The static nature of current computing systems has made them easy to attack and hard to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for both defenders and attackers - hopefully even tilting it in favor of the defender.
This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since MTD research is still in its nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results.
- System randomization
- Artificial diversity
- Cyber maneuver and agility
- Software diversity
- Dynamic network configuration
- Moving target in the cloud
- System diversification techniques
- Dynamic compilation techniques
- Adaptive defenses
- MTD quantification methods and models
- MTD evaluation and assessment frameworks
- Large-scale MTD (using multiple techniques)
- Moving target in software coding, application API virtualization
- Autonomous technologies for MTD
- Theoretic study on modeling trade-offs of using MTD approaches
- Human, social, and usability aspects of MTD
- Other related areas
Paper submissions: Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 10 pages in the ACM double-column format, excluding well-marked appendices, and at most 12 pages in total. Submissions are not required to be anonymized.
System demo submissions: Each accepted system demo must be demonstrated on site by a registered workshop attendee; then a 2-page description can be included in the proceedings. System demo submissions should be at most 2 pages in the ACM double-column format, excluding well-marked appendices, and at most 4 pages in total. Submitted system demos must not substantially overlap system demos that have been published or that are simultaneously submitted to another conference with proceedings. Submissions are not required to be anonymized.
Submission website: Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=mtd20170. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of August, 4, 2017 to be considered. Notification of acceptance or rejection will be sent to authors by September 4, 2017. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop. Proceedings of the workshop will be available on a CD to the workshop attendees and will become part of the ACM Digital Library.
Contact: Hamed Okhravi and Xinming Ou, MTD 2017 Program Chairs, email@example.com
- Paper submission due:
August 4, 2017August 18, 2017 Anywhere on Earth (Extended)
- Notification to authors: September 11, 2017
- Camera ready due: September 17, 2017 (Hard deadline)
Prof. Paul C. Van Oorschot, Canada Research Chair in Authentication and Computer Security and Professor of Computer Science, Carleton University, Canada
Title: "Science, Security and Academic Literature: Can We Learn from History?"
Abstract: "A recent paper (Oakland 2017) discussed science and security research in the context of the government-funded Science of Security movement, and the history and prospects of security as a scientific pursuit. It drew on literature from within the security research community, and mature history and philosophy of science literature. The paper sparked debate in numerous organizations and the security community. Here we consider some of the main ideas, provide a summary list of relevant literature, and encourage discussion within the Moving Target Defense (MTD) sub-community."
Prof. Ahmad-Reza Sadeghi, Professor of Computer Science at the Technische Universität Darmstadt, Germany
Title: "Moving Targets vs. Moving Adversaries: On the Effectiveness of System Randomization"
Abstract: "Memory-corruption vulnerabilities pose a severe threat on modern systems security. Although this problem is known for almost three decades it is unlikely to be solved in the near future because a large amount of modern software is still programmed in unsafe, legacy languages such as C/C++. With new vulnerabilities in popular software discovered almost every day, and with high third party demand for (purchasing) the corresponding exploits, runtime attacks are more prevalent than ever.
Even perfect cryptography can easily be undermined by exploiting software vulnerabilities. Typically, one vulnerability in wide-spread software (e.g., Tor Browser) is sufficient for the adversary to compromise all users. Moving target approaches such as software diversity and system randomization techniques are considered to be effective and practical means to strongly reduce the scale of such attacks because ideally, the adversary would require to craft a unique exploit per user. However, recently it was shown that existing software-randomization schemes can be circumvented by practical exploitation techniques using information leakage. These attacks motivated a number of subsequent works to prevent the adversary from reading code by using various techniques to prevent code disclosure, which seems to be non-trivial. And, the arms race will continue.
This talk will revisit the effectiveness of software diversity through software randomization. We discuss different security aspects of state-of-the art randomization-based defenses and their advantages and disadvantages, and conclude with future research directions."
|CCS 2017 MTD Workshop, Monday Oct 30, 2017|
|7:30 AM - 8:50 AM||Registration|
|8:50 AM - 9:00 AM||Opening Remarks and Logistics|
Session Chair: Hamed Okhravi
|9:00 AM - 10:00 AM||
Keynote Speaker: Prof. Paul Van Oorschot
"Science, Security and Academic Literature: Can We Learn from History?"
New Moving Target Defenses
Session Chair: TBD
|10:00 AM - 10:15 AM||Coffee Break|
|10:15 AM - 10:45 AM||"U-TRI: Unlinkability Through Random Identifier for SDN Network", Yulong Wang (Beijing University of Posts and Telecommunications); Qingyu Chen (Beijing University of Posts and Telecommunications); Junjie Yi (Beijing University of Posts and Telecommunications); Jun Guo (Beijing University of Posts and Telecommunications)|
|10:45 AM- 11:15 AM||"WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation", Amirreza Niakanlahiji (UNC Charlotte); Jafar Haadi Jafarian (University of Colorado Denver)|
|11:15 AM - 11: 45 AM||"Mixr: Flexible Runtime Rerandomization for Binaries", William Hawkins (University of Virginia); Anh Nguyen-Tuong (University of Virginia); Jason D. Hiser (University of Virginia); Michele Co (University of Virginia); Jack W. Davidson (University of Virginia)|
|11:45 AM - 12:15 PM||"Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control", Carlos E. Rubio-Medrano (Arizona State University); Josephine Lamp (Arizona State University); Adam Doupé (Arizona State University); Ziming Zhao (Arizona State University); Gail-Joon Ahn (Arizona State University)|
|12:15 PM - 1:45 PM||Lunch and Networking|
Keynote # 2
Session Chair: Hamed Okhravi
|1:45 PM - 2:45 PM||
Keynote Speaker: Prof. Ahmad-Reza Sadeghi
"Moving Targets vs. Moving Adversaries: On the Effectiveness of System Randomization"
MTD Models and Evaluation
Session Chair: Jason Syversen
|2:45 PM - 3:15 PM||"Performance Modeling of Moving Target Defenses", Warren Connell (George Mason University); Daniel Menasce(George Mason University); Massimiliano Albanese (George Mason University)|
|3:15 PM - 3:45 PM||"Evaluation of Deception-based Web Attacks Detection", Xiao Han (Orange Labs and Eurecom); Nizar Kheir (Thales); Davide Balzarotti (Eurecom)|
|3:34 PM - 4:00 PM||Coffee Break|
MTD-Based Detection, Games, and Algorithms
Session Chair: TBD
|4:00 PM - 4:30 PM||"Detecting Stealthy Botnets in a Resource-Constrained Environment using Reinforcement Learning", Sridhar Venkatesan (George Mason University); Massimiliano Albanese (George Mason University); Ankit Shah (George Mason University); Rajesh Ganesan (George Mason University); Sushil Jajodia (George Mason University)|
|4:30 PM - 5:00 PM||"Multi-Stage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis", Thanh H. Nguyen (University of Michigan, Ann Arbor); Mason Wright (University of Michigan, Ann Arbor); Michael P. Wellman (University of Michigan, Ann Arbor); Satinder Singh (University of Michigan, Ann Arbor)|
|5:00 PM - 5:30 PM||"Online algorithms for adaptive cyber defense on Bayesian attack graphs", Zhisheng Hu (Pennsylvania State University); Minghui Zhu (Pennsylvania State University); Peng Liu (Pennsylvania State University)|
Session Chair: Massimiliano Albanese
|5:30 PM - 5:45 PM||"Path Hopping: an MTD Strategy for Quantum-safe Communication", Reihaneh Safavi-Naini (University of Calgary); Alireza Poostindouz (University of Calgary); Viliam Lisy (Czech Technical University)|
|5:45 PM - 6:00 PM||"If You Can't Measure It, You Can't Improve It: Moving Target Defense Metrics", Stjepan Picek (IEEE); Erik Hemberg (MIT CSAIL); Una-May O'Reilly (MIT CSAIL)|
|6:00 PM||Closing Remarks|