Moving Target Defense – A survey of research contributions
Publish date: 2014-11-10
Report number: FOI-R--3942--SE
Pages: 48
Written in: Swedish
Keywords:
- IT security
- Moving Target Defense
- Dynamic Defenses
Abstract
Time has shown that most systems can have cyber security vulnerabilities that are exposed to attackers. Moving Target Defense (MTD) is a type of technique that attempts to obtain secure systems given this premise by continuously changing the attackable surface; thus changing between different (presumed vulnerable) configurations rather than attempting to mitigate existing vulnerabilities. System security is assured as the attacker does not have the time to identify where vulnerabilities are located before the current configuration is replaced by a new one. MTD is a relatively new concept, but its core ideas have been available in the ITcommunity for more than a decade. For example, a variant of MTD has been available for Linux since 2001 and another variant was tested by DARPA during the same year. The relatively intensive research that currently is being carried out regarding MTD was however initiated a few years ago when large investments were made by e.g. the Department of Homeland Security for dedicated research within the area. This study surveys articles that concern MTD with the purpose to identify what variants of MTDs that exist, how useful these are, what performance they possess, and what kind of security they bring. A literature study identified 129 articles; of these, 32 were relevant to the purpose of the study. Six kinds of MTDs were identified: 1) moving code transformation, 2) moving memory allocation, 3) moving applications, 4) moving machines, 5) moving network addresses and 6) combinations of these five kinds. Focus for the identified articles lie in introduction of novel protection mechanisms rather than examining the quality of these mechanisms. Quality is often discussed using theory and/or simulation results, but in general without actual empirical data and given unrealistic premises. This makes it difficult to know how (from a security standpoint) effective the defense mechanisms are, and how much they affect the experience of the end-user. Future work within the area should thus focus more on evaluating the quality of defense mechanisms, in particular in regard to how the end-user is affected and given a realistic threat model. Empirical tests given realistic configurations, for instance using cyber ranges, is one mean of obtaining more valid results.