Operating systems are a significant attack vector for would-be malicious actors in cyberspace. Of particular concern are zero-day vulnerabilities. These types of vulnerabilities, particularly the recent Heartbleed OpenSSL vulnerability and the glibc Ghost vulnerability, have proven to be a perfect test for the defensive strength of the Moving Target Defense (MTD) platforms. Recently, MTD strategies have grown in popularity due to their ability to enhance resilience and force attackers into uncharacteristic behavior. The MTD prototype discussed below acts as a proactive defense strategy that offers increased protection against an attacker being able to probe for and exploit vulnerable operating systems (OSs). The main goal of MORE MTD is to reduce the number of zero-day exploits on client-server applications.
Testing shows that OS diversity in an MTD reduces impacts of zero-day vulnerabilities and increases the resilience of the protected application. While there is no way to eliminate zero-day vulnerabilities, our results demonstrate that platform diversity and rotation offer improved security that drastically reduce an attacker’s ability to exploit those vulnerabilities. The likelihood of a successful attack against a known vulnerability decreases proportionally with the time between rotations. Additionally, any downtime to the secured application in the event of a successful attack is limited to that same time window.