Creating a Cyber Moving Target for Critical Infrastructure Applications
نویسندگان
چکیده
Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running critical application to change its hardware platform and operating system, thus providing cyber survivability through platform diversity. TALENT uses containers (operating-system-level virtualization) and a portable checkpoint compiler to create a virtual execution environment and to migrate a running application across different platforms while preserving the state of the application (execution state, open files and network connections). TALENT is designed to support general applications written in the C programming language. By changing the platform on-the-fly, TALENT creates a cyber moving target and significantly raises the bar for a successful attack against a critical application. Experiments demonstrate that a complete migration can be completed within about one second.
منابع مشابه
Creating a cyber moving target for critical infrastructure applications using platform diversity
Despite the significant effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a runnin...
متن کاملMoving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats
Excellent book is always being the best friend for spending little time in your office, night time, bus, and everywhere. It will be a good way to just look, open, and read the book while in that time. As known, experience and skill don't always come with the much money to acquire them. Reading this book with the PDF moving target defense creating asymmetric uncertainty for cyber threats will le...
متن کاملCritical Infrastructure Attack Modeling
The development and connection of information and communication technologies with industrial control systems in the so-called critical infrastructure have contributed to the emergence of new complex threats. The critical infrastructure has become a target of sophisticated cyber attacks which exploit several, also unknown, vulnerabilities in one course of an attack. The paper proposes an attack ...
متن کاملNetwork Randomization and Dynamic Defense for Critical Infrastructure Systems
Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation’s most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, ...
متن کاملResilience Management of Functions Vital to Society: A Multiple Case Study Analysis
Functions vital to our society and critical infrastructures — energy, water, transportation, communication, critical information infrastructure — lacks of resilience, typically losing essential functionality following adverse events. In the future, the number of climatic extremes may intensify or become more frequent, and building resilience becomes the optimal course of action for large comple...
متن کامل