Survival by Deception

DOI: 10.1007/978-3-540-75101-4_19
Source: DBLP


A system with a high degree of availability and survivability can be created via service duplication on disparate server platforms,
where a compromise via a previously unknown attack is detected by a voting mechanism. However, shutting down the compromised
component will inform the attacker that the subversion attempt was unsuccessful, and might lead her to explore other avenues
of attack. This paper presents a better solution by transforming the compromised component to a state of honeypot; removing
it from duty, while providing the attacker with bogus data. This provides the administrator of the target system with extra
time to implement adequate security measures while the attacker is busy “exploiting” the honeypot. As long as the majority
of components remain uncompromised, the system continues to deliver service to legitimate users.

Download full-text


Available from: Martin Gilje Jaatun
  • Source
    • "This is rapidly changing, and recent experiments show that the attackers are aware of these developments: A researcher at Trend Micro connected a cluster of industrial control systems honeypots to the internet, and found that they were under attack in less than a day (Simonite 2013). A honeypot (Jaatun et al. 2007) is a network server which looks like it provides a normal service to an outside observer, e.g., a web server, a file server, or in this case an industrial control system. In reality, a honeypot will simulate the function it is supposed to emulate, providing plausible responses to anyone who interacts with it, but not actually performing the requested actions. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Checklist Compliance is a term that has been used derisively in the information security community, implying that checklists are something used for paying lip service to security without instigating real changes to technology or processes. In this paper we argue that checklists can also be used as a practical tool to quickly establish a security baseline for water and wastewater systems. Full text available at
    Full-text · Article · Dec 2014 · Procedia Engineering
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: There considerable advice in both research and practice oriented literature on the topic of information security. Most of the discussion in literature focuses on how to prevent security attacks using technical countermeasures even though there are a number of other viable strategies such as deterrence, deception, detection and response. This paper reports on a qualitative study, conducted in Korea, to determine how organizations implement security strategies to protect their information systems. The findings reveal a deeply entrenched preventive mindset, driven by the desire to ensure availability of technology and services, and a comparative ignorance of exposure to business security risks. Whilst there was some evidence of usage of other strategies, they were also deployed in a preventive capacity. The paper presents a research agenda that calls for research on enterprise-wide multiple strategy deployment with a focus on how to combine, balance and optimize strategies.
    Full-text · Article · Apr 2014 · Journal of Intelligent Manufacturing