In the current environment, information technology systems are built to operate in a relatively static configuration. For example, addresses, names, software stacks, networks and various configuration parameters remain more or less the same over long periods of time. This static approach is a legacy of information technology systems designed for simplicity in a time when malicious exploitation of system vulnerabilities was not a concern.
Motivation
However, the static nature of these systems provides the attacker with an incredible advantage, as adversaries are able to take their time and plan attacks at their leisure. To counter this threat, CSD funds the Moving Target Defense (MTD) project, which seeks to develop game-changing capabilities that dynamically shift the attack surface, making it more difficult for attackers to strike. The MTD project also seeks to develop resilient hardware that can continue to function while under attack.
Many of the concepts of MTD are perfectly illustrated by the "shell game," also known as "Thimblerig," "Three Shells and a Pea," and the "Old Army Game." This is a game dating back to Ancient Greece in which a target (usually a pea or ball) is hidden under one of three shells or cups. The object of the game is to find the target after the shells have been moved.
Approach
Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. MTD assumes that perfect security is unattainable. Given that starting point, and the assumption that all systems are compromised, research in MTD focuses on enabling the continued safe operation in a compromised environment and to have systems that are defensible rather than perfectly secure.
“[MTD] Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency.” – Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program published by the Executive Office of the President, National Science and Technology Council, December 2011
Contact
Program Manager: Edward Rhyne
Email: SandT-Cyber-Liaison@hq.dhs.gov
Performers
Prime: Florida Institute of Technology (FIT) - Federated Command and Control (FC2)
Prime: Carnegie Mellon University Software Engineering Institute (CMU/SEI) - Moving Target Reference Implementation
Prime: Def-Logix - Hardware Enabled Zero Day Protection (HEZDP)
Prime: IBM - Hardware Support for Malware Defense and End-to-End Trust
Prime: Princeton University - Newcache