A Multi-Layer Moving Target Defense Approach for Protecting Resource-Constrained Distributed Devices

  • Valentina Casola
  • Alessandra De Benedictis
  • Massimiliano Albanese
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 263)


Techniques aimed at continuously changing a system’s attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this chapter, we propose an MTD approach for protecting resource-constrained distributed devices through fine-grained reconfiguration at different architectural layers. We introduce a coverage-based security metric to quantify the level of security provided by each system configuration: such metric, along with other performance metrics, can be adopted to identify the configuration that best meets the current requirements. In order to show the feasibility of our approach in real-world scenarios, we study its application to Wireless Sensor Networks (WSNs), introducing two different reconfiguration mechanisms. Finally, we show how the proposed mechanisms are effective in reducing the probability of successful attacks.


Moving target defense Reconfiguration Proactive security 


  1. 1.
    Executive Office of the President, National Science and Technology Council: Trustworthy cyberspace: Strategic plan for the federal cybersecurity research and development program. Accessed Dec 2011
  2. 2.
    Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving target defense II: Application of game theory and adversarial modeling. 1st edn. Advances in Information Security, vol. 100, Springer, Berlin (2013)Google Scholar
  3. 3.
    Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving target defense: Creating asymmetric uncertainty for cyber threats. 1st edn. Advances in Information Security, vol. 54, Springer, Berlin (2011)Google Scholar
  4. 4.
    Wang, Q., Zhu, Y., Cheng, L.: Reprogramming wireless sensor networks: challenges and approaches. IEEE Netw. 20(3), 48–55 (2006)Google Scholar
  5. 5.
    Casola, V., De Benedictis, A., Albanese, M.: A moving target defense approach for protecting resource-constrained distributed devices. In: Proceedings of the 14th IEEE International Conference on Information Reuse and Integration (IEEE IRI 2013), San Francisco, CA, Aug 2013Google Scholar
  6. 6.
    Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Software Eng. 37(3), 371–386 (2011)Google Scholar
  7. 7.
    Evans, D., Nguyen-Tuong, A., Knight, J.C.: Effectiveness of moving target defenses. In: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, pp. 29–48. Springer, New York (2011)Google Scholar
  8. 8.
    Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM conference on Computer and communications security. CCS ’03, ACM, New York. pp. 272–280 (2003)Google Scholar
  9. 9.
    Cadar, C., Akritidis, P., Costa, M., Martin, J.P., Castro, M.: Data randomization. Technical report, Microsoft Research (2008)Google Scholar
  10. 10.
    Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, pp. 77–98. Springer, New York (2011)Google Scholar
  11. 11.
    Antonatos, S., Akritidis, P., Markatos, E.P., Anagnostakis, K.G.: Defending against hitlist worms using network address space randomization. Comput. Netw. 51(12), 3471–3490 (2007)Google Scholar
  12. 12.
    Atighetchi, M., Pal, P., Webber, F., Jones, C.: Adaptive use of network-centric mechanisms in cyber-defense. In: Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC 2003), pp. 183–192 May 2003Google Scholar
  13. 13.
    Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of the DARPA Information Survivability Conference & Exposition (DISCEX 2011). Vol. 1, pp. 176–185. Anaheim, CA, June 2011Google Scholar
  14. 14.
    Antonatos, S., Akritidis, P., Markatos, E., Anagnostakis, K.: Defending against hitlist worms using network address space randomization. Comput. Netw. 51(12), 3471–3490 (2007)CrossRefzbMATHGoogle Scholar
  15. 15.
    Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks. HotSDN ’12, pp. 127–132. ACM, New York (2012)Google Scholar
  16. 16.
    Albanese, M., De Benedictis, A., Jajodia, S., Sun, K.: A moving target defense mechanism for MANETs based on identity virtualization. In: Proceedings of the First IEEE Conference on Communications and Network Security (IEEE CNS 2013), Washington, DC, Oct 2013Google Scholar
  17. 17.
    Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: A policy-based methodology for security evaluation: a security metric for public key infrastructures. J. Comput. Secur. 15(2), 197–229 (2007)Google Scholar
  18. 18.
    Common criteria project: Common criteria for information technology security evaluation 2.1. Technical report, US NIST (1999)Google Scholar
  19. 19.
    Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, US Department Of, Defense (1985)Google Scholar
  20. 20.
    Li, X., Parker, T.P., Xu, S.: A stochastic model for quantitative security analyses of networked systems. IEEE Trans. Dependable Sec. Comput. 8(1), 28–43 (2011)CrossRefGoogle Scholar
  21. 21.
    Barth, A., Rubinstein, B.I.P., Sundararajan, M., Mitchell, J.C., Song, D., Bartlett, P.L.: A learning-based approach to reactive security. IEEE Trans. Dependable Sec. Comput. 9(4), 482–493 (2012)CrossRefGoogle Scholar
  22. 22.
    Ahmed, M.S., Al-Shaer, E., Khan, L.: A novel quantitative approach for measuring network security. In: INFOCOM. pp. 1957–1965 (2008)Google Scholar
  23. 23.
    Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: QoP. pp. 31–38 A novel quantitative approach for measuring network security. In: INFOCOM. 1957–1965 (2008)Google Scholar
  24. 24.
    Mell, P., Scarfone, K., Romanosky, S.: NIST IR 7435: The common vulnerability scoring system (CVSS) and its applicability to federal agency systems, Aug (2007)Google Scholar
  25. 25.
    Casola, V., Preziosi, R., Rak, M., Troiano, L.: A reference model for security level evaluation: policy and fuzzy techniques. J. Univers. Comput. Sci. 11(1), 150–174 (2005)Google Scholar
  26. 26.
    Foley, S.N., Fitzgerald, W., Bistarelli, S., OSullivan, B., Foghl, M.: Principles of secure network configuration: towards a formal basis for self-configuration. Lecture Notes in Computer Science, vol. 4268. Springer, Berlin Heidelberg (2006)Google Scholar
  27. 27.
    Casola, V., De Benedictis, A., Drago, A., Mazzocca, N.: Analysis and comparison of security protocols in wireless sensor networks. In: Proceedings of the 30th IEEE Symposium on Reliable Distributed Systems Workshops (SRDSW 2011), pp. 52–56. Madrid, Spain (Oct 2011)Google Scholar
  28. 28.
    Wang, H., Sheng, B., Tan, C., Li, Q.: WM-ECC: An elliptic curve cryptography suite on sensor motes. Technical Report WMCS-2007-11, College of William and Mary (Oct 2007)Google Scholar
  29. 29.
    Xiong, X., Wong, D.S., Deng, X.: TinyPairing: a fast and lightweight pairing-based cryptographic library for wireless sensor networks. In: Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC 2010), Apr 2010Google Scholar
  30. 30.
    Hui, J.W., Culler, D.: The dynamic behavior of a data dissemination protocol for network programming at scale. In: Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys 2004), pp. 81–94. Baltimore, MD (2004)Google Scholar
  31. 31.
    Dutta, P.K., Hui, J.W., Chu, D.C., Culler, D.E.: Securing the deluge network programming system. In: Proceedings of the Fifth International Conference on Information Processing in Sensor Networks (IPSN 2006), pp. 326–333. Apr 2006Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of Electrical Engineering and Information TechnologyUniversity of Naples Federico IINaplesItaly
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations