Alexandru G. Bardas

A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems

Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems -- an attackers biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quantifying the impact of MTD systems on security, users, and attackers. To analyze this impact, both the concepts of MTD systems and cyber attacks must be formalized. While a theory of MTD systems was proposed in [18], this paper presents a theory of cyber attacks that supports the understanding and analysis of the interaction between MTD systems and the attacks they hope to thwart. The theory defines key concepts that support precise discussion of attacker knowledge, attack types, and attack instances. The paper also presents concrete examples to show how these definitions and concepts can be used in realistic scenarios.

MTD CBITS: Moving Target Defense for Cloud-Based IT Systems

The static nature of current IT systems gives attackers the extremely valuable advantage of time, as adversaries can take their time and plan attacks at their leisure. Although cloud infrastructures have increased the automation options for managing IT systems, the introduction of Moving Target Defense (MTD) techniques at the entire IT system level is still very challenging. The core idea of MTD is to make a system change proactively as a means to eliminating the asymmetric advantage the attacker has on time. However, due to the number and complexity of dependencies between IT system components, it is not trivial to introduce proactive changes without breaking the system or severely impacting its performance.

Humans Are Dynamic - Our Tools Should Be Too

Security Operation Centers (SOCs) are being operated by universities, government agencies, and corporations to defend their enterprise networks and identify and thwart malicious behaviors in both networks and hosts. The success of a SOC depends on combining good tools and processes with efficient and effective analysts. During four years of anthropological fieldwork methods to study SOCs, the authors discovered that successful SOC innovations must resolve multiple internal and external conflicts to be effective and efficient. This discovery, guided by activity theory (AT) as a framework for analyzing the fieldwork data, enabled them understand these realities. Their research indicates conflict resolution is a prerequisite for continuous improvement of SOCs in both human and technological aspects. Failure to do so can lead to adverse effects, such as analyst burnout and reduction in overall effectiveness.