Symbiotes and defensive Mutualism: Moving Target Defense

Cui, Ang; Stolfo, Salvatore J.

doi:10.1007/978-1-4614-0977-9_5

Ang Cui⁶ &
Salvatore J. Stolfo⁶

Part of the book series: Advances in Information Security ((ADIS,volume 54))

2437 Accesses
15 Citations

Abstract

If we wish to break the continual cycle of patching and replacing our core monoculture systems to defend against attacker evasion tactics, we must redesign the way systems are deployed so that the attacker can no longer glean the information about one system that allows attacking any other like system. Hence, a new poly-culture architecture that provides complete uniqueness for each distinct device would thwart many remote attacks (except perhaps for insider attacks). We believe a new security paradigm based on perpetual mutation and diversity, driven by symbiotic defensive mutualism can fundamentally change the ‘cat and mouse’ dynamic which has impeded the development of truly effective security mechanism to date. We propose this new ‘clean slate design’ principle and conjecture that this defensive strategy can also be applied to legacy systems widely deployed today. Fundamentally, the technique diversifies the defensive system of the protected host system thwarting attacks against defenses commonly executed by modern malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 79.99; Price excludes VAT (USA)

Softcover Book: USD 99.99; Price excludes VAT (USA)

Hardcover Book: USD 139.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Microsoft Corporation, Kernel Patch Protection: Frequently Asked Questions. http://tinyurl.com/y7pss5y, 2006.
Hoi Chang and Mikhail J. Atallah. Protecting software code by guards. In Tomas Sander, editor, Digital Rights Management Workshop, volume 2320 of Lecture Notes in Computer Science, pages 160–175. Springer, 2001.
Google Scholar
U´ lfar Erlingsson, Mart´ın Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. Xfi: Software guards for system address spaces. In OSDI, pages 75–88. USENIX Association, 2006.
Google Scholar
Ligati et al. Enforcing security policies with run-time program monitors. Princeton University, 2005.
Google Scholar
Christopher Kr¨ugel,William K. Robertson, and Giovanni Vigna. Detecting kernel-level rootkits through binary analysis. In ACSAC, pages 91–100. IEEE Computer Society, 2004.
Google Scholar
Felix ”FX” Linder. Cisco IOS Router Exploitation. In In BlackHat USA, 2009.
Google Scholar
Richard Lippmann, Engin Kirda, and Ari Trachtenberg, editors. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15–17, 2008. Proceedings, volume 5230 of Lecture Notes in Computer Science. Springer, 2008.
Google Scholar
Michael Lynn. Cisco IOS Shellcode, 2005. In BlackHat USA.
Google Scholar
Sebastian Muniz. Killing the myth of Cisco IOS rootkits: DIK, 2008. In EUSecWest.
Google Scholar
Ryan Riley, Xuxian Jiang, and Dongyan Xu. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In Lippmann et al. [7], pages 1–20.
Google Scholar
Dror-John Roecher and Michael Thumann. NAC Attack. In In BlackHat USA, 2007.
Google Scholar
Skywing. Subverting PatchGuard Version 2, 2008. Uninformed,Volume 6.
Google Scholar
Yingbo Song, Pratap V. Prahbu, and Salvatore J. Stolfo. Smashing the stack with hydra: The many heads of advanced shellcode polymorphism. In Defcon 17, 2009.
Google Scholar
Vikas R. Vasisht and Hsien-Hsin S. Lee. Shark: Architectural support for autonomic protection against stealth by rootkit exploits. In MICRO, pages 106–116. IEEE Computer Society, 2008.
Google Scholar
Zhi Wang, Xuxian Jiang, Weidong Cui, and Xinyuan Wang. Countering persistent kernel rootkits through systematic hook discovery. In Lippmann et al. [7], pages 21–38.
Google Scholar

Download references

Author information

Authors and Affiliations

Columbia University, New York, USA
Ang Cui & Salvatore J. Stolfo

Authors

Ang Cui
View author publications
You can also search for this author in PubMed Google Scholar
Salvatore J. Stolfo
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ang Cui .

Editor information

Editors and Affiliations

Center for Secure Information Systems, George Mason University, Fairfax, 22030-4444, Virginia, USA
Sushil Jajodia
Center for Secure Information Systems, George Mason University, Fairfax, 22030-4422, Virginia, USA
Anup K. Ghosh
The MITRE Corporation, McLean, 22102-7508, Virginia, USA
Vipin Swarup
Computing and Information Science Div., Engineering Sciences Directorate, Triangle Park, 27709-2211, North Carolina, USA
Cliff Wang
Division of Information & Intelligent Sy, National Science Foundation, Arlington, 22230, Virginia, USA
X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Cui, A., Stolfo, S.J. (2011). Symbiotes and defensive Mutualism: Moving Target Defense. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_5

Download citation

DOI: https://doi.org/10.1007/978-1-4614-0977-9_5
Published: 05 August 2011
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-0976-2
Online ISBN: 978-1-4614-0977-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics