scholarly journals WebMTD: Defeating Cross-Site Scripting Attacks Using Moving Target Defense

2019 ◽  
Vol 2019 ◽  
pp. 1-13 ◽  
Author(s):  
Amirreza Niakanlahiji ◽  
Jafar Haadi Jafarian
Keyword(s):  
Web Applications ◽  
Defense Mechanism ◽  
Moving Target ◽  
Web Browsers ◽  
Random Mutation ◽  
Moving Target Defense ◽  
Backward Compatibility ◽  
Low Performance ◽  
Cross Site ◽  
Code Modification

Existing mitigation techniques for cross-site scripting attacks have not been widely adopted, primarily due to imposing impractical overheads on developers, Web servers, or Web browsers. They either enforce restrictive coding practices on developers, fail to support legacy Web applications, demand browser code modification, or fail to provide browser backward compatibility. Moving target defense (MTD) is a novel proactive class of techniques that aim to defeat attacks by imposing uncertainty in attack reconnaissance and planning. This uncertainty is achieved by frequent and random mutation (randomization) of system configuration in a manner that is not traceable (predictable) by attackers. In this paper, we present WebMTD, a proactive moving target defense mechanism that thwarts various kinds of cross-site scripting (XSS) attacks on Web applications. Relying on built-in features of modern Web browsers, WebMTD randomizes values of certain attributes of Web elements to differentiate the application code from the injected code and disallow its execution; this is done without requiring Web developer involvement or browser code modification. Through rigorous evaluation, we show that WebMTD has very a low performance overhead. Also, we argue that our technique outperforms all competing approaches due to its broad effectiveness, transparency, backward compatibility, and low overhead.

Moving Target Defense Mechanism for Side-Channel Attacks

2020 ◽  
Vol 14 (2) ◽  
pp. 1810-1819
Author(s):  
Satyanarayana Vuppala ◽  
Alie El-Din Mady ◽  
Adam Kuenzi
Keyword(s):  
Defense Mechanism ◽  
Side Channel ◽  
Moving Target ◽  
Side Channel Attacks ◽  
Moving Target Defense

scholarly journals Moving Target Defense for SDN-Based Cloud Datacenter Network Protection

2021 ◽  
Vol 10 (3) ◽  
pp. 1784-1794
Keyword(s):  
Defense Mechanism ◽  
Significant Advance ◽  
Moving Target ◽  
Security Risk ◽  
Moving Target Defense ◽  
Network Protection ◽  
Cloud Datacenter ◽  
Datacenter Network ◽  
Attack Surface ◽  
Security Operations

The significant advance of software Defined Networking (SDN) technology has enabled several complex system operations to be highly dynamic, flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. Moving target defense (MTD) has emerged as an adaptive and proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. In this research, by leveraging the advanced SDN technology, the model of MTD using SDN-based system framework design is proposed. The model uses a runtime model that allows the proposed framework to infer the current state of the system. Based on the obtained information, the MTD mechanism using SDN can provide proactive, adaptive and affordable defense services for the exploitable aspects of the cloud datacenter network to increase uncertainty and complexityto the attackers and reduce the likelihood of an attack and minimize cloud security risk. The research also validates the outperformance of the proposed MTD technique in attack success rate via simulation on SDN-based cloud datacenter network experiments in a virtualized environment.

Performance impact analysis of services under a time-based moving target defense mechanism

2021 ◽  
pp. 154851292110369
Author(s):  
Júlio Mendonça ◽  
Jin-Hee Cho ◽  
Terrence J Moore ◽  
Frederica F Nelson ◽  
Hyuk Lim ◽  
...  
Keyword(s):  
Impact Analysis ◽  
Defense Mechanism ◽  
Performance Degradation ◽  
Moving Target ◽  
System Configuration ◽  
Performance Impact ◽  
Comparative Performance ◽  
Moving Target Defense ◽  
Software Packages

Moving target defense (MTD) is a promising proactive defense technique to enhance system or network security. One caveat in developing a time-based MTD-enabled system is the potential performance degradation due to MTD operations being triggered periodically. In this work, we present our developed stochastic models based on deterministic stochastic Petri net (DSPN) formalism to assess the performance degradation introduced by periodic MTD operations. In addition, we demonstrate the effect of triggering a time-based MTD operation on performance degradation (e.g., jobs dropped or response time) and quality-of-service (QoS) of the system. We conducted comparative performance analysis with five DSPN models implemented in software packages such as TimeNet and Mercury under five different system configuration scenarios. Our key findings from this study include the following: (1) the deployment of MTD with the switchover strategy can improve the performance of services; (2) the switchover strategy showed the best cost-effectiveness among all strategies considered in this work; and (3) the interval of triggering MTD operations introduced a modest impact on job completion probability.

BDS

2018 ◽  
pp. 910-927
Author(s):  
Shashank Gupta ◽  
B. B. Gupta
Keyword(s):  
Web Applications ◽  
Web Pages ◽  
Web Browsers ◽  
Security Model ◽  
Web Browser ◽  
User Input ◽  
Defensive Strategies ◽  
Client Side ◽  
Cross Site ◽  
The Web

Cross-Site Scripting (XSS) attack is a vulnerability on the client-side browser that is caused by the improper sanitization of the user input embedded in the Web pages. Researchers in the past had proposed various types of defensive strategies, vulnerability scanners, etc., but still XSS flaws remains in the Web applications due to inadequate understanding and implementation of various defensive tools and strategies. Therefore, in this chapter, the authors propose a security model called Browser Dependent XSS Sanitizer (BDS) on the client-side Web browser for eliminating the effect of XSS vulnerability. Various earlier client-side solutions degrade the performance on the Web browser side. But in this chapter, the authors use a three-step approach to bypass the XSS attack without degrading much of the user's Web browsing experience. While auditing the experiments, this approach is capable of preventing the XSS attacks on various modern Web browsers.

BDS

2015 ◽  
pp. 174-191 ◽  
Author(s):  
Shashank Gupta ◽  
B. B. Gupta
Keyword(s):  
Web Applications ◽  
Web Pages ◽  
Web Browsers ◽  
Security Model ◽  
Web Browser ◽  
User Input ◽  
Defensive Strategies ◽  
Client Side ◽  
Cross Site ◽  
The Web

Cross-Site Scripting (XSS) attack is a vulnerability on the client-side browser that is caused by the improper sanitization of the user input embedded in the Web pages. Researchers in the past had proposed various types of defensive strategies, vulnerability scanners, etc., but still XSS flaws remains in the Web applications due to inadequate understanding and implementation of various defensive tools and strategies. Therefore, in this chapter, the authors propose a security model called Browser Dependent XSS Sanitizer (BDS) on the client-side Web browser for eliminating the effect of XSS vulnerability. Various earlier client-side solutions degrade the performance on the Web browser side. But in this chapter, the authors use a three-step approach to bypass the XSS attack without degrading much of the user's Web browsing experience. While auditing the experiments, this approach is capable of preventing the XSS attacks on various modern Web browsers.

Sign in / Sign up

Export Citation Format

Share Document