Planning and Integrating Deception into Computer Security Defenses
14
Planning and Integrating Deception into Computer Security Defenses NSPW’14 Mohammed Almeshekah [email protected] Eugene Spafford [email protected]
-
Upload
mohammed-almeshekah -
Category
Technology
-
view
134 -
download
0
Transcript of Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security Defenses
!
NSPW’14
Mohammed [email protected]
Eugene [email protected]
Deception to Improve Security
• Used as ad-hoc attempt:• Deception has been mainly
used as “trapping” or “deterrence” tools.
• Traditional security (-) and deception (+) work in tandem.
• Three unique advantages:1.Increase entropy of leakage.2.Gain information about
adversaries.3.Gives defenders an edge in
OODA.
Deception Model (1) Strategic Goal
Why are you using this deceptive method?
Deception Model (2) Desired Reaction(s)
What effect(s) do you want to see on the
attacker?
Deception Model (3) Exploit Attacker’s Biases
What are the plausible responses to the attack and which ones should
you use?
Deception Model (4) Apply Deception
Make your system lie
Deception Model (4) Apply Deception
Deception Model (5) Deception Feedback Channels
Define Success and Failure
Deception Model (6) Risk Assessment
Assess the new risks introduced by deception
Deception Model (7) Implementation and Integration
Deceptive components should be part of the real
system
Deception Model (8) Monitoring and Dynamic Adjusting
Continuous monitoring and dynamic adjustment based on the attacker’s
response
Deception Model (8) Monitoring and Dynamic Adjusting
Continuous monitoring and dynamic adjustment based on the attacker’s
response
Deception Model (8) Monitoring and Dynamic Adjusting
Continuous monitoring and dynamic adjustment based on the attacker’s
response
Thanks!@meshekah@TheRealSpaf
