Moving target defense — state of the field in 2018?

A year ago, one of our most-read blog posts declared moving target defense “today’s most impactful security innovation opportunity.” How’s that holding up? How does the moving target defense landscape look one year later in 2018? This post reviews recent developments in moving target defense research, hacking competitions, threat modeling, as well as the emerging startup market.

[Update: after years of R&D on the world’s first moving target defense data protection platform with federal agencies and Fortune 100 R&D labs, we are productizing & commercializing CryptoMove’s moving target data protection platform as Tholos Key Vault, a product for managing keys and secrets. You can check out our private beta here.]

2018 MTD workshop in Toronto

Association for Computing Machinery (ACM) Moving Target Defense (MTD) workshops have continued. The 2018 ACM MTD workshop will be held in Toronto, Canada, this coming October. We’re excited to see what the discussions and papers will bring.

5th ACM Workshop on Moving Target Defense (MTD 2018)

Topics for discussion include the following:

System randomization, Artificial diversity, Cyber maneuver and agility, Software diversity, Dynamic network configuration, Moving target in the cloud, System diversification techniques, Dynamic compilation techniques, Adaptive defenses Intelligent countermeasure selection, MTD strategies and planning, Deep learning for MTD, MTD quantification methods and models, MTD evaluation and assessment frameworks, Large-scale MTD (using multiple techniques), Moving target in software coding, application API virtualization, Autonomous technologies for MTD, Theoretic study on modeling trade-offs of using MTD approaches, Human, social, and usability aspects of MTD

MTD tools and approaches

Last fall at the Dallas 2017 ACM MTD workshop several groups presented papers on various moving target defense tools for web applications, advancements in ASLR (address space layout randomization), and post-quantum moving target communications (coincidentally a use case for CryptoMove):

• WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation

Moving Target Defense (MTD) is a novel proactive class of techniques that aim to defeat attacks by imposing uncertainty in attack reconnaissance and planning. This uncertainty is achieved by frequent and random mutation (randomization) of system configuration in a manner that is not traceable (predictable) by attackers. In this paper, we present WebMTD, a proactive moving target defense mechanism that thwarts a broad class of code injection attacks on Web applications, including cross-site scripting (XSS),HTML code injection, and server-side code injection attacks, in a manner that is transparent to developers, Web applications and browsers. Relying on built-in features of modern Web browsers, WebMTD randomizes certain attributes of Web elements to differentiate the application code from the injected code and disallow its execution; this is done without requiring Web developer involvement and browser code modification. Through rigorous evaluation, we show that WebMTD has very low performance overhead. Also, we argue that our technique outperforms all competing approaches due to its broad effectiveness, transparency, and low overhead. We claim that these qualities make WebMTD an ideal technique for defeating Web code injection attacks on real-world production Web applications.

• Mixr: Flexible Runtime Rerandomization for Binaries

Moving target defenses (MTDs) are an important area of security research. Among other uses, MTDs can protect software vulnerable to information leaks which enable attacks such as returnto-libc and return-oriented programming. In the context of an adversary that steals or infers information (in-memory passwords, cryptographic keys, locations of vulnerable functions, etc.) from a program and uses that information to build an attack, MTDs make the attacker’s job more difficult by consistently changing the program in a way that invalidates the collected information and thereby prevents him/her from building a weaponized attack — a robust attack that has a high probability of succeeding.

• Path Hopping: an MTD Strategy for Quantum-safe Communication

Moving target defense (MTD) strategies have been widely studied for securing computer communication systems. We consider using MTD strategies as a cryptographic mechanism for providing secure communication when the adversary has access to a quantum computer and security is required over a long period of time. We assume Alice and Bob are connected by multiple disjoint paths, not all of which can be eavesdropped by the attacker at the same time. We propose a cryptographic system that uses an MTD strategy that achieves long-term quantum-safe security. We model the system as a Markov chain, and propose two security measures that correspond to two types of adversaries, called risk-taking and risk-averse. Our numerical simulations shows dependencies between system parameters, and leads to new insights, such as quantifying the cost of being a risk-averse adversary.

[*note, we’ve actually seen CryptoMove utilized in a similar approach to communications between nodes with data splitting, encryption, movement, and mutation — including live-streaming real-time video communications]

‘Mimic defense’ hacking competition

This past May, at the Chinese Academy of Engineering, 22 teams competed in a competition to attempt to defeat a “Cyber Mimic System.” The teams included hackers from Russia, Japan, Ukraine, Poland, and China and attempted 500,000 attacks, apparently. There is not too much detail as to what the Cyber Mimic System entailed specifically, although a recent paper in IET Information Security may have more info. There is an open question, however, of whether such a ‘mimic defense’ should be considered a type of moving target defense, or something else entirely.

China's top cyber defense system braves first international hacking test - People's Daily Online

The Chinese government isn’t the only one prioritizing dynamic defenses. US federal agencies, including Department of Homeland Security’s Silicon Valley Innovation Program in its work with CryptoMove and its S&T-MTD group, continue to prioritize moving target defense technologies.

More efforts to quantify MTD risk reduction

In our previous blog post on MTD trends, we emphasized that threat modeling and risk reduction quantification were vital areas for the MTD community to focus on. With better frameworks for evaluating moving target defenses’ effect on risk, security defenders could better make the case for investing in innovative MTD approaches across the stack. Many boards look to CISOs to prioritize security resources based on risk reduction, so having frameworks for MTD risk evaluation is vital as CISOs and their teams increasingly spend more time, attention, and budget on moving target defense strategies, technology tools, and processes.

Several papers presented at the 2017 Dallas MTD workshop focused on MTD threat modeling, attack graphs, and risk quantification:

• If You Can’t Measure It, You Can’t Improve It: Moving Target Defense Metrics

We propose new metrics drawing inspiration from the optimization domain that can be used to characterize the effectiveness of moving target defenses better. Besides that, we propose a Network Neighborhood Partitioning algorithm that can help to measure the influence of MTDs more precisely. The techniques proposed here are generic and could be combined with existing metrics. The obtained results demonstrate how additional information about the effectiveness of defenses can be obtained as well as how network neighborhood partitioning helps to improve the granularity of metrics.

• Performance Modeling of Moving Target Defenses

In recent years, Moving Target Defense (MTD) has emerged as a potential game changer in the security landscape, due to its potential to create asymmetric uncertainty that favors the defender. Many different MTD techniques have then been proposed, each addressing an often very specific set of attack vectors. Despite the huge progress made in this area, there are still some critical gaps with respect to the analysis and quantification of the cost and benefits of deploying MTD techniques. In fact, common metrics to assess the performance of these techniques are still lacking and most of them tend to assess their performance in different and often incompatible ways. This paper addresses these gaps by proposing a quantitative analytic model for assessing the resource availability and performance of MTDs, and a method for the determination of the highest possible reconfiguration rate, and thus smallest probability of attacker’s success, that meets performance and stability constraints. Finally, we present an experimental validation of the proposed approach.

• Multi-Stage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis

AŠttack graphs are particularly suitable for modeling scenarios in moving target defense (MTD), where the defender employs proactive tactics to dynamically change network confi€gurations to limit the exposure of vulnerabilities. ThŒe advantages of MTD techniques are most salient for thwarting progressive aŠttacks, as reconfi€guration prevents the attŠacker from exploiting knowledge accumulated over time. AttŠack graphs naturally represent progress of an aŠttack, and the defense actions in our model, here de€fined abstractly, may incorporate MTD methods or other measures.

In addition to the papers presented at the ACM MTD conference on Attack Graphs, MTD metrics, and performance modeling, a great dissertation from George Mason was published in the Fall of 2017.

Titled A Quantitative Framework for Cyber Moving Target Defenses, the work does a great job of going over various moving target defense approaches and potential methods to quantify risk reduction. Definitely worth a read.

The slides are quite interesting as well:

One of the presentation slides from A Quantitative Framework for Cyber Moving Target Defenses

What’s up with the moving target defense startup landscape?

It appears that during the last year research into moving target defense has barreled ahead—how about the commercialization of moving target defense? Several startups have been innovating security products utilizing moving target defense approaches.

CryptoMove

A year ago, at the time of our last MTD trends blog post, CryptoMove had just wrapped up its seed financing and had started our first R&D projects with early adopters to test various applications of CryptoMove’s data protection technology. Since then, the company has grown quite a bit. CryptoMove in the last year has continued its R&D efforts and worked with a variety of early adopters in the Fortune 100 as well as federal agencies, generating unusual revenue and bringing CryptoMove’s platform closer to productization. Last fall, CryptoMove was selected to present on stage at Techcrunch Disrupt’s startup battlefield. A few months later, CryptoMove raised its Series A from Social Capital along with participation from existing investors Draper Associates, Pathbreaker, Red Dog Capital, 408 Ventures, and new angel investor Gerhard Eschelbeck, Google CISO, bringing total funding to $8m+. CryptoMove also joined NIST’s Global Cities Team Challenge, working on reference architecture for smart cities data security with San Leandro in the Bay Area, California.

Use cases for CryptoMove’s decentralized moving target data store have included as a key vault, secure cloud crown jewel, data, key, and file storage, secure file transfer, and IoT data and key protection including drones, cameras, and sensors.

CryptoMove is also now listed in Momentum Partners’ report—officially marking our place as ‘yet another’ security startup in the market. Next up: CryptoMove is productizing its data protection platform as a cloud-based service. Beta list requests available here.

Polyverse

Polyverse has made major progress in the last year as well. They’ve come out with their Polymorphic Linux product that applies moving target defense techniques at the operating system level for Linux. Polyverse has also continued to fundraise, recently raising $2m additional capital from existing investors, to bring total capital raised to $7m.

Morphisec

Morphisec keeps growing too—with its moving target defense endpoint detection / antivirus product. It is the most well capitalized of the moving target defense startups, having just announced its $12m Series B in February 2018.

At least two other startups are working on moving target defense technologies, including _cyel and CryptoniteNXT, and have continued to advance their solutions.

What about the data splitting market?

In addition to the fascinating developments in moving target defenses, there have also been many interesting developments when it comes to distributed and decentralized storage technology. Advancement of projects that split data like Siacoin, Storj.io, and others merits its own blog post, which we will follow with shortly…

In all, moving target defense had a good year since we last reviewed trends in 2017. The next 12 months should be exciting for MTD as well. It will be important for the early products in the market to continue to solidify, while early adopters prioritize moving target defense in their security innovation budgets.

We leave you with this from a former Marvel comic artist. Moving target defense changes the game.