Third ACM Workshop on Moving Target Defense (MTD 2016)
conjunction with the 23rd ACM Conference on Computer and Communications Security
Venue: MTD 2016 will be held on the first day of the 23rd ACM CCS (Conference on Computer and Communications Security, October 24-28, 2016) at the Hofburg Palace, Vienna, Austria.
Background: The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for both defenders and attackers - hopefully even tilting it in favor of the defender.
Workshop Goals: This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit paper and system demo submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since MTD research is still in its nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results.
· System randomization
· Artificial diversity
· Cyber maneuver
· Bio-inspired defenses
· Dynamic network configuration
· Moving target in the cloud
· System diversification techniques
· Dynamic compilation techniques
· Adaptive defenses
· MTD quantification methods and models
· Large-scale MTD (using multiple techniques)
· Moving target in software coding, application APIs virtualization
· Autonomous technologies for MTD
· Theoretic study on modeling trade-offs of using MTD approaches
· Human, social, and psychology aspects of MTD
· Other related areas
Paper submissions: Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 10 pages in the ACM double-column format, excluding well-marked appendices, and at most 12 pages in total. Submissions are not required to be anonymized.
System demo submissions: Each accepted system demo must be demonstrated on site by a registered workshop attendee; then a 2-page description can be included in the proceedings. System demo submissions should be at most 2 pages in the ACM double-column format, excluding well-marked appendices, and at most 4 pages in total. Submitted system demos must not substantially overlap system demos that have been published or that are simultaneously submitted to another conference with proceedings. Submissions are not required to be anonymized.
Submission web site: Both paper and system demo submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=mtd20160. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of July 27, 2016 to be considered. Notification of acceptance or rejection will be sent to authors by September 5, 2016. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop. Proceedings of the workshop will be available on a CD to the workshop attendees and will become part of the ACM Digital Library.
Contact: Peng Liu and Cliff Wang, MTD 2016 Program Chairs, firstname.lastname@example.org
· Paper submission due: July 27, 2016 [FIRM]
· Notification to authors: September 5, 2016
· Camera ready due: September 12, 2016
· Workshop date: October 24, 2016
Title: A Cyber Mutation: Metrics, Techniques and Future Directions
Abstract: After decades of cyber warfare, it is well-known that the static and predictable behavior of cyber configuration provides a great advantage to adversaries to plan and launch their attack successfully. At the same time, as cyber-attacks are getting highly stealthy and more sophisticated, their detection and mitigation become much harder and expensive. We developed a new foundation for moving target defense (MTD) based on cyber mutation, as a new concept in cybersecurity to reverse this asymmetry in cyber warfare by embedding agility into cyber systems. Cyber mutation enables cyber systems to automatically change its configuration parameters in unpredictable, safe and adaptive manner in order to proactively achieve one or more of the following MTD goals: (1) deceiving attackers from reaching their goals, (2) disrupting their plans via changing adversarial behaviors, and (3) deterring adversaries by prohibitively increasing the attack effort and cost.
In this talk, we will present the formal foundations, metrics and framework for developing effective cyber mutation techniques. The talk will also review several examples of developed techniques including Random Host Mutation, Random Rout Mutation, fingerprinting mutation, and mutable virtual networks. The talk will also address the evaluation and lessons learned for advancing the future research in this area.
Bio: Dr. Ehab Al-Shaer is a Professor in Computer Science, the director of the Cyber Defense and Network Assurability (CyberDNA) Center, and the director of NSF IUCRC Center on Security Configuration Analytics and Automation in UNC Charlotte. His area of research expertise includes security analytics and automation, auto-resiliency, configuration verification and hardening for enterprise and cloud computing, cyber agility & moving target defense, security & resiliency of smart grid and IoT systems, security & resiliency metrics, and next-generation intrusion detection. Dr. Al-Shaer has edited/co-edited more than 9 books, and published about 190 refereed journals and conferences papers in his area. He was designated as a Subject Matter Expert (SME) in the area of security analytics and automation in DoD Information Assurance Newsletter published in 2011. He received the IBM Faculty Award in 2012. I was the General Chair of ACM Computer and Communication in 2009 and 2010 and NSF Workshop in Assurable and Usable Security Configuration in 2008. Dr. Al-Shaer was also the PC chair for many other conferences and workshops including ACM/IEEE SafeConfig 2009 and 2013, IEEE Integrated Management 2007, IEEE POLICY 2008, and others. Since he joined UNC Charlotte in 2009, Dr. Al-Shaer has received a total research funding of more than $8M from various government and industry sources including NSF, NSA, AFRL, ARO, Duke Energy, IBM, Bank of America, Wells Fargo, BB&T, RTI, DTCC and others.
Title: Moving Target Defense – A Journey from Idea to Product
Abstract: Today’s enterprise networks are “sitting ducks” waiting for attackers to exploit them. To a determined attacker, there are many ways to get inside an enterprise network, bypass any current protection technologies, and attack the intended targets. Innovations in cyber security technology are needed that go beyond what the current state of the art has to offer.
As part of the research and development community, we have participated in developing such innovative technologies providing moving target defense capabilities to enterprise networks. In particular, the Self-shielding Dynamic Network Architecture (SDNA) technology (currently known as CryptoniteNXT) dynamically alters an enterprise network’s appearance and behavior to stop cyber-attacks, including zero-day and targeted advanced persistent threats, while maintaining transparency to the user, application, and operating system. SDNA prevents an attacker from targeting, entering, or spreading through an enterprise network by adding dynamics that present a changing view of the network over space and time. If an attacker gains a foothold inside the enterprise network, for example, a malicious insider or a host compromised by a phishing attack, SDNA limits the attacker’s ability to spread and operate by constraining each host to an abstract, modified, and obfuscated view of the network.
SDNA is a unique offering in that it is pro-active in its protection and that it does not depend on continuous intervention from the Information Technology (IT) department to maintain a secure environment. Based on the significant market potential of SDNA and excellent test results, we have spun off this technology as a separate company to raise commercial investment for product launch, marketing, sales, etc. It is anticipated that the matured SDNA products will greatly enhance the cyber security posture and reduce cyber security associated damage costs in a wide range of commercial and government sectors.
In this invited talk, Dr. Jason Li will describe the SDNA/CryptoniteNXT technology, its lifetime from inception to maturity, as well as lessons learned through the exciting journey of research, development, maturation, security testing/red teaming, and productization. The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for attackers. Although many MT techniques have been proposed in the literature, little has been done to evaluate their effectiveness, benefits, and weaknesses. In this talk, we describe the status quo in MT prototyping and evaluation and provide recommendations for a more systematic approach in designing and implementing more effective MT defenses.