Towards Scalable Computer Defenses

迈向可扩展的计算机防御

• 批准号: RGPIN-2014-03782
• 负责人: Somayaji, Anil
• 金额: $ 2.33万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=665594
• 关键词: Towards; Scalable; Computer; Defenses

We seem to be losing the battle of computer security. Despite increasing investments in software security on all sides, attackers are still able to bypass defenses seemingly at will. The situation is so bad that large network administrators must assume that their networks have already been infiltrated no matter how much effort they put in to their defenses.**We assert that the key reason for this seemingly hopeless situation is that attacks are scalable while computer defenses are not. Attackers can make fixed-cost investments in attack development (e.g., finding a zero-day exploit, deveolping an exploit deployment mechanism) that can allow them to compromise millions of hosts. Defenders, however, can expend an unbounded amount of resources deploying firewalls, installing anti-malware software, running intrusion prevention systems, and manually auditing their software and configuration, only to find that their systems have still been compromised - assuming they are fortunate enough to even notice.**We propose to study the theory and practice behind making scalable defenses. The key insight for building scalable defenses is that attacker work should scale with the population size of the defenders: attackers should be required to expend effort proportional to the number of hosts that are to be compromised. The key questions addressed in this research are first, how can we define defense scalability in terms of software architecture and economics, and to what extent are current defenses scalable. If this research is successful it should provide a foundation for building and evaluating a new generation of scalable computer defenses.

我们似乎正在输掉这场计算机安全之战。尽管各方在软件安全方面的投资不断增加，但攻击者似乎仍然能够随意绕过防御。这种情况非常糟糕，以至于大型网络管理员必须假设他们的网络已经被渗透，无论他们投入多少努力进行防御。**我们断言，这种看似无望的情况的关键原因是攻击是可扩展的，而计算机防御是不可扩展的。攻击者可以在攻击开发上进行固定成本的投资（例如，找到一个零日漏洞，开发一个漏洞部署机制），这可以让他们危及数百万台主机。然而，防御者可能会花费大量资源部署防火墙、安装反恶意软件、运行入侵防御系统，并手动审核他们的软件和配置，结果却发现他们的系统仍然受到了威胁——假设他们足够幸运，甚至注意到了这一点。**我们建议研究可扩展防御背后的理论和实践。构建可扩展防御的关键观点是，攻击者的工作应该与防御者的数量一起扩展：应该要求攻击者花费与要破坏的主机数量成比例的精力。本研究解决的关键问题是，首先，我们如何根据软件架构和经济定义防御可伸缩性，以及当前防御可伸缩性的程度。如果这项研究取得成功，它将为构建和评估新一代可扩展的计算机防御提供基础。