-
Application Layer Cyber Deception without Developer Interaction
Authors:
Mario Kahlhofer,
Stefan Rass
Abstract:
Cyber deception techniques that are tightly intertwined with applications pose significant technical challenges in production systems. Security measures are usually the responsibility of a system operator, but they are typically limited to accessing built software artifacts, not their source code. This limitation makes it particularly challenging to deploy cyber deception techniques at application…
▽ More
Cyber deception techniques that are tightly intertwined with applications pose significant technical challenges in production systems. Security measures are usually the responsibility of a system operator, but they are typically limited to accessing built software artifacts, not their source code. This limitation makes it particularly challenging to deploy cyber deception techniques at application runtime and without full control over the software development lifecycle. This work reviews 19 technical methods to accomplish this and evaluates them based on technical, topological, operational, and efficacy properties. We find some novel techniques beyond honeypots and reverse proxies that seem to have received little research interest despite their promise for cyber deception. We believe that overcoming these technical challenges can drive the adoption of more dynamic and personalized cyber deception techniques, tailored to specific classes of applications.
△ Less
Submitted 21 May, 2024;
originally announced May 2024.
-
Benchmarking Function Hook Latency in Cloud-Native Environments
Authors:
Mario Kahlhofer,
Patrick Kern,
Sören Henning,
Stefan Rass
Abstract:
Researchers and engineers are increasingly adopting cloud-native technologies for application development and performance evaluation. While this has improved the reproducibility of benchmarks in the cloud, the complexity of cloud-native environments makes it difficult to run benchmarks reliably. Cloud-native applications are often instrumented or altered at runtime, by dynamically patching or hook…
▽ More
Researchers and engineers are increasingly adopting cloud-native technologies for application development and performance evaluation. While this has improved the reproducibility of benchmarks in the cloud, the complexity of cloud-native environments makes it difficult to run benchmarks reliably. Cloud-native applications are often instrumented or altered at runtime, by dynamically patching or hooking them, which introduces a significant performance overhead. Our work discusses the benchmarking-related pitfalls of the dominant cloud-native technology, Kubernetes, and how they affect performance measurements of dynamically patched or hooked applications. We present recommendations to mitigate these risks and demonstrate how an improper experimental setup can negatively impact latency measurements.
△ Less
Submitted 19 October, 2023;
originally announced October 2023.
-
Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires
Authors:
Mario Kahlhofer,
Michael Hölzl,
Andreas Berger
Abstract:
Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception…
▽ More
Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception can improve the precision of attack detection systems, if used in a structured, and automatic way, i.e., in the form of so-called tripwires that ultimately span an attack graph, which assists attack reconstruction algorithms. This paper proposes an idea for a framework that combines cyber deception, automatic tripwire injection and attack graphs, which eventually enables us to reconstruct multi-step cyber attacks in modern cloud environments.
△ Less
Submitted 25 September, 2020;
originally announced September 2020.