ebook img

Dynamically Enabled Cyber Defense PDF

389 Pages·2021·18.574 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Dynamically Enabled Cyber Defense

Dynamically Enabled Cyber Defense B1948 Governing Asia TTThhhiiisss pppaaagggeee iiinnnttteeennntttiiiooonnnaaallllllyyy llleeefffttt bbblllaaannnkkk BB11994488__11--AAookkii..iinndddd 66 99//2222//22001144 44::2244::5577 PPMM Dynamically Enabled Cyber Defense Lin Yang Quan Yu World Scientific NEW JERSEY • LONDON • SINGAPORE • BEIJING • SHANGHAI • HONG KONG • TAIPEI • CHENNAI • TOKYO Published by World Scientific Publishing Co. Pte. Ltd. 5 Toh Tuck Link, Singapore 596224 USA office: 27 Warren Street, Suite 401-402, Hackensack, NJ 07601 UK office: 57 Shelton Street, Covent Garden, London WC2H 9HE Library of Congress Cataloging-in-Publication Data Names: Yang, Lin (Writer on computer security), author. | Yu, Quan (Engineer), author. Title: Dynamically enabled cyber defense / Lin Yang, Sun Yat-sen University, China, Quan Yu, Peng Cheng Laboratory, China. Description: Singapore ; Hackensack, NJ ; London : World Scientific, [2021] | Includes bibliographical references and index. Identifiers: LCCN 2021003540 | ISBN 9789811234330 (hardcover) | ISBN 9789811234347 (ebook for institutions) | ISBN 9789811234354 (ebook for individuals) Subjects: LCSH: Computer security. | Internet of things--Security measures. | Electronic apparatus and appliances--Security measures. Classification: LCC QA76.9.A25 Y3635 2021 | DDC 005.8--dc23 LC record available at https://lccn.loc.gov/2021003540 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. 动态赋能网络空间防御 Originally published in Chinese by Posts & Telecom Press Copyright © Posts & Telecom Press 2016 Copyright © 2021 by World Scientific Publishing Co. Pte. Ltd. All rights reserved. This book, or parts thereof, may not be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording or any information storage and retrieval system now known or to be invented, without written permission from the publisher. For photocopying of material in this volume, please pay a copying fee through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA. In this case permission to photocopy is not required from the publisher. For any available supplementary material, please visit https://www.worldscientific.com/worldscibooks/10.1142/12210#t=suppl Desk Editors: Aanand Jayaraman/Amanda Yun Typeset by Stallion Press Email: [email protected] Printed in Singapore AAaannaanndd JJaayyaarraammaann -- 1122221100 -- DDyynnaammiiccaallllyy--EEnnaabblleedd CCyybbeerr DDeeffeennssee..iinndddd 11 2244//88//22002211 1100::3366::3333 aamm May31,2021 12:1 DynamicallyEnabledCyberDefense 9inx6in b4174-fm pagev Preface TheInternetis oneof thegreatest technical inventions ofmankindin the 20th century. Since its birth,after half a century of development, the Internet has become an important infrastructure driving global economic and social development and profoundly changed people’s productionandlifestyles.However, benefitsandrisksalways coexist. Cyber attacks accompany the process of informatization like night- mares and cannot be got rid of. Cyber security has become a global problem that affects the development of human society. Vulnerabilities are prerequisites for cyber attacks and defenses. They are the root cause of cyber insecurity, and the strategic resources that both attackers and defenders scramble for. Informa- tion systems are designed and implemented by people. Due to peo- ple’s inherent inertia and cognitive limitations, vulnerabilities can- not be avoided. As the complexity of the system increases, the vul- nerability problem will become more severe. In cyber attacks and defenses activities, attackers find and exploit vulnerabilities, while defenders find and mitigate vulnerabilities to reduce the chance of being exploited. However, in the face of vulnerabilities, both sides are asymmetric. Using an undisclosed vulnerability, attackers may drive straight into the attack target. While no matter how many vulnerabilities defenders already have, they still dare not rest easy. The longer attackers have known and analyzed the system, the more vulnerabilities they will find, and the system will become more dan- gerous. Therefore, there is a serious asymmetry between attackers v May31,2021 12:1 DynamicallyEnabledCyberDefense 9inx6in b4174-fm pagevi vi Dynamically Enabled Cyber Defense and defenders, i.e. a big defense against a small attack, and an over- all defense against point attack. Advanced Persistent Threat (APT) is a major threat to cyber security. Advanced means high-level, up-to-date, and heavily invested,emphasizingtheorganizationalandnationalbehaviorswith background. Persistent means long-lasting, so it is the most terrible. Opponents have been persistently watching, studying, and analyzing us for a long time. Attackers may know more about the protected system than we do. They discover problems and develop weapons against us continuously. Have we ever studied our own system like the attackers, and continuously paid attention to the security vul- nerabilities of the protected system? We are continuously developing informatization, launching new projects, and building new systems, but we have not continuously paid attention to the security of these informationsystems.Opponentscontinuetodiscoverproblems,while we continue to accumulate problems. From the perspective of security, there are still many problems in the construction of information systems. Many systems are still solving the problem of functions availability, and have no time to consider the security vulnerabilities of the system itself, let alone the supervision and inspection of security vulnerabilities. We have no awareness and energy to focus on the vulnerabilities and security, let alone continuous security concerns. In the process of information system construction, we are usedto equate security system construc- tion with general system construction, and consider security system construction as the static stacking of security products. “Connec- tivity is good” is often a sign of security readiness. There is a pro- cess of state solidification in the opening of the information system. Once the state is solidified, the capabilities are solidified accordingly. The information system emphasizes “three inters” — internetwork- ing, interconnection, interoperability — which require the unifica- tion of technologies and systems. In engineering practice, we often replace the intangible systems with the tangible products, and unify thesystemswiththesameproducts.Thecapabilities becomeunitary once such systems are unified.The staticity, similarity, and certainty of information system architectures, as well as the homology, iso- morphism, and homogeneity of information products, provide great convenience for attackers to spy on network characteristics, discover system vulnerabilities, and implement attack penetration, resulting May31,2021 12:1 DynamicallyEnabledCyberDefense 9inx6in b4174-fm pagevii Preface vii in information systems always in a passive situation. Once a single attackmethodtakeseffectlocally,itcanoftenspreadquickly,causing a large-scale impact on the entire network. Traditional protection methods based on prior knowledge and accurate identification are difficult to deal with unknown vulner- abilities and threats. For the information systems built on static, similarity, and certainty, it is difficult to deal with dynamic, profes- sional, and continuous high-intensity attacks. Vulnerabilities are the rootcause of security problems,butminingandfixingvulnerabilities cannot solve security problems completely. In terms of vulnerability attack anddefense,therulesofthegameareinherentlynotequal.No matter how many vulnerabilities defenders discover and mitigate, it can not stop an unknown vulnerability attack from the attackers. If defenders want to break away from this passive situation, they must change theunequalgame rules,from defendersfollowing attackers to attackers following defenders. Dynamic cyber defense is a good way to build the asymmetric defense systems that are easy to defend and difficult to attack. In the military field, the idea of dynamic defense has a long his- tory. Master Sun’s Art of War says: “War is a kaleidoscopic and unexpected art that uses ever-changing and surprising ways to fight the enemies.” Moving target defense technology applies the idea of “change” to cyber defense. Its innovation lies in the unusual change from positional defenseto mobile or guerrilla warfare. In deployment and running of the information system, we can build a continuously changing, dissimilar,anduncertain information system by effectively reducing its certainty, similarity, and static, and increasing its ran- domness and unpredictability. This makes the information system presentanunpredictablestateofchange,anditisdifficultforattack- ers to have enough time to find or use the security vulnerabilities of the information system, let alone allow them to continue to detect and repeatedly attack, thus greatly increasing the difficulty and cost of attack. Obviously, this is a big shift in defense strategy and a big shiftintherulesofthegame,changingtheasymmetricsituationthat the network easy to attack and difficult to defend. Based on the dynamic target defense, this book puts forward the concept of dynamic enabled cyber space defense, applying the idea of “change” to all aspects of cyberspace, and subverting traditional protection with the systematic dynamic defense idea. The dynamic May31,2021 12:1 DynamicallyEnabledCyberDefense 9inx6in b4174-fm pageviii viii Dynamically Enabled Cyber Defense security concept is fully implemented throughout the entire life cycle of the information system, which requires that the information sys- tem not only completes its own functions during the development, deployment, running phrases, but also changes its security-related feature attributes at all levels such as the hardware platforms, soft- ware services, information data, and network communication, etc. This change involves two dimensions of time and space. It may be an attribute change alone or multiple attributes change at the same time. With these changes, the endogenous security of the informa- tion system can be enhanced. In addition, the defense system guided by this dynamic enablement idea not only implements protection in the foreground, but also intensively schedules the professional resources and forces gathered in the background to outputnew secu- rity capabilities dynamically to the foreground in a continuous man- ner, thereby providing the new vitality of global enablement. From the perspective of the system, dynamic enablement transforms the statically defensive “dead” equipment into the dynamically enabled “live” system, forming a dynamic and active cyber defense system with front-end protection and back-end enablement. Dynamically Enabled Cyber Defense is an exploration of cyber security defense technology and systems, and an assumption that security capability is regarded as a standard attribute of informa- tion system itself. The future cyber defense must be a security sys- tem guided by the idea of dynamic enablement. Therefore, this book mainly focuses on various system dynamization and randomization technologies and methods, their relationship and compatibility with existingprotectionmethods,theircontributionandevolution,aswell as challenges and problems they brought to the next generation of protection products and even information products. At present, the theoretical research on dynamic defensehas made some progress, and the development of some key technologies has also made the engineering application of dynamic defense possi- ble. Because the research on dynamically enabled defense involves wide-ranging fields and has a great many challenges, the current research results are relatively fragmentary and not systematic. In an attempt to facilitate readers to understand the technologies involved in dynamically enabled defense more systematically, this book sum- marizes the current basic development status of the dynamicdefense May31,2021 12:1 DynamicallyEnabledCyberDefense 9inx6in b4174-fm pageix Preface ix technology. Based on the physical hierarchy of the information sys- tem, the book studies the dynamic defense technology from system platforms, software services, information data, and network com- munication, respectively. It explores the possible evolution route of the dynamic defense technology, ascertains its relationship with existing security technologies, analyzes and discusses security gains and the overall system efficiency of these technologies. The book is designed to present readers with the relevant ideas, technologies, and achievements of dynamically enabled cyber defense, implement the advanced ideas, technologies, and methods, provide support for capability-oriented cyber security, and provide a reference for the future information system structure design and software/hardware product development with endogenous security capabilities. It is hoped that the publication of this book will help the researchers in the field of cyberspace security accurately grasp the technical development direction of cyberspace security and provide ideas for the development of next-generation IT infrastructure. It is also helpful to promote the construction of the future active defense system in cyberspace, so that security is no longer an obstacle to the development of information systems, instead one of its endogenous capacities. Given the wide scope, technical difficulty and immaturity of dynamically enabled cyber defense, there may be gaps in the book, despite our best efforts. Your suggestions would be appreciated. Lin Yang Quan Yu

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.