albanese M. A moving target defense approach for protecting resource-constrained distributed devices. In Proc. the 14th International Conference on Information Reuse and Integration, August 2013, pp.22-29.
[67] Zeitz K, Cantrell M, Marchany R, Tront J. Designing a micro-moving target IPv6 defense for the Internet of things. In Proc. the 2nd International Conference on Internet-ofThings Design and Implementation, April 2017, pp.179-184.
[68] Kumar A, Aggarwal A. Lightweight cryptographic primitives for mobile ad hoc networks. In Proc. International Conference on Recent Trends in Computer Networks and Distributed Systems Security, October 2012, pp.240-251.
[69] Okhravi H, Riordan J, Carter K. Quantitative evaluation of dynamic platform techniques as a defensive mechanism. In Proc. the 17th International Symposium on Research in Attacks, Intrusions and Defenses, September 2014, pp.405-425.
[70] Hamlet J R, Lamb C C. Dependency graph analysis and moving target defense selection. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.105-116.
[71] Green M, MacFarland D C, Smestad D R, Shue C A. Characterizing network-based moving target defenses. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.31-35.
[72] Zaffarano K, Taylor J, Hamilton S. A quantitative framework for moving target defense effectiveness evaluation. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.3-10.
[73] Taylor J, Zaffarano K, Koller B, Bancroft C, Syversen J. Automated effectiveness evaluation of moving target defenses:Metrics for missions and attacks. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.129-134.
[74] Evans D, Nguyen-Tuong A, Knight J. Effectiveness of moving target defenses. In Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.29-48.
[75] Xu J, Guo P Y, Zhao M Y, Erbacher R F, Zhu M H, Liu P. Comparing different moving target defense techniques. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.97-107.
[76] Manadhata P K. Game theoretic approaches to attack surface shifting. In Moving Target Defense Ⅱ:Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.1-13.
[77] Zhu Q Y, Başar T. Game-theoretic approach to feedbackdriven multi-stage moving target defense. In Proc. the 4th International Conference on Decision and Game Theory for Security, November 2013, pp.246-263.
[78] Zheng J J, Namin A S. A Markov decision process to determine optimal policies in moving target. In Proc. ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.2321-2323.
[79] Carter K M, Riordan J F, Okhravi H. A game theoretic approach to strategy determination for dynamic platform defenses. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.21-30.
[80] Maleki H, Valizadeh S, Koch W, Bestavros A, van Dijk M. Markov modeling of moving target defense games. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.81-92.
[1] Maryam Zarezadeh, Hamid Mala, Homa Khajeh. 利用安全多方计算保护软件定义网络策略隐私[J]. 计算机科学技术学报, 2020, 35(4): 863-874.
[2] Xue-Kai Du, Zhi-Hui Lu, Qiang Duan, Jie Wu, Cheng-Rong Wu. 在多租户数据中心中针对安全服务的负载自适应的流量转向和转发方案[J]. , 2017, 32(6): 1265-1278.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 刘明业; 洪恩宇;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[2] 陈世华;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[3] 高庆狮; 张祥; 杨树范; 陈树清;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[4] 陈肇雄; 高庆狮;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[5] 黄河燕;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[6] 闵应骅; 韩智德;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[7] 唐同诰; 招兆铿;. Stack Method in Program Semantics[J]. , 1987, 2(1): 51 -63 .
[8] 闵应骅;. Easy Test Generation PLAs[J]. , 1987, 2(1): 72 -80 .
[9] 朱鸿;. Some Mathematical Properties of the Functional Programming Language FP[J]. , 1987, 2(3): 202 -216 .
[10] 李明慧;. CAD System of Microprogrammed Digital Systems[J]. , 1987, 2(3): 226 -235 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: