Moving Target Defense for Web Applications

abstract: Web applications continue to remain as the most popular method of interaction for businesses over the Internet. With it's simplicity of use and management, they often function as the "front door" for many companies. As such, they are a critical component of the security ecosystem as vulnerabilities present in these systems could potentially allow malicious users access to sensitive business and personal data. The inherent nature of web applications enables anyone to access them anytime and anywhere, this includes any malicious actors looking to exploit vulnerabilities present in the web application. In addition, the static configurations of these web applications enables attackers the opportunity to perform reconnaissance at their leisure, increasing their success rate by allowing them time to discover information on the system. On the other hand, defenders are often at a disadvantage as they do not have the same temporal opportunity that attackers possess in order to perform counter-reconnaissance. Lastly, the unchanging nature of web applications results in undiscovered vulnerabilities to remain open for exploitation, requiring developers to adopt a reactive approach that is often delayed or to anticipate and prepare for all possible attacks which is often cost-prohibitive. Moving Target Defense (MTD) seeks to remove the attackers' advantage by reducing the information asymmetry between the attacker and defender. This research explores the concept of MTD and the various methods of applying MTD to secure Web Applications. In particular, MTD concepts are applied to web applications by implementing an automated application diversifier that aims to mitigate specific classes of web application vulnerabilities and exploits. Evaluation is done using two open source web applications to determine the effectiveness of the MTD implementation. Though developed for the chosen applications, the automation process can be customized to fit a variety of applications.Dissertation/ThesisMasters Thesis Computer Science 201

Design, Implementation and Experiments for Moving Target Defense Framework

The traditional defensive security strategy for distributed systems employs well-established defensive techniques such as; redundancy/replications, firewalls, and encryption to prevent attackers from taking control of the system. However, given sufficient time and resources, all these methods can be defeated, especially when dealing with sophisticated attacks from advanced adversaries that leverage zero-day exploits

Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost

A Computer Network Model for the Evaluation of Moving Target Network Defense Mechanisms

In order to combat the increasing complexity of cyber attacks, a new category of cyber defense called dynamic cyber defense has been the focus of a significant amount of work. Dynamic cyber defense mechanisms aim to protect networks by modifying their attributes in order to confuse would-be attackers. Currently, the majority of the existing mechanisms are purely theoretical and have been the subject of minimal performance analysis. There has also been almost no effort to perform comparative analysis of different techniques. As a result, there is a great need for a method of modeling different mechanisms within a single system in order to conduct comprehensive, comparative performance analysis. This work develops the framework of a system called Dynamic Virtual Terrain (DVT), which can be used for comparative analysis of dynamic cyber defense mechanisms under identical conditions. DVT models network topology using nodes, which represent members of a network, and access permissions, which describe the connectivity of the network. DVT also defines a generic dynamic cyber defense algorithm that can be extended in order to implement a hierarchy of techniques. An implementation of DVT is created in order to perform experiments with IP address hopping, port hopping, and dynamic firewall mechanisms in a cyber attack simulation environment. Attack scenarios are developed to evaluate the performance of the mechanisms under identical conditions, and the results of simulating these scenarios are used to analyze the performance of the implemented mechanisms

PROVIDE: hiding from automated network scans with proofs of identity

Network scanners are a valuable tool for researchers and administrators, however they are also used by malicious actors to identify vulnerable hosts on a network. Upon the disclosure of a security vulnerability, scans are launched within hours. These opportunistic attackers enumerate blocks of IP addresses in hope of discovering an exploitable host. Fortunately, defensive measures such as port knocking protocols (PKPs) allow a service to remain stealth to unauthorized IP addresses. The service is revealed only when a client includes a special authentication token (AT) in the IP/TCP header. However this AT is generated from a secret shared between the clients/servers and distributed manually to each endpoint. As a result, these defense measures have failed to be widely adopted by other protocols such as HTTP/S due to challenges in distributing the shared secrets. In this paper we propose a scalable solution to this problem for services accessed by domain name. We make the following observation: automated network scanners access servers by IP address, while legitimate clients access the server by name. Therefore a service should only reveal itself to clients who know its name. Based on this principal, we have created a proof of the verifier’s identity (a.k.a. PROVIDE) protocol that allows a prover (legitimate user) to convince a verifier (service) that it is knowledgeable of the verifier’s identity. We present a PROVIDE implementation using a PKP and DNS (PKP+DNS) that uses DNS TXT records to distribute identification tokens (IDT) while DNS PTR records for the service’s domain name are prohibited to prevent reverse DNS lookups. Clients are modified to make an additional DNS TXT query to obtain the IDT which is used by the PKP to generate an AT. The inclusion of an AT in the packet header, generated from the DNS TXT query, is proof the client knows the service’s identity. We analyze the effectiveness of this mechanism with respect to brute force attempts for various strength ATs and discuss practical considerations.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798