Location
Hilton Waikoloa Village, Hawaii
Event Website
http://hicss.hawaii.edu/
Start Date
1-3-2018
End Date
1-6-2018
Description
In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
A SPL Framework for Adaptive Deception-based Defense
Hilton Waikoloa Village, Hawaii
In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
https://aisel.aisnet.org/hicss-51/st/cyber_threat_intelligence/4