Using Deceptive Information in Computer Security Defenses

Using Deceptive Information in Computer Security Defenses

Mohammed H. Almeshekah (Purdue University, West Lafayette, IN, USA) and Eugene H. Spafford (Purdue University, West Lafayette, IN, USA)
Copyright: © 2014 |Pages: 18
DOI: 10.4018/ijcwt.2014070105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In this paper the authors present a novel taxonomy of methods and techniques that can be used to protect digital information. The authors discuss how information has been protected and show how we can structure our methods to achieve better results. They explore the relationships among these protection techniques grouped into four categories: denial and isolation, degradation and obfuscation, negative information and deception and adversary attribution and counter-operations. The authors discuss how can they be applied at different scales within organizations. They map these protection techniques against the cyber kill-chain model and discuss some findings. Moreover, they identify the use of deceit as a useful protection technique that can significantly enhance the security of computer systems. They posit how the well-known Kerckhoff's principle has been misinterpreted to drive the security community away from deception-based mechanisms. The authors examine advantages these techniques can have when protecting our information in addition to traditional methods of denial and hardening. They show that by intelligently introducing deceit in information systems, the authors not only lead attackers astray, but also give organizations the ability to detect leakage; create doubt and uncertainty in leaked data; add risk at the adversaries' side to using the leaked information; and significantly enhance our abilities to attribute adversaries. They discuss how to overcome some of the challenges that hinder the adoption of deception-based techniques and present some recent work, their own contribution, and some promising directions for future research.
Article Preview

2. Computer Security Defenses

Achieving security cannot be done with single, silver-bullet solution; instead, good security involves a collection of mechanisms that work together to balance the cost of securing computer systems with the possible damage caused by security compromises. In Figure 1, we present taxonomy of protection mechanisms commonly used in systems’ defenses. The diagram shows four major categories of protection mechanisms and illustrates how they intersect achieving multiple goals.

Figure 1.

Taxonomy of information protection mechanisms

The rationale behind having these intersecting categories is that a single layer of security is not adequate to protect organizations – so multi-level security controls are needed (Sourour et al, 2009). In this model, the first goal is to deny unauthorized access and isolate our computer systems from untrusted agents. However, if adversaries succeed in penetrating these security defenses, we should have degradation and obfuscation mechanisms in place that slow the lateral movement of attackers in penetrating our internal systems. At the same time, this should make the extraction of data from penetrated systems more challenging.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing