Verifying the Enforcement and Effectiveness of Network Lateral Movement Resistance Techniques

Mohammed Noraden Alsaleh, Ehab Al-Shaer, Qi Duan

Abstract

As the sophistication of cyber-attacks is ever increasing, cyber breaches become inevitable and their consequences are often highly damaging. Isolation and diversity are key techniques of cyber resilience for creating built-in resistance in cyber networks against the lateral movement of multi-step Advanced Persistent Threats (APTs) and epidemic attacks. However, the key unaddressed challenges are (1) how to ensure that specific isolation and diversity configurations are sufficient to prevent the lateral movement of attacks and (2) how to verify that such configurations are enforced safely despite the complex inter-dependency between cyber components. In this paper, we address these challenges by developing formal models and properties to verify the effectiveness and enforceability of proactive cyber resistance techniques. We present a bounded model checking approach based on satisfiability Modulo theories (SMT) for OpenFlow software defined networks (SDNs). We verify that given resistance techniques are enforced in a way that does not violate the cyber mission requirements and we evaluate the configuration resistance based on user-defined resistance properties.

Download


Paper Citation


in Harvard Style

Alsaleh M., Al-Shaer E. and Duan Q. (2018). Verifying the Enforcement and Effectiveness of Network Lateral Movement Resistance Techniques.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT, ISBN 978-989-758-319-3, pages 246-257. DOI: 10.5220/0006868902460257


in Bibtex Style

@conference{secrypt18,
author={Mohammed Noraden Alsaleh and Ehab Al-Shaer and Qi Duan},
title={Verifying the Enforcement and Effectiveness of Network Lateral Movement Resistance Techniques},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,},
year={2018},
pages={246-257},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006868902460257},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,
TI - Verifying the Enforcement and Effectiveness of Network Lateral Movement Resistance Techniques
SN - 978-989-758-319-3
AU - Alsaleh M.
AU - Al-Shaer E.
AU - Duan Q.
PY - 2018
SP - 246
EP - 257
DO - 10.5220/0006868902460257