Visible to the public Biblio

Filters: Author is Duque Anton, Simon  [Clear All Filters]
2019-09-09
Fraunholz, Daniel, Krohmer, Daniel, Duque Anton, Simon, Schotten, Hans Dieter.  2018.  Catch Me If You Can: Dynamic Concealment of Network Entities. Proceedings of the 5th ACM Workshop on Moving Target Defense. :31–39.
In this paper, a framework for Moving Target Defense is introduced. This framework bases on three pillars: network address mutation, communication stack randomization and the dynamic deployment of decoys. The network address mutation is based on the concept of domain generation algorithms, where different features are included to fulfill the system requirements. Those requirements are time dependency, unpredictability and determinism. Communication stack randomization is applied additionally to increase the complexity of reconnaissance activity. By employing communication stack randomization, previously fingerprinted systems do not only differ in the network address but also in their communication pattern behavior. And finally, decoys are integrated into the proposed framework to detect attackers that have breached the perimeter. Furthermore, attacker's resources can be bound by interacting with the decoy systems. Additionally, the framework can be extended with more advanced Moving Target Defense methods such as obscuring port numbers of services.
2019-02-13
Fraunholz, Daniel, Reti, Daniel, Duque Anton, Simon, Schotten, Hans Dieter.  2018.  Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services. Proceedings of the 5th ACM Workshop on Moving Target Defense. :40–47.

Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.