On the response policy of software decoys: Conducting software-based deception in the cyber battlespace

Michael, J.B.

doi:10.1109/cmpsac.2002.1045129

Cited by 9 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applying a one-size-fits-all response, such as always terminating all interaction with the intruder, or always responding in kind, can be an ineffective or worse, illegal, response. For instance, terminating interaction with an intruder could prevent the seizure of evidence for criminal prosecution, collection of information for counterintelligence purposes, or counter-targeting for a military response (Michael, 2002). By responding in kind, the defender may violate domestic or international law or, in the case of a government actor, inadvertently escalate to the level of a use of force or even an armed attack.…”

Section: Introductionmentioning

confidence: 99%

An ontology‐based distributed whiteboard to determine legal responses to online cyber attacks

et al. 2006

View full text Add to dashboard Cite

Purpose -This paper aims to assist investigators and attorneys addressing the legal aspects of cyber incidents, and allow them to determine the legality of a response to cyber attacks by using the Worldwide web securely. Design/methodology/approach -Develop a decision support legal whiteboard that graphically constructs legal arguments as a decision tree. The tree is constructed using a tree of questions and appending legal documents to substantiate the answers that are known to hold in anticipated legal challenges. Findings -The tool allows participating group of attorneys to meet in cyberspace in real time and construct a legal argument graphically by using a decision tree. They can construct sub-parts of the tree from their own legal domains. Because diverse legal domains use different nomenclatures, this tool provides the user the capability to index and search legal documents using a complex international legal ontology that goes beyond the traditional LexisNexis-like legal databases. This ontology itself can be created using the tool from distributed locations. Originality/value -This tool has been fine-tuned through numerous interviews with attorneys teaching and practicing in the area of cyber crime, cyber espionage, and military operations in cyberspace. It can be used to guide forensic experts and law enforcement personnel during their active responses and off-line examinations.

show abstract

Section: Introductionmentioning

confidence: 99%

An ontology‐based distributed whiteboard to determine legal responses to online cyber attacks

et al. 2006

View full text Add to dashboard Cite

show abstract

“…When the suspect program interacts with other processes on the VM, the analyst can alter the way the processes act so as to present a VM with multiple inconsistent configurations. Numerous studies have reported on the use of deception as a defensive mechanism [13,14,15,16,17]. The use of virtual machine eliminates the need for host-based deception to use a modified kernel and modified software.…”

Section: Vmi Covert Operationsmentioning

confidence: 99%

Investigating the Implications of Virtual Machine Introspection for Digital Forensics

Nance

Bishop

Hay

2009

2009 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the identification of four initial priority research areas in virtual machine introspection including virtual machine introspection tool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.

show abstract

“…We refer to this as an example of Ullintelltiollal unlal1;ful use of decoys. One means proposed in [2] for countering this and the other types of misuse is to make the decoy supervisors responsible for checking whether the rules for conducting counterintelligence and applying countermeasures in a particular context do not contravene policy.…”

Section: Potential For Misuse Of Decoysmentioning

confidence: 99%

“…Such outlawed means include chemical weapons, biological weapons, x-ray transparent bullets, and blinding lasers. These four customary rules, described as they pertain to military use of software decoys to protect semantic webs, may be found in [2].…”

Section: Principled Analysis Of Decoy Usagementioning

confidence: 99%

Lawful Cyber Decoy Policy

Michael¹,

Wingfield²

2003

Security and Privacy in the Age of Uncertainty

View full text Add to dashboard Cite

Abstract:Cyber decoys provide a means for automating, to a degree, counterintelligence activities and responses to cyber attacks. Like other security mechanisms for protecting information systems, it is likely that cyber decoys will in some instances be misused. In the United States, criminal law provides us with analogies for preventing or punishing improper state use of deception, and criminal and civil law give us a range of tools to use against private actors. However, in addition to states, nongovernmental entities and individuals can employ cybel' decoys. In this paper we present a principled analysis of the use of cyber decoys. We explore the absolute minima in terms of customary principles for what might be considered to be acceptable use of deception.Key words: Deception, Law, Computer security DECEPTION IN CYBERSPACEIn [1], Michael et al. propose to use software-based deception as a means for hardening operational systems against attack. Critical units of software are wrapped with "decoying" rules, which are the cyber embodiment of both the policy (including doctrine) of an organization or individual for conducting counterintelligence and applying countermeasures against attackers. The wrappers are placed around critical units of software (e.g., a component or method) to be protected. By critical, we mean units of software that are integral to the continued survivability of an information system and the correct enforcement of the policy embedded in the system.When a wrapper detects a suspicious pattern of system calls by one or more computer processes, it begins to conduct counterintelligence tasks and initiates countermeasures; pattern recognition is performed at runtime. The

show abstract

On the response policy of software decoys: Conducting software-based deception in the cyber battlespace

Cited by 9 publications

References 4 publications

An ontology‐based distributed whiteboard to determine legal responses to online cyber attacks

An ontology‐based distributed whiteboard to determine legal responses to online cyber attacks

Investigating the Implications of Virtual Machine Introspection for Digital Forensics

Lawful Cyber Decoy Policy

Contact Info

Product

Resources

About