Multiple OS Rotational Environment: Server Security through Moving Target Defense
Research Assistant Argonne National Laboratory
Department of Computer Science,UIC
October 29th at 1:30 p.m. in Room 1000 SEO.
Moving target defense is a concept borrowed from military tactics and applied to cybersecurity and system administration. The idea is simple: take a target, in our case a server, that is normally static and relatively vulnerable to at least reconnaissance if not attack, and dynamically change it to proactively defend against attackers. Some research has been done on moving target defense, but in examining this research we found a lack of realistic implementations. In order to fill this gap, we built a simple setup based on readily available tools like VMware, ssh, and python. Using a set of virtual hosts, we used a very common dynamic web application (Wordpress) and deployed it across a set of varying platform versions with a shared backend. Rotating these hosts allowed us to deflect and/or thwart common attacks, making our platform more secure against portscans, zero day exploits, session and agent based attacks, and other vulnerabilities that plague traditional, static servers.
Mike Thompson is a Research Aide at Argonne National Laboratory and is currently finishing a Bachelors of Computer Science at UIC. He developed an implementation of moving target defense (called MORE-MTD) while interning with the Department of Homeland Security. During his time with DHS/Argonne he has worked on moving target defense, *nix two man authentication, and automated auditing using Nessus and Splunk. Prior to going back to school to focus on computer security, Mike taught high school and community education classes on technology, sound engineering, and ESL – he was an Operations technician and System Administrator for Google during the early days of their great global datacenter expansion -- and he has sold roadside produce all over the upper midwest. His eclectic experience gives him a unique insight into the problems of computer security and privacy.