Publication:
Research on Deception in Defense of Information Systems

Loading...
Thumbnail Image
Authors
Rowe, Neil C.
Auguston, Mikhail
Drusinsky, Doron
Michael, J. Bret
Subjects
Advisors
Date of Issue
2004-06
Date
June 2004
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Our research group has been broadly studying the use of deliberate deception by software to foil attacks on information systems. This can provide a second line of defense when access controls have been breached or against insider attacks. The thousands of new attacks being discovered every year that subvert access controls say that such a second line of defense is desperately needed. We have developed a number of demonstration systems, including a fake directory system intended to waste the time of spies, a Web information resource that delays suspicious requests, a modified file-download utility that pretends to succumb to a buffer overflow, and a tool for systematically modifying an operating system to insert deceptive responses. We are also developing an associated theory of deception that can be used to analyze and create offensive and defensive deceptions, with especial attention to reasoning about time using temporal logic. We conclude with some discussion of the legal implications of deception by computers.
Type
Conference Paper
Description
This paper appeared in the Command and Control Research and Technology Symposium, San Diego, CA, June 2004.
Series/Report No
Department
Computer Science (CS)
Other Units
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections