Planning and Integrating Deception into Computer Security Defenses

Planning and Integrating Deception into Computer Security Defenses

!

NSPW’14

Mohammed Almeshekahmalmeshe@purdue.edu

Eugene Spaffordspaf@purdue.edu

Deception to Improve Security

• Used as ad-hoc attempt:• Deception has been mainly

used as “trapping” or “deterrence” tools.

• Traditional security (-) and deception (+) work in tandem.

• Three unique advantages:1.Increase entropy of leakage.2.Gain information about

adversaries.3.Gives defenders an edge in

OODA.

Deception Model (1) Strategic Goal

Why are you using this deceptive method?

Deception Model (2) Desired Reaction(s)

What effect(s) do you want to see on the

attacker?

Deception Model (3) Exploit Attacker’s Biases

What are the plausible responses to the attack and which ones should

you use?

Deception Model (4) Apply Deception

Make your system lie

Deception Model (4) Apply Deception

Deception Model (5) Deception Feedback Channels

Define Success and Failure

Deception Model (6) Risk Assessment

Assess the new risks introduced by deception

Deception Model (7) Implementation and Integration

Deceptive components should be part of the real

system

Deception Model (8) Monitoring and Dynamic Adjusting

Continuous monitoring and dynamic adjustment based on the attacker’s

response

Deception Model (8) Monitoring and Dynamic Adjusting

Continuous monitoring and dynamic adjustment based on the attacker’s

response

Deception Model (8) Monitoring and Dynamic Adjusting

Continuous monitoring and dynamic adjustment based on the attacker’s

response

Thanks!@meshekah@TheRealSpaf