Publications

Abstract not provided.

Information security is a top priority in government and industry because high consequence cyber incidents continue with regularity. The blue teamers that protect cyber systems cannot stop or even know about all these incidents, so they must take measures to tolerate these incursions in addition to preventing and detecting them. We propose dynamically compartmentalizing subject networks into collaboration zones and limiting the communication between these zones. In this article, we demonstrate this technique's effect on the attacker and the defender for various parameter settings using discrete-time simulation. Based on our results, we conclude that dynamic cyber zone defense is a viable intrusion tolerance technique and should be considered for technology transfer.

Abstract not provided.

Attacks on cyber systems continue to plague public and private sector enterprises. While cyber zone defense is an appealing strategy to prevent, disrupt and tolerate these attacks, existing approaches assign hosts to zones based on their function (for example, printer zones and sensor zones) or place in the architecture (for example, corporate zones and demilitarized zones). This leaves the large number of human-operated commodity workstations within an enterprise unaddressed. We propose a dynamic zoning algorithm which periodically or asynchronously assigns hosts to zones based on peer requests made by their human operators. The proposed algorithm runs quickly on basic hardware for a large enterprise, and the zone statistics converge to values that match what simple mathematical models predict. We conclude that dynamic cyber zone defense calls for additional research and is a candidate for technology transfer.

Abstract not provided.

Abstract not provided.