Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Portokalidis, Georgios; Keromytis, Angelos D.

doi:10.1007/978-1-4614-0977-9_3

Cited by 26 publications

(17 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of the previous work focuses on specific aspects of system configuration, such as IP addresses [10,2,8], memory layouts [27,15], instruction sets [13,4], html keywords [28,7], SQL queries [5], database table keywords [7], etc. Recently a few comprehensive frameworks [20,14] have been proposed, but most are still conceptual and require significant theoretical and practical effort to bring them to fruition.…”

Section: Overview and Related Workmentioning

confidence: 99%

Towards a Theory of Moving Target Defense

Zhuang

DeLoach

2014

Proceedings of the First ACM Workshop on Moving Target Defense

197

111

View full text Add to dashboard Cite

The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to show that MTD systems can work effectively in real systems. In fact, there is no standard definition of what an MTD is, what is meant by attack surface, or metrics to define the effectiveness of such systems. In this paper, we propose an initial theory that will begin to answer some of those questions. The paper defines the key concepts required to formally talk about MTD systems and their basic properties. It also discusses three essential problems of MTD systems, which include the MTD Problem (or how to select the next system configuration), the Adaptation Selection Problem, and the Timing Problem. We then formalize the MTD Entropy Hypothesis, which states that the greater the entropy of the system's configuration, the more effective the MTD system.

show abstract

Section: Overview and Related Workmentioning

confidence: 99%

Towards a Theory of Moving Target Defense

Zhuang

DeLoach

2014

Proceedings of the First ACM Workshop on Moving Target Defense

197

111

View full text Add to dashboard Cite

show abstract

“…• What to move: 'What to move' refers to what system configuration attribute (i.e., attack surface) can be dynamically changed to confuse attackers. The example system or network attributes that can be changed include instruction sets [86,123], address space layouts [135], IP addresses [3,10,79,88,138], port numbers [97], proxies [83], virtual machines [165,20], operating systems [148], or software programs [76]. Table III summarizes the moving elements by MTD techniques in different system layers [4,69].…”

Section: B Key Design Principlesmentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

204

View full text Add to dashboard Cite

Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.

show abstract

“…Or, since, wisely in these troubled times, the code, with its run-time variables, is protected, e.g. by a moving target defense like [11]. We recall that these recent techniques aim on secure cloud software through secret randomization of the code and variables, blocking injections and reverse engineering.…”

Section: --7 -mentioning

confidence: 99%

“…Such hope was probably unreasonable in the past. The progress in secure software engineering, e.g., through the moving target defenses, [11], makes it henceforward rational.…”

Section: Introductionmentioning

confidence: 99%

Numerical SQL Value Expressions Over Encrypted Cloud Databases

Jajodia

Litwin

Schwarz

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cloud databases often need client-side encryption. Encryption however impairs queries, especially with numerical SQL value expressions. Fully homomorphic encryption scheme could suffice, but known schemes remain impractical. Partially homomorphic encryption suffices for specific expressions only. The additively homomorphic Paillier scheme appears the most practical. We propose the homomorphic encryption for standard SQL expressions over a practical domain of positive values. The scheme uses a version of Paillier's formulae and auxiliary tables at the cloud that are conceptually the traditional mathematical tables. They tabulate encrypted log and antilog functions and some others over the domain. The choice of functions is extensible. We rewrite the expressions with any number of SQL operators '*', '/' '^" and of standard aggregate functions so they compute over encrypted data using the tables and Paillier's formulae only. All calculations occur at the cloud. We present our scheme, show its security, variants and practicality.

show abstract

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Cited by 26 publications

References 27 publications

Towards a Theory of Moving Target Defense

Towards a Theory of Moving Target Defense

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Numerical SQL Value Expressions Over Encrypted Cloud Databases

Contact Info

Product

Resources

About