Formal Techniques for Cyber Resilience: Modeling, Synthesis, and Verification
Analytics
384 views ◎303 downloads ⇓
Abstract
As cyber vulnerability and complexity increases, cyber attacks become highly sophisticated and inevitable. Therefore, cyber resilience is necessary to make cyber capable of misleading attackers in reaching their goals, resisting their progress, and mitigating the consequences by timely responding to attack activities and preserving the mission integrity. Cyber resilience includes various techniques such as isolation/segmentation, diversity, deception, adaptive response, and others. This dissertation focuses on addressing many challenges that limit the effectiveness and deployment of these four key resilience techniques. First, the lack of theoretical foundations that allow for formulating and integrating isolation and diversity limits the capability of optimizing resilience by composition. Second, the initiation of many mitigation actions simultaneously requires techniques to support safe and efficient courses of action (CoA) orchestration to guarantee correct and consistent defense actuation while allowing for the maximum concurrency. Third, the lack of automated planning techniques for cyber deterrence and deception based on malware code significantly limits the effective deployment of these techniques against such innovative attacks. In this thesis, we address each of these challenges in three chapters as will be described below. In the second chapter of this dissertation, we provide a formal synthesis framework that automatically generates a resilient network configuration, integrating available software diversity and isolation measures to meet user-defined cyber risk and budget constraints. We provide a formal specification for two key resilience techniques: isolation that defines the network access control and countermeasures between services, and diversity that assigns many software variants to network services. In our model, we consider the interdependence between isolation and diversity to maximize the impedance of the attack propagation and optimize cyber resilience. The isolation and diversity configurations are computed according to estimated risk after considering all possible attack paths to network assets, and all potential software variants and countermeasures in each path. To make our approach scalable to large network sizes, we developed model reduction and network decomposition techniques and evaluated our framework using networks of thousands of nodes.In the third chapter, we address the safety and efficiency of Active Cyber Defense (ACD) policies that initiate courses of investigation and configuration actions to mitigate attacks automatically. We present a formal specification for ACD policies and develop formal techniques and algorithms to maximize concurrency of action execution while guaranteeing that defense actions are conflict-free, executed correctly, and satisfying the mission requirements. We model and verify the CoA orchestration using satisfiability modulo theories, and bounded model checking. In the fourth chapter, we present a new analytical framework to analyze the malware behavior and extract the agility parameters using symbolic execution to enable automated planning of deterrence and deception. The agility parameters are system variables on which attackers depend to discover the target system and reach their goals; Yet, they can be reconfigured or misrepresented by the defender in the cyber environment to mislead attackers or significantly increase the attack cost. We first develop a symbolic execution engine to execute Microsoft Windows malware and characterize their attack behavior based on their interactions with the environment. We then analyze the attack behavior to extract the set of agility parameters that can deliver effective deterrence and deception based on well-defined criteria. Our analysis of many recent malware instances shows that our framework has successfully identified various critical parameters that are effective for cyber deterrence and deception.