Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes

Abstract: Abstract-Networks with homogeneous routing nodes are constantly at risk as any vulnerability found against a node could be used to compromise all nodes. Introducing diversity among nodes can be used to address this problem. With few variants, the choice of assignment of variants to nodes is critical to the overall network resiliency.We present the Diversity Assignment Problem (DAP), the assignment of variants to nodes in a network, and we show how to compute the optimal solution in medium-size networks. We als… Show more

“…Figure 2 shows the HARM of the virtualized system. The AT shown in Figure 2 for V M 1 (as shown in Table 1 [14], [15], [16] Application [17], [18] Diversity Topology [19], [20] Application [21], [22], [23], [24], [25], [26] Redundancy Topology [27], [28] Application [29], [30], [31], [32] …”

“…We focus our network hardening based on securing important nodes in the attack paths, such as shown in [20] (but not routing nodes here), rather than end points of an attack (i.e., initial attack points and the target nodes) because of the following reasons: (i) in a virtualized system (e.g., cloud), visible components or nodes to the attacker (i.e., initial attack points) may change frequently (e.g., service updates), (ii) assets in the networked system change, and there may exist multiple assets (i.e., multiple target nodes), and (iii) target nodes are estimated with asset values but it is still difficult to specify them in an event of an attack.…”

“…However, if we deploy the OS diversity on V M 3 , it affects both attack paths (i) and (ii), as shown in Figure 4(c). More complex diversity assignment can be found in [20], and we show assessing the effectiveness of these scenarios in Section 4.2.…”

“…The Shuffle technique rearranges the system setting in various layers (e..g., address ran-domization, migration, topology rearrangements) [12], [13], [14], [15], [16], [17], [18]. The Diversity technique provides equivalent functions with different implementations (e.g., operating systems, variant inputs and interpreters, variant software stack components) [19], [20], [21], [22], [23], [24], [25], [26]. The Redundancy technique provides multiple replicas of the network components (e.g., services, nodes, or paths) to make multiples of the same function [27], [28], [29], [30], [31], [32].…”

“…In contrast, using the IMs to deploy the MTD technique computes important system components based on the IMs, where the MTD techniques are deployed onto (e.g., an important server is selected for a redundancy). An earlier version of this paper appeared in [39], and we extended the earlier version with (i) modeling and analysis of Redundancy, (ii) modeling and analysis of complex Diversity assignments such as in [20], and (iii) extensive experiments of MTD techniques measuring performance and security.…”

Assessing the Effectiveness of Moving Target Defenses Using Security Models

“…Figure 2 shows the HARM of the virtualized system. The AT shown in Figure 2 for V M 1 (as shown in Table 1 [14], [15], [16] Application [17], [18] Diversity Topology [19], [20] Application [21], [22], [23], [24], [25], [26] Redundancy Topology [27], [28] Application [29], [30], [31], [32] …”

“…We focus our network hardening based on securing important nodes in the attack paths, such as shown in [20] (but not routing nodes here), rather than end points of an attack (i.e., initial attack points and the target nodes) because of the following reasons: (i) in a virtualized system (e.g., cloud), visible components or nodes to the attacker (i.e., initial attack points) may change frequently (e.g., service updates), (ii) assets in the networked system change, and there may exist multiple assets (i.e., multiple target nodes), and (iii) target nodes are estimated with asset values but it is still difficult to specify them in an event of an attack.…”

“…However, if we deploy the OS diversity on V M 3 , it affects both attack paths (i) and (ii), as shown in Figure 4(c). More complex diversity assignment can be found in [20], and we show assessing the effectiveness of these scenarios in Section 4.2.…”

“…The Shuffle technique rearranges the system setting in various layers (e..g., address ran-domization, migration, topology rearrangements) [12], [13], [14], [15], [16], [17], [18]. The Diversity technique provides equivalent functions with different implementations (e.g., operating systems, variant inputs and interpreters, variant software stack components) [19], [20], [21], [22], [23], [24], [25], [26]. The Redundancy technique provides multiple replicas of the network components (e.g., services, nodes, or paths) to make multiples of the same function [27], [28], [29], [30], [31], [32].…”

“…In contrast, using the IMs to deploy the MTD technique computes important system components based on the IMs, where the MTD techniques are deployed onto (e.g., an important server is selected for a redundancy). An earlier version of this paper appeared in [39], and we extended the earlier version with (i) modeling and analysis of Redundancy, (ii) modeling and analysis of complex Diversity assignments such as in [20], and (iii) extensive experiments of MTD techniques measuring performance and security.…”

Assessing the Effectiveness of Moving Target Defenses Using Security Models

Evaluating the effectiveness of shuffle and redundancy MTD techniques in the cloud

Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud