Verifying the enforcement and effectiveness of network lateral movement resistance techniques

Mohammed Noraden Alsaleh; Ehab Al-Shaer; Qi Duan

doi:10.5220/0006868902460257

Verifying the enforcement and effectiveness of network lateral movement resistance techniques

Mohammed Noraden Alsaleh, Ehab Al-Shaer, Qi Duan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

As the sophistication of cyber-attacks is ever increasing, cyber breaches become inevitable and their consequences are often highly damaging. Isolation and diversity are key techniques of cyber resilience for creating built-in resistance in cyber networks against the lateral movement of multi-step Advanced Persistent Threats (APTs) and epidemic attacks. However, the key unaddressed challenges are (1) how to ensure that specific isolation and diversity configurations are sufficient to prevent the lateral movement of attacks and (2) how to verify that such configurations are enforced safely despite the complex inter-dependency between cyber components. In this paper, we address these challenges by developing formal models and properties to verify the effectiveness and enforceability of proactive cyber resistance techniques. We present a bounded model checking approach based on satisfiability Modulo theories (SMT) for OpenFlow software defined networks (SDNs). We verify that given resistance techniques are enforced in a way that does not violate the cyber mission requirements and we evaluate the configuration resistance based on user-defined resistance properties.

Original language	English
Title of host publication	SECRYPT
Editors	Pierangela Samarati, Mohammad S. Obaidat, Mohammad S. Obaidat
Publisher	SciTePress
Pages	246-257
Number of pages	12
ISBN (Electronic)	9789897583193
DOIs	https://doi.org/10.5220/0006868902460257
State	Published - 2018
Externally published	Yes
Event	15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Porto, Portugal Duration: 26 Jul 2018 → 28 Jul 2018

Publication series

Name	ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications
Volume	2

Conference

Conference	15th International Joint Conference on e-Business and Telecommunications, ICETE 2018
Country/Territory	Portugal
City	Porto
Period	26/07/18 → 28/07/18

Bibliographical note

Publisher Copyright:
Copyright © 2018 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved

Keywords

Configuration
Cyber Attacks
Model Checking
Resilience
Resistance

ASJC Scopus subject areas

Signal Processing
Electrical and Electronic Engineering
Computer Networks and Communications

Access to Document

10.5220/0006868902460257

Cite this

Alsaleh, M. N., Al-Shaer, E., & Duan, Q. (2018). Verifying the enforcement and effectiveness of network lateral movement resistance techniques. In P. Samarati, M. S. Obaidat, & M. S. Obaidat (Eds.), SECRYPT (pp. 246-257). (ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications; Vol. 2). SciTePress. https://doi.org/10.5220/0006868902460257

Alsaleh, Mohammed Noraden ; Al-Shaer, Ehab ; Duan, Qi. / Verifying the enforcement and effectiveness of network lateral movement resistance techniques. SECRYPT. editor / Pierangela Samarati ; Mohammad S. Obaidat ; Mohammad S. Obaidat. SciTePress, 2018. pp. 246-257 (ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications).

@inproceedings{fd6dc1b355214af0b769c30067dd47fb,

title = "Verifying the enforcement and effectiveness of network lateral movement resistance techniques",

abstract = "As the sophistication of cyber-attacks is ever increasing, cyber breaches become inevitable and their consequences are often highly damaging. Isolation and diversity are key techniques of cyber resilience for creating built-in resistance in cyber networks against the lateral movement of multi-step Advanced Persistent Threats (APTs) and epidemic attacks. However, the key unaddressed challenges are (1) how to ensure that specific isolation and diversity configurations are sufficient to prevent the lateral movement of attacks and (2) how to verify that such configurations are enforced safely despite the complex inter-dependency between cyber components. In this paper, we address these challenges by developing formal models and properties to verify the effectiveness and enforceability of proactive cyber resistance techniques. We present a bounded model checking approach based on satisfiability Modulo theories (SMT) for OpenFlow software defined networks (SDNs). We verify that given resistance techniques are enforced in a way that does not violate the cyber mission requirements and we evaluate the configuration resistance based on user-defined resistance properties.",

