Hardware-assisted Self-Tuning Cyber-Deception 637315350825819214

Abstract

Approved for Public ReleaseProject AbstractCyber-deception is a promising defense technique capable of disrupting and defeating computer system attackers with planned actions to mislead, redirect, drain or uncover them. In contrast to reactive defenses that can inadvertently help adversaries by affording them valuable time to tune their offensives, cyber-deception is a proactive defense that counters attackers as early as possible. Recent developments in cybersecurity, such as Zero Trust architecture, rightfully consider the evolving challenges where users, devices and applications can be physically located anywhere in the world. To realize such robust security standards, the defenders have to (1) actively maintain deep visibility into the activities and interactions between system components; (2) rigorously break adversarial attempts to penetrate the system. To scale the effectiveness of defense in the real world, automation and adaptivity of cyber-deception are must-have attributes. The main objectives of our project are two-fold: 1. Identify opportunities for leveraging hardwareassisted, dynamic cyber deception to counter adversaries in critical missions, 2. Explore automation to calibrate the adversary on-the-go and improve scalability of cyber-deception. Our solution will first analyze two key pieces of information needed for effective defense namely, identifying the cyber-resources that should be protected in the system and assessing the strength of the adversary through observing their behavior. We then begin to formulate cyber-deception against attack models needing varying defensive strategies ranging from early stage (by leveraging processor microarchitecture structures such as hardware instruction decoder to emit microoperations that divert a potential attacker right away) to late stage (where hardware prefetchers actively deceive an adversary that has already managed to circumvent access control mechanisms). We will also explore how to leverage custom ISA extensions (made available in modular architectures like RISC-V) for cyber-deception. Simultaneously, we will explore automation (selftuning) strategies. Our ultimate goal is to present a fully automated cyber-deception against anadversary with low overhead using hardware support, such that the attacker does not obtain control over or gather information from the mission-critical resources. Relevance to ONR: ONR has keen interest in Automated Cyber-Deception to protect the naval assets and has prioritized Cyber Security and Complex Software Systems Research as a program with designated thrust areas emphasizing key aspects such as information security and assurance, secure information management and interaction, and determining the security properties of software systems. This proposal seeks to explore practical approaches to automated cyberdeception using hardware support, that can help protect the ONRs software-hardware assets against security attacks. Due to the unavailability of source code in most legacy systems, our solution approach leverages processor hardware and binary instrumentation tools to achieve cyberdeception. The project will explore novel machine learning-based methodologies to automate the cyber-deception strategy. If successful, this project can provide a more robust autonomous defense using cyber-deception to protect US Navys software and other assets controlled by such systems.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 05, 2021

Source ID

N000142112520

Entities

Tags