You are here

Moving Target Defense

Description:

For details, please refer to the solicitation details located at FedBizOpps website.

In the current environment, our systems are built to operate in a relatively static configuration. For example, addresses, names, software stacks, networks, and various configuration parameters remain relatively static over relatively long periods of time. This static approach is a legacy of information technology system design for simplicity in a time when malicious exploitation of system vulnerabilities was not a concern.

In order to be effective, adversaries must know a particular vulnerability of a system. The longer the vulnerability of a system exists, the more likely it is to be discovered and then exploited. Many system vulnerabilities are published by researchers and software vendors in order for system owners to patch those vulnerabilities. A system that remains unpatched is vulnerable to exploitation. Vulnerabilities that are not publicly disclosed are called zero-day vulnerabilities, and are known to a limited set of people. Zero-day vulnerabilities present a large risk to system owners because without knowledge of the vulnerability, system owners have no way to patch it.

It is now clear that static systems present a substantial advantage to attackers. Attackers can observe the operation of key IT systems over long periods of time and plan attacks at their leisure, having mapped out an inventory of assets, vulnerabilities, and exploits. Additionally, attackers can anticipate likely responses and deploy attacks that escalate in sophistication as defenders deploy better defenses. Attackers can afford to invest significant resources in developing attacks since the attacks can often be used repeatedly from one system to another.

The magnitude of this problem suggests that the information technology community needs a radically new approach for IT system defense. To visualize the elements of the new environment, observe that for attackers to exploit a system today, they must learn about a vulnerability and hope that it is present long enough to exploit. For defenders to defeat attacks today, they must develop a signature of malware or attacks and hope it is static long enough to block that attack. Malware writers develop mechanisms to rapidly change malware in order to defeat detection mechanisms. We, as defenders, should learn from this approach, and build systems that rapidly change, never allowing the exploitation of a particular vulnerability to impair the ability of a system to perform its mission/function, or if exploited once, not allowed to be exploitable again. If done correctly, this “moving target" defense can present a formidable obstacle to attackers since attackers depend on knowing a system's vulnerabilities a priori.

Therefore, a game-changing approach to building self-defending systems can and must be developed. Protecting systems (thus avoiding exposed vulnerabilities) to the greatest extent possible should still be the first goal. This new approach is known as, "Moving Target Defense (MTD)." An important benefit of moving target defense is to decrease the known attack surface area of our systems to adversaries while simultaneously shifting it; a key challenge of moving target defense is to ensure that our systems remain dependable to their users and maintainable by their owners. By making the attack surface of software appear chaotic to adversaries, it forces them to significantly increase the work effort to exploit vulnerabilities for every desired target. For instance, by the time an adversary discovers a vulnerability in a service, the service will have changed its attack surface area so that an-other exploit against that vulnerability will be ineffective. The characteristics of a MTD system are dynamically changed in ways that are manageable by the defender yet make the attack space appear unpredictable to the attacker. Moving target defense technology changes the game by wresting the advantage from the attacker because it eliminates the availability of constant or slowly-changing vulnerability windows that allow attackers to lie in wait and conduct useful experiments on persistent vulnerabilities. This game-changing approach challenges the traditional approach which councils that adding complexity to our systems adds risk. Conversely, the complexity of today’s compute platforms and analytic and control methods can now be used to frustrate our adversaries. The challenge is to demonstrate that complexity is indeed a benefit and not a liability.

The MTD area has its underpinnings in fundamental research in the following supporting or component areas: virtualization, multi-core processing, new networking capabilities, systems management, and evolutionary resiliency and defense methods. The results of the National Cyber Leap Year (NCLY) Summit (see References) categorized the current needs into research areas for consideration as follows: 

(1) Characterize the vulnerability space and understand the effect of system randomization on the ability to exploit those vulnerabilities.

(2) Understand the effect of randomization of individual components on the behavior of complex systems, with respect to both their resiliency and their ability to evade threats.

(3) Develop a control mechanism that can abstract the complexity of MTD systems and enable sound, resilient systems management.

(4) Enable the adaptation of MTD mechanisms as the understanding of system behavior matures and our threat evolves.

PHASE I: Demonstrate new methods, techniques, tools, and/or designs providing improved “moving target defense” technologies using the component areas identified above. Proofs-of-concept may include existing legacy products and tools, with new capabilities and/or services that could be applied in operational environments at either the individual system level or network level or both.

PHASE II: Develop and implementation operationally ready tools, methods, mechanisms, and/or services providing “moving target defense” capabilities with initial solution capable of being demonstrated in operational systems and/or network environments.

PHASE III: COMMERCIAL APPLICATIONS: The final developed “moving target defense” tools and techniques will be expected to be used in operational Federal, State, and Local CIO environments, and potentially usable by commercial Internet Service Providers (ISPs) and IT vendors. It is anticipated that those tools and techniques delivered as open source technology will require support, custom extensions, and additional applications as they are commercially introduced.

US Flag An Official Website of the United States Government