Empirical Evaluation of the A3 Environment: Evaluating Defenses Against Zero-Day Attacks
Title | Empirical Evaluation of the A3 Environment: Evaluating Defenses Against Zero-Day Attacks |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Clark, Shane S., Paulos, Aaron, Benyo, Brett, Pal, Partha, Schantz, Richard |
Conference Name | 2015 10th International Conference on Availability, Reliability and Security |
Keywords | A3 defensive technology, A3 environment, adaptive security, app store, capture the flag tournament, composability, computer network security, critical system, CTF tournament, defense, empirical evaluation, execution management environment, File systems, Fires, IP networks, mediation, Monitoring, network service, network-facing application, novel attacks, Predictive Metrics, pubcrawl, record & replay, Red Team exercise, Resiliency, security, survivability, Testing, Zero day attacks, Zero Day Attacks and Defense, zero-day attack, Zero-day attacks |
Abstract | A3 is an execution management environment that aims to make network-facing applications and services resilient against zero-day attacks. A3 recently underwent two adversarial evaluations of its defensive capabilities. In one, A3 defended an App Store used in a Capture the Flag (CTF) tournament, and in the other, a tactically relevant network service in a red team exercise. This paper describes the A3 defensive technologies evaluated, the evaluation results, and the broader lessons learned about evaluations for technologies that seek to protect critical systems from zero-day attacks. |
DOI | 10.1109/ARES.2015.89 |
Citation Key | clark_empirical_2015 |
- mediation
- Zero-day attacks
- zero-day attack
- Zero Day Attacks and Defense
- testing
- Survivability
- security
- Resiliency
- Red Team exercise
- record & replay
- pubcrawl
- Predictive Metrics
- novel attacks
- network-facing application
- network service
- Monitoring
- Zero day attacks
- IP networks
- Fires
- File systems
- execution management environment
- empirical evaluation
- CTF tournament
- critical system
- computer network security
- composability
- capture the flag tournament
- app store
- adaptive security
- A3 environment
- A3 defensive technology
- defense