AbstractMission critical systems, initially thought of as something that strictly belongs to a militarysetting are increasingly becoming commonplace. It may not be easily perceived but most of thesystems today (military or industrial) are mission critical. Moreover, a rapid increase in thestructural complexity of these systems not only leads to an increase in benign faults but opendoors to malicious entities. Over the years, these malicious entities in cyber-space have grownsmarter and extremely resourceful. Therefore, mission assurance is a growingly importantnecessity.Mission assurance is a generic term encompassing diverse measures required to make thecritical operations (missions) more resilient. In this dissertation proposal, the focus isspecifically on mission survivability (a subset of mission assurance), which is the ability of asystem to fulfill its mission in a timely manner. It generally involves four layers of security:prevention, detection, recovery and adaptation. The first two layers, viz. prevention anddetection, are meant to provide a strong defense. If these two layers fail in protecting thesystem, recovery layer is the fallback plan. Yet, if a determined adversary stages an attack onthe recovery phase, it is quite possible that the mission will fail due to lack of any furthercountermeasures. Though adaptation/evolution mechanisms are considered as the fourth layerof defense, they are generally activated during or after the recovery phase. Without asuccessful recovery, adaptation/evolution mechanisms will hardly be effective. Therefore,mission critical systems need the provisioning of another layer of defense beyond theconventional recovery phase.The attack model in this research realistically represents today’s era of cyber warfare andcompetitive open market. The attacker is assumed to be resourceful, adaptive and stealthy. Anaggressive attacker is easily detected, but stealthy attackers deploy multi-stage stealth attacks.Thus, they are more capable of hiding longer and corrupting the final mission response. Currentliterature assumes that a stealthy attacker stays stealthy throughout the mission life cycle.However, when a certain conditions are met (like, contingency plan activated on discovery), astealthy and adaptive attacker can turn aggressive. Thus, the attack model used here considers
attacker’s capability to alter his initial behavior (stealthy or aggressive) based on the perceivedstate of the system (like success/failure of the attempted attack). Consequently, the defensescheme employs deceptive and adaptive measures to ensure mission survivability against suchattackers.The proposed framework focuses on ensuring mission survivability against stealthy attackers byemploying a deception-based secure proactive recovery scheme. This scheme has three majorcomponents. The first component is the surreptitious detection of signs of intrusion withoutraising an alert. Since this step is based entirely on the host intrusion detection system, there isa need to ensure that it is working tamper-proof at all times. This brings us to the classicproblem of ‘who watches the watcher’. To address this concern, cyclic monitoring topologiesare employed that leverage the parallelism offered by multi-core architecture for increasedeffectiveness. Second component is the scheme to make detection information invisible andinaccessible to the attacker. This is achieved using redundant and unused design for test (DFT)circuitry on the system processor. Third component is the use of deception-based recoveryscheme to increase the probability of mission survival. So far, a centralized system employingthis scheme has been developed. A multi-phase evaluation methodology has also beendeveloped for performance evaluation of this system under realistic operating conditions.Results are found to be promising with low time and performance overhead.Future work involves enhancing this solution for its deployment in a decentralized environmentwhile still maintaining its tamper-resistance and mission survivability properties.