TWC: Small: Hydra - Hybrid Defenses for Resilient Applications: Practical Approaches Towards Defense In Depth

TWC：小型：Hydra - 弹性应用的混合防御：纵深防御的实用方法

• 批准号: 1619211
• 负责人: Michael Franz
• 金额: $ 50万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2020-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1619211&HistoricalAwards=false
• 关键词: TWC; Small; Hydra; Hybrid; Defenses

In popular culture, cyber security is characterized as a cat-and-mouse game: an attacker finds a new exploit, defenders find a corresponding countermeasure, and the game goes on and on. Unfortunately, reality isn't far removed from this fiction: most defenses are reactive to particular threats that have already been discovered, and they are often combined on top of each other, without attempting to integrate them. Combining disjoint security mechanisms in this manner often has the effect that the individual costs of the mechanisms add up, so that at some point it becomes impractical to add more. Biological immune systems in nature do much better than this, combining an innate response against general threats (such as bacteria and viruses) with a learned response against specific previously seen threats. Moreover, the adaptive system doesn't appear to get "slower" as it learns to handle new classes of pathogens. This research focuses on "hybrid" defenses inspired by biological systems.The project investigates practical "defense in depth" approaches that synthesize hybrid defenses that are greater the sum of their parts and that have lower overheads than traditional layered security solutions. This is not trivial, since one must ensure that combining multiple defenses doesn't create (possibly hidden) feature-interaction conflicts, perhaps even leading to new vulnerabilities that an attacker might exploit. The project's approach leverages dynamic diversification, which intersperses randomization with program execution. By rapidly switching between alternative versions of the program at run-time, one can ensure that the flow of control never follows the same path for two different executions of the same program, even when operating on the same inputs. This technique provides the foundation for much of the proposed research and offers probabilistic protection. The project will benefit all domains in which computer security measures have traditionally been constrained by performance considerations, including e-commerce, consumer software, and mobile computing.

在流行文化中，网络安全被描述为一场猫捉老鼠的游戏：攻击者找到新的漏洞，防御者找到相应的对策，游戏继续下去。不幸的是，现实与这一虚构关系并不遥远：大多数防御措施都是对已经发现的特定威胁做出反应，而且它们往往是叠加在一起的，而不是试图整合它们。以这种方式组合不相交的安全机制通常会产生这样的效果，即这些机制的单个成本相加，因此在某个时候增加更多成本变得不切实际。自然界中的生物免疫系统做得比这好得多，它结合了对一般威胁(如细菌和病毒)的先天反应和对以前看到的特定威胁的后天反应。此外，适应性系统在学习处理新的病原体类别时似乎并没有变得“更慢”。这项研究的重点是受生物系统启发的“混合”防御系统。该项目研究实用的“纵深防御”方法，这种方法合成的混合防御系统大于其各部分的总和，并且具有比传统的分层安全解决方案更低的管理费用。这不是微不足道的，因为必须确保组合多个防御不会产生(可能隐藏的)功能交互冲突，甚至可能导致攻击者可能利用的新漏洞。该项目的方法利用了动态多样化，这将随机化与程序执行穿插在一起。通过在运行时在程序的不同版本之间快速切换，可以确保控制流对于同一程序的两次不同执行永远不会遵循相同的路径，即使在相同的输入上操作也是如此。这项技术为许多拟议的研究提供了基础，并提供了概率保护。该项目将使计算机安全措施传统上受到性能考虑限制的所有领域受益，包括电子商务、消费软件和移动计算。