Semi-Automated Wrapping of Defenses

In the recent years, there has been a progressive trend towards dynamic and proactive network defense strategies and systems resilience. The concept of moving target defense (MTD) has recently shown increasing traction and acceptance as a mechanism designed to increase the asymmetry between attacker and defenders. MTDs are relatively complex defensive strategies that are aimed at creating a perceived change in the target, effectively increasing the uncertainty of the attack surface exposed to an adversary. If properly controlled and coordinated, these kinds of defenses arguably provide a powerful capability for proactive defense infrastructures, and could become a game changer in applied cyber defense. There are still, however, multiple challenges to be overcome as we envision the deployment and use of MTDs. Some of these challenges are related to the management and control overhead of these kinds of defenses, which often require manual installation, configuration and control, with support for runtime (and contextual) strategy adaptation and control. Another set of challenges deals with the complexities associated with understanding the cost and effectiveness of defense deployments and configurations.

The objective of the SAWD effort is to help guide users through the process of automatically constructing all the necessary interfaces and adaptors for the integration of a MTDs into a network defense infrastructure. Furthermore, it will provide an online mechanism for testing and validating the MTD wrappers in a virtualized deployment, providing feedback to users on possible errors or inconsistences with the wrapper.