•   When: Friday, November 21, 2014 from 11:00 AM to 12:00 PM
  •   Speakers: Hamed Okhravi
  •   Location: ENGR 4201
  •   Export to iCal

Abstract

Cyber moving target (MT) has been identified as one of the game-changing themes to re-balance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for the attackers. Although many MT techniques have been proposed in the literature, little has been done on evaluating their effectiveness, benefits, and weaknesses.

In this talk, we evaluate the wide range of MT techniques using three approaches. First, a qualitative assessment studies the potential benefits, gaps, and weaknesses for each category of MT. This step identifies major gaps in this domain which can guide future research and prototyping efforts. We also provide the findings of a qualitative assessment case study on code reuse defenses. Second, for the MT techniques that are identified as potentially more beneficial in the qualitative assessment, we perform a deeper quantitative assessment using real exploits. Third, we perform an assessment of how information leakage can impact the effectiveness of MT techniques inside a larger system.

Finally, we outline possible directions for future work in this domain.

Speaker's Biography

Hamed Okhravi is a member of Technical Staff at the Cyber Systems and Technology group of MIT Lincoln Laboratory, researching in the area of cyber security. Dr. Okhravi received his MS and PhD in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign (2006 and 2009). During his PhD study, he also interned at Network Geographics (2007) and Cisco Systems, Inc. (2008). Currently, Dr. Okhravi is working on cyber-attack survivable systems at MIT. His research interests are in cyber security, cyber trust, science of security, security metrics, and operating systems.

Posted 3 years, 1 month ago