Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism

  • Hamed Okhravi
  • James Riordan
  • Kevin Carter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8688)


Cyber defenses based on dynamic platform techniques have been proposed as a way to make systems more resilient to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this work, we first measure the protection provided by a dynamic platform technique on a testbed. The counter-intuitive results obtained from the testbed guide us in identifying and quantifying the major effects contributing to the protection in such a system. Based on the abstract effects, we develop a generalized model of dynamic platform techniques which can be used to quantify their effectiveness. To verify and validate our results, we simulate the generalized model and show that the testbed measurements and the simulations match with small amount of error. Finally, we enumerate a number of lessons learned in our work which can be applied to quantitative evaluation of other defensive techniques.


Dynamic platforms platform diversity quantitative evaluation metrics intrusion tolerance moving target 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Networking, F., Research, I.T., (NITRD), D.: Federal Cybersecurity Game-change R&D Themes (2012),
  2. 2.
    Williams, D., Hu, W., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: Leveraging virtual machine technology. IEEE Security and Privacy 7(1), 26–33 (2009)CrossRefGoogle Scholar
  3. 3.
    Salamat, B., Jackson, T., Wagner, G., Wimmer, C., Franz, M.: Runtime defense against code injection attacks using replicated execution. IEEE Transactions on Dependable and Secure Computing 8(4), 588–601 (2011)CrossRefGoogle Scholar
  4. 4.
    Salamat, B., Gal, A., Jackson, T., Manivannan, K., Wagner, G., Franz, M.: Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities. In: International Conference on Complex, Intelligent and Software Intensive Systems (2008)Google Scholar
  5. 5.
    Jackson, T., Salamat, B., Wagner, G., Wimmer, C., Franz, M.: On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, vol. 7, pp. 7:1–7:8 (2010)Google Scholar
  6. 6.
    Holland, D.A., Lim, A.T., Seltzer, M.I.: An architecture a day keeps the hacker away. SIGARCH Comput. Archit. News 33(1), 34–41 (2005)CrossRefGoogle Scholar
  7. 7.
    Okhravi, H., Comella, A., Robinson, E., Haines, J.: Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection 5(1), 30–39 (2012)CrossRefGoogle Scholar
  8. 8.
    Saidane, A., Nicomette, V., Deswarte, Y.: The design of a generic intrusion-tolerant architecture for web servers. IEEE Transactions on Dependable and Secure Computing 6(1), 45–58 (2009)CrossRefGoogle Scholar
  9. 9.
    Bangalore, A., Sood, A.: Securing web servers using self cleansing intrusion tolerance (scit). In: Second International Conference on Dependability, pp. 60 –65 (2009)Google Scholar
  10. 10.
    Huang, Y., Arsenault, D., Sood, A.: Incorruptible system self-cleansing for intrusion tolerance. In: 25th IEEE International on Performance, Computing, and Communications Conference, IPCCC 2006, vol. 4, p. 496 (April 2006)Google Scholar
  11. 11.
    Arsenault, D., Sood, A., Huang, Y.: Secure, resilient computing clusters: Self-cleansing intrusion tolerance with hardware enforced security (scit/hes). In: Proceedings of the Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 343–350. IEEE Computer Society, Washington, DC (2007)Google Scholar
  12. 12.
    Okhravi, H., Hobson, T., Bigelow, D., Streilein, W.: Finding Focus in the Blur of Moving-Target Techniques. IEEE Security & Privacy (March/April 2014)Google Scholar
  13. 13.
    Scott, K., Davidson, J.: Strata: A Software Dynamic Translation Infrastructure. Technical Report CS-2001-17 (2001)Google Scholar
  14. 14.
    Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 89–100. ACM, New York (2007)CrossRefGoogle Scholar
  15. 15.
    Salamat, B., Gal, A., Franz, M.: Reverse stack execution in a multi-variant execution environment. In: Workshop on Compiler and Architectural Techniques for Application Reliability and Security (2008)Google Scholar
  16. 16.
    Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: A secretless framework for security through diversity. In: Proceedings of the 15th Conference on USENIX Security Symposium (2006)Google Scholar
  17. 17.
    Crouse, M., Fulp, E.: A moving target environment for computer configurations using genetic algorithms. In: 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG), pp. 1–7 (October 2011)Google Scholar
  18. 18.
    Huang, Y., Ghosh, A.K.: Introducing diversity and uncertainty to create moving attack surfaces for web services. In: Moving Target Defense, pp. 131–151 (2011)Google Scholar
  19. 19.
    Min, B.J., Choi, J.S.: An approach to intrusion tolerance for mission-critical services using adaptability and diverse replication. Future Gener. Comput. Syst, 303–313 (2004)Google Scholar
  20. 20.
    Kolyshkin, K.: Virtualization in linux. White paper, OpenVZ (September 2006)Google Scholar
  21. 21.
    Rodríguez, G., Martín, M.J., González, P., Touriño, J., Doallo, R.: Cppc: A compiler-assisted tool for portable checkpointing of message-passing applications. Concurr. Comput.: Pract. Exper. 22(6), 749–766 (2010)Google Scholar
  22. 22.
    Lippmann, R.P., Riordan, J.F., Yu, T.H., Watson, K.K.: Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics. Technical report. MIT Lincoln Laboratory (May 2012)Google Scholar
  23. 23.
    Bangalore, A.K., Sood, A.K.: Securing web servers using self cleansing intrusion tolerance (scit). In: Proceedings of the 2009 Second International Conference on Dependability, pp. 60–65 (2009)Google Scholar
  24. 24.
    Huang, Y., Arsenault, D., Arun, S.: Incorruptible self-cleansing intrusion tolerance and its application to dns security. A Journal of Networks 1(5), 21–30 (2006)Google Scholar
  25. 25.
    Huang, Y., Ghosh, A.: Automating intrusion response via virtualization for realizing uninterruptible web services. In: Eighth IEEE International Symposium on Network Computing and Applications, NCA 2009, pp. 114–117 (July 2009)Google Scholar
  26. 26.
    Blackmon, S., Nguyen, J.: High-availability file server with heartbeat. System Admin. The Journal for UNIX and Linux Systems Administration 10(9) (2001)Google Scholar
  27. 27.
    Rabbat, R., McNeal, T., Burke, T.: A high-availability clustering architecture with data integrity guarantees. In: IEEE International Conference on Cluster Computing (2001)Google Scholar
  28. 28.
    Petkac, M., Badger, L.: Security agility in response to intrusion detection. In: 16th Annual Computer Security Applications Conference (ACSAC), vol. 11 (2000)Google Scholar
  29. 29.
    Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Moving Target Defense, pp. 77–98 (2011)Google Scholar
  30. 30.
    Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 34th Annual International Symposium on Computer Architecture, ISCA 2007, pp. 494–505. ACM, New York (2007)Google Scholar
  31. 31.
    Manadhata, P.K., Wing, J.M.: A formal model for a system’s attack surface. In: Moving Target Defense, pp. 1–28 (2011)Google Scholar
  32. 32.
    Evans, D., Nguyen-Tuong, A., Knight, J.C.: Effectiveness of moving target defenses. In: Moving Target Defense, pp. 29–48 (2011)Google Scholar
  33. 33.
    Popov, G., Mladenov, V.: Modeling diversity in recovery computer systems. In: Mastorakis, N., Mladenov, V., Kontargyri, V.T. (eds.) Proceedings of the European Computing Conference. LNEE, vol. 27, pp. 223–233. Springer, US (2009)CrossRefGoogle Scholar
  34. 34.
    Arlat, J., Kanoun, K., Laprie, J.C.: Dependability modeling and evaluation of software fault-tolerant systems. IEEE Trans. Comput. 39(4), 504–513 (1990)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Hamed Okhravi
    • 1
  • James Riordan
    • 1
  • Kevin Carter
    • 1
  1. 1.MIT Lincoln LaboratoryUSA

Personalised recommendations