Abstract
If we wish to break the continual cycle of patching and replacing our core monoculture systems to defend against attacker evasion tactics, we must redesign the way systems are deployed so that the attacker can no longer glean the information about one system that allows attacking any other like system. Hence, a new poly-culture architecture that provides complete uniqueness for each distinct device would thwart many remote attacks (except perhaps for insider attacks). We believe a new security paradigm based on perpetual mutation and diversity, driven by symbiotic defensive mutualism can fundamentally change the ‘cat and mouse’ dynamic which has impeded the development of truly effective security mechanism to date. We propose this new ‘clean slate design’ principle and conjecture that this defensive strategy can also be applied to legacy systems widely deployed today. Fundamentally, the technique diversifies the defensive system of the protected host system thwarting attacks against defenses commonly executed by modern malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Microsoft Corporation, Kernel Patch Protection: Frequently Asked Questions. http://tinyurl.com/y7pss5y, 2006.
Hoi Chang and Mikhail J. Atallah. Protecting software code by guards. In Tomas Sander, editor, Digital Rights Management Workshop, volume 2320 of Lecture Notes in Computer Science, pages 160–175. Springer, 2001.
U´ lfar Erlingsson, Mart´ın Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. Xfi: Software guards for system address spaces. In OSDI, pages 75–88. USENIX Association, 2006.
Ligati et al. Enforcing security policies with run-time program monitors. Princeton University, 2005.
Christopher Kr¨ugel,William K. Robertson, and Giovanni Vigna. Detecting kernel-level rootkits through binary analysis. In ACSAC, pages 91–100. IEEE Computer Society, 2004.
Felix ”FX” Linder. Cisco IOS Router Exploitation. In In BlackHat USA, 2009.
Richard Lippmann, Engin Kirda, and Ari Trachtenberg, editors. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15–17, 2008. Proceedings, volume 5230 of Lecture Notes in Computer Science. Springer, 2008.
Michael Lynn. Cisco IOS Shellcode, 2005. In BlackHat USA.
Sebastian Muniz. Killing the myth of Cisco IOS rootkits: DIK, 2008. In EUSecWest.
Ryan Riley, Xuxian Jiang, and Dongyan Xu. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In Lippmann et al. [7], pages 1–20.
Dror-John Roecher and Michael Thumann. NAC Attack. In In BlackHat USA, 2007.
Skywing. Subverting PatchGuard Version 2, 2008. Uninformed,Volume 6.
Yingbo Song, Pratap V. Prahbu, and Salvatore J. Stolfo. Smashing the stack with hydra: The many heads of advanced shellcode polymorphism. In Defcon 17, 2009.
Vikas R. Vasisht and Hsien-Hsin S. Lee. Shark: Architectural support for autonomic protection against stealth by rootkit exploits. In MICRO, pages 106–116. IEEE Computer Society, 2008.
Zhi Wang, Xuxian Jiang, Weidong Cui, and Xinyuan Wang. Countering persistent kernel rootkits through systematic hook discovery. In Lippmann et al. [7], pages 21–38.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Cui, A., Stolfo, S.J. (2011). Symbiotes and defensive Mutualism: Moving Target Defense. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_5
Download citation
DOI: https://doi.org/10.1007/978-1-4614-0977-9_5
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-0976-2
Online ISBN: 978-1-4614-0977-9
eBook Packages: Computer ScienceComputer Science (R0)