Abstract
Deception-based defense is the process by which actions are intentionally employed to cause misrepresentation and induce erroneous inferences on attackers. Deception can be employed in different levels of computation, from network to application-level, which demands careful planning and coordination between multiple strategies and tactics. Despite of advances on using deception in computer defenses, ad-hoc approaches are still used for their design. As a result, deception is realized essentially as single tools or as entire solutions repackaged as honeypot machines. In this paper, we propose a model to specify coordinated deception tactics based on adaptive architectures. Our contributions rely on a deception-based defense life-cycle approach integrated in a software design process, including a model to specify coordinated deception strategies. The feasibility of the proposed approach is shown via an example where a deception strategy is designed for a smartphone application that synchronizes data with a central database.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion (QRS-C 2016) |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 77-84 |
Number of pages | 8 |
ISBN (Electronic) | 978-150903713-1 |
DOIs | |
Publication status | Published - 21 Sept 2016 |
Event | 2nd IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016 - Vienna, Austria Duration: 1 Aug 2016 → 3 Aug 2016 |
Conference
Conference | 2nd IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016 |
---|---|
Country/Territory | Austria |
City | Vienna |
Period | 1/08/16 → 3/08/16 |
Keywords
- computer security
- deception
- software design