Command and control for dynamic cyber-defenses
Making resilient, human-centered cyber security
Dynamic defenses are new to the cybersecurity toolkit. Unlike other defenses which change access to a network service (e.g., a firewall closing a port), dynamic defenses change the service itself. An example of this is called Application Diversity, where a network service is provided for a time period by one application (e.g., Apache HTTP Server) and then switches to another application (e.g., Jetty) for another time period. The idea is that if switching occurs before a threat can prepare an attack payload, then the service will be more survivable. By intelligently changing how often the service switches, and the set of applications used, the service may become more \textit{resilient}. My research in this area focuses on developing the infrastructure to ensure that information necessary to make intelligent decisions is generated, developing the reasoning methods to support making changes, and visually communicating the state of the service (and network) to the network administrator.