keywords = "Configuration, Cyber Attacks, Model Checking, Resilience, Resistance",

author = "Alsaleh, {Mohammed Noraden} and Ehab Al-Shaer and Qi Duan",

note = "Publisher Copyright: Copyright {\textcopyright} 2018 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved; 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 ; Conference date: 26-07-2018 Through 28-07-2018",

year = "2018",

doi = "10.5220/0006868902460257",

language = "English",

series = "ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications",

publisher = "SciTePress",

pages = "246--257",

editor = "Pierangela Samarati and Obaidat, {Mohammad S.} and Obaidat, {Mohammad S.}",

booktitle = "SECRYPT",

}

Alsaleh, MN, Al-Shaer, E & Duan, Q 2018, Verifying the enforcement and effectiveness of network lateral movement resistance techniques. in P Samarati, MS Obaidat & MS Obaidat (eds), SECRYPT. ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, vol. 2, SciTePress, pp. 246-257, 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018, Porto, Portugal, 26/07/18. https://doi.org/10.5220/0006868902460257

Verifying the enforcement and effectiveness of network lateral movement resistance techniques. / Alsaleh, Mohammed Noraden; Al-Shaer, Ehab; Duan, Qi.
SECRYPT. ed. / Pierangela Samarati; Mohammad S. Obaidat; Mohammad S. Obaidat. SciTePress, 2018. p. 246-257 (ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verifying the enforcement and effectiveness of network lateral movement resistance techniques

AU - Alsaleh, Mohammed Noraden

AU - Al-Shaer, Ehab

AU - Duan, Qi

PY - 2018

Y1 - 2018

N2 - As the sophistication of cyber-attacks is ever increasing, cyber breaches become inevitable and their consequences are often highly damaging. Isolation and diversity are key techniques of cyber resilience for creating built-in resistance in cyber networks against the lateral movement of multi-step Advanced Persistent Threats (APTs) and epidemic attacks. However, the key unaddressed challenges are (1) how to ensure that specific isolation and diversity configurations are sufficient to prevent the lateral movement of attacks and (2) how to verify that such configurations are enforced safely despite the complex inter-dependency between cyber components. In this paper, we address these challenges by developing formal models and properties to verify the effectiveness and enforceability of proactive cyber resistance techniques. We present a bounded model checking approach based on satisfiability Modulo theories (SMT) for OpenFlow software defined networks (SDNs). We verify that given resistance techniques are enforced in a way that does not violate the cyber mission requirements and we evaluate the configuration resistance based on user-defined resistance properties.

AB - As the sophistication of cyber-attacks is ever increasing, cyber breaches become inevitable and their consequences are often highly damaging. Isolation and diversity are key techniques of cyber resilience for creating built-in resistance in cyber networks against the lateral movement of multi-step Advanced Persistent Threats (APTs) and epidemic attacks. However, the key unaddressed challenges are (1) how to ensure that specific isolation and diversity configurations are sufficient to prevent the lateral movement of attacks and (2) how to verify that such configurations are enforced safely despite the complex inter-dependency between cyber components. In this paper, we address these challenges by developing formal models and properties to verify the effectiveness and enforceability of proactive cyber resistance techniques. We present a bounded model checking approach based on satisfiability Modulo theories (SMT) for OpenFlow software defined networks (SDNs). We verify that given resistance techniques are enforced in a way that does not violate the cyber mission requirements and we evaluate the configuration resistance based on user-defined resistance properties.

KW - Configuration

KW - Cyber Attacks

KW - Model Checking

KW - Resilience

KW - Resistance

UR - http://www.scopus.com/inward/record.url?scp=85071452681&partnerID=8YFLogxK

U2 - 10.5220/0006868902460257

DO - 10.5220/0006868902460257

M3 - Conference contribution

AN - SCOPUS:85071452681

T3 - ICETE 2018 - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications

SP - 246

EP - 257

BT - SECRYPT

A2 - Samarati, Pierangela

A2 - Obaidat, Mohammad S.

PB - SciTePress

T2 - 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018

Y2 - 26 July 2018 through 28 July 2018

ER -

Verifying the enforcement and effectiveness of network lateral movement resistance techniques

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this