Second ACM Workshop on Moving Target Defense (MTD 2015)
In conjunction with the 22nd ACM Conference on Computer and Communications Security (CCS)
October 12, 2015, Denver, Colorado, US

Call for Papers

Venue: MTD 2015 will be held on the first day of the 22nd ACM CCS (Conference on Computer and Communications Security, October 12-16, 2015) at the Denver Marriot City Center, Denver, Colorado, US.

Background: The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attacker's workload so as to level the cybersecurity playing field for both defenders and attackers - hopefully even tilting it in favor of the defender.

Workshop Goals: This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since MTD research is still in its nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results. Below are examples of appropriate topics for MTD 2015:

  • MTD Techniques
    • System randomization
    • Artificial diversity and system diversification
    • Bio-inspired MTDs
    • Dynamic network configuration
    • Cloud-based and Large-scale MTDs (using multiple techniques)
    • Autonomous technologies for MTD
    • Dynamic compilation
    • Moving targets in software coding, application APIs and virtualization
  • MTD Modeling and Analysis
    • Analytical models for MTDs
    • Quantitative models and effective measurement of MTDs
    • Theoretic study on modeling trade-offs of using MTD approaches
    • Control and game theory aspects of deploying MTDs
  • Human, social, and psychology aspects of MTD
  • Other related MTD areas

Paper Submissions

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 10 pages in the ACM double-column format, excluding well-marked appendices, and at most 9 pages in total. Submissions are not required to be anonymized.

Submissions are to be made to the submission web site at Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of June 8, 2015 schedule to be considered. Notification of acceptance or rejection will be sent to authors by August 10, 2015. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop. Proceedings of the workshop will be available on a CD to the workshop attendees and will become part of the ACM Digital Library.

Important Dates
  • Abstract registration deadline: June 8, 2015
  • Paper submission due: June 15, 2015 [FIRM]
  • Notification to authors: July 19, 2015
  • Camera ready due: July 29, 2015
  • Workshop dates: October 12, 2015

Keynote Speakers

Title: From Fine Grained Code Diversity to Execute-Only-Memory: The Cat and Mouse Game Between Attackers and Defenders Continues

Abstract: Today's software monoculture creates asymmetric threats. An attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting.

One possible defense is software diversity, which raises the bar to attackers. A diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets.

We have built such a diversification engine, which is now available as a prototype