Biography:
Dr. Xinming (Simon) Ou is associate professor of Computer Science and Engineering at University of South Florida. He received his PhD from Princeton University in 2005, and his ME and BE degrees from Tsinghua University in 2000 and 1998. Before joining USF, he was a faculty member at Kansas State University from 2006 to 2015. Dr. Ou's research is primarily in cyber defense technologies, with focuses on intrusion/forensics analysis, cloud security and moving-target defense, mobile system security, and cyber physical system security. Dr. Ou's research has been funded by National Science Foundation, Department of Defense, Department of Homeland Security, Department of Energy, National Institute of Standards and Technology (NIST), HP Labs, and Rockwell Collins. He is a recipient of 2010 NSF Faculty Early Career Development (CAREER) Award, a three-time winner of HP Labs Innovation Research Program (IRP) award, and 2013 K-State College of Engineering Frankenhoff Outstanding Research Award.
Title:
Design for a Concrete IT System-level Moving Target Defense Platform
Abstract: The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity and raising the costs of their reconnaissance and attack efforts. The idea of applying moving target techniques for a whole IT system is intuitively beneficial for security. However, little research has been done to show that this idea is feasible. In this talk, I will present the design of a concrete MTD platform — ANCOR (Automated eNterprise network COmpileR), which supports whole-system moving target defense. The ANCOR platform is based on an abstraction model that captures the IT system's configuration parameters and dependencies, which allows the platform to reason over and change the IT system's configuration at run time. To evaluate the platform's practicality, we show experimentally over multiple concrete IT system implementations that the platform's configuration changes do not disrupt normal operations and introduce only a very small run time overhead.