SCIT: Using Moving Target Defense for Proactive Cyber Deterrence

On Wednesday, September 5, DC ACM will be hosting a presentation on Self Cleansing Intrusion Tolerance entitled “SCIT: Using Moving Target Defense for Proactive Cyber Deterrence” given by Dr. Arun Sood, a Professor in George Mason University’s Computer Science Department and Co-Director of the International Cyber Center.  See below for the agenda, lecture abstract, and speaker biography.

Go to the DC ACM Meetup to RSVP.

Agenda:

7:00 – Light Refreshments

7:15 – Lecture

8:00 – Q&A

8:30 – Depart or DC Nightowls (RSVP here)

Abstract:

Virtualization technology has provided IT managers a new approach to reduce systems costs.  The trend to cloud has had a dramatic impact in this regard.  Systems have increased utilization and thus fewer servers to achieve the enterprise mission.  The capital and operations cost reductions are significant, leading to new business models for delivering compute cycles.The economic drivers of the virtualized environment, leads us to examine the security implications.  If we rely exclusively on the current reactive systems, then the virtualized servers, or the cloud, are going to be no more secure than the existing systems.  Multi tenancy, additional software, sharing of the memory resources, sharing of the internal data paths like the internal buses, all point to the possibilities of additional vulnerabilities, with shared resources providing a path for spreading the impact of an initial foot hold intrusion.  However, this is only part of the story – the virtualized environment provides the system designer new opportunities to improve system security.  We present Self Cleansing Intrusion Tolerance (SCIT) a patented novel approach for reducing cost of intrusions. This Moving Target Defense (MTD) strategy leads to higher level of cyber defense.  SCIT systems have been tested in Northrop Grumman and Lockheed laboratories.  We show through experimental results and simulations that using SCIT results in much lower data ex-filtration losses even for zero day and APT attacks.  Another interesting result of our work is that combining reactive and proactive systems provides significant advantage as compared to either separately.  This combined strategy for virtualized environments has the potential of leveraging the existing investment in enterprise security.  We will examine the tradeoff between the rate of moving target defense and the increased load.  The SCIT strategy effectively converts static servers into dynamic systems, and we facilitate a new series of strategies to effectively protect the virtualized environments including the cloud.

Speaker Biography:

http://cs.gmu.edu/~asood/