HOME

ABOUT STC

CONFERENCE ORGANIZATION

PRESENTER INFORMATION

KEYNOTES

TUTORIALS

EXHIBITORS AND SUPPORTERS

SCHEDULE

REGISTRATION

TRAVEL & LODGING

CONTACT US

PROCEEDINGS

IEEE STC Facebook Page IEEE STC Facebook Page


Abstract Details

<< Back to Schedule

10/14/2015  |   3:15 PM - 4:00 PM   |  Pacific I

Automatic Quantification and Minimization of Attack Surfaces

Cyber security remains one of the most serious challenges to national security and the economy that we face as a nation. Systems employing well-known, but static, defenses have found themselves increasingly vulnerable to penetration from determined, diverse, and well-resourced adversaries launching targeted attacks such as Advanced Persistent Threats (APT). In recent years, a class of dynamic defenses known as Moving Target Defenses (MTDs) has emerged to make entry points into networks and systems harder to detect; to reduce vulnerabilities and make them more transient; and to make attacks against systems less effective. MTDs attempt to reduce and dynamically move the attack surfaces of systems, i.e., the set of potentially successful attack vectors an adversary can use to compromise security of a target system. As the number and complexity of these defenses increase, cyber defenders face the problem of selecting, composing, and configuring them, a process which to date is performed manually and without a clear understanding of integration points and risks associated with each defense or combination of defenses. The current state-of-the-art approach for evaluating cyber risks in enterprise environments consists of performing structured logical arguments on security designs, e.g., using attack trees generated during vulnerability analyses, and execution of manual or automated security scanning during penetration testing to detect specific vulnerabilities present in actual systems. There are two problems with this approach. First, it is easy to fall into the trap of adding defenses that provide little security benefit, introduce unacceptable cost or overhead, inadvertently increase the attack surface, or exhibit unintended side effects when combined with other defenses. Second, empirically validating and quantifying the attack surface of large complex enterprise systems through red teaming becomes prohibitively expensive as the rate of legitimate change in those environments increases and each configuration needs retesting. Under the Attack Surface Reasoning (ASR) effort, BBN has defined and developed a modeling and analysis framework that enables a quantification of security, performance, and overhead for a composition of system components, MTDs, missions, and threats. The ASR prototype enables comparisons of various deployments of both static and dynamic cyber defenses and quantification of the associated security benefits and performance overhead to help cyber defenders choose among available proactive defenses, and configure deployed defenses to achieve the best protection for the target system with minimal impact on the system’s effectiveness or performance. ASR is based on the following innovations: (1) Use of ontological semantic models for describing cyber systems, defenses, attacks, missions, and metrics in a well-defined, composable, and extensible manner. (2) Algorithms for automatically finding feasible attack vectors and minimization opportunities that reduce the attack surface. (3) Automatic computation of multi-layered metrics capturing both security and cost tradeoffs at different granularities. (4) Relative comparison interfaces enabling rapid multi-dimensional comparison of metrics across multiple configurations, including visualization of comparisons using a heatmap paradigm. ASR enables cyber defenders to quantify the impact of adding, removing, or reconfiguring defenses of mission critical applications, providing key metrics for effective and efficient proactive defense.

Presentation:
This presentation has not yet been uploaded.

Handouts:
No handouts have been uploaded.

Borislava Simidchieva (Primary Presenter,Author,Co-Author), BBN, simidchieva@bbn.com;
Since joining BBN, Dr. Simidchieva has worked on a number of efforts focusing on the modeling and analysis of complex distributed systems. Projects include automating the generation of semantic system models from cyber monitoring and quantifying and minimizing the attack surfaces of distributed systems. Dr. Simidchieva holds a Ph.D. in Computer Science from the University of Massachusetts Amherst, specializing in software engineering. Dr. Simidchieva also holds dual Bachelor of Science degrees in computer science and computational science, respectively, and a minor in Mathematics from the State University of New York, College at Brockport. Her doctoral thesis focused on the explicit specification of variation within human-intensive systems to make their modeling more precise and facilitate their subsequent analysis and improvement. Dr. Simidchieva's proposed framework adapted and extended several state-of-the-art approaches from software product line engineering and, as proof of concept, was applied to the domains of online dispute resolution and elections. This research was done in collaboration with experts at the National Institute for Standards and Technology, election officials at Marin and Yolo counties in California, security experts at UC Davis, and mediators at the National Mediation Board in Washington, DC.

Nathaniel Soule (Co-Author), BBN, nsoule@bbn.com;
.

Michael Atighetchi (Co-Presenter,Co-Author), BBN, matighet@bbn.com;
Mr. Atighetchi is a Senior Scientist in the Information and Knowledge Technology business unit at BBN Technologies. Since Mr. Atighetchi joined BBN over 16 years ago, he has contributed to research and technology development in the areas of adaptive QoS middleware, information assurance, cognitive reasoning in cyber defense, AI learning, system survivability and security verification through red team testing. He has been a key technical contributor and Principal Investigator (PI) to several DARPA- and AFRL-sponsored research projects. Mr. Atighetchi has published over 70 technical papers in peer-reviewed journals and conferences and is a Senior Member of the IEEE and ACM.

Fusun Yaman (Co-Author), BBN, fyaman@bbn.com;
.

Ronald Watro (Co-Author), BBN, rwatro@bbn.com;
.

Joseph Loyall (Co-Author), BBN, jloyall@bbn.com;
.

David Last (Co-Author), AFRL, david.last.1@us.af.mil;
.

David Myers (Co-Author), AFRL, david.myers.35@us.af.mil;
.

Capt. Bridget Flatley (Author,Co-Author), AFRL, bridget.flatley.1@us.af.mil;
.

2013 Sponsors: IEEE and IEEE Computer Society

This site and all contents (unless otherwise noted) are Copyright ©2013 IEEE. All rights reserved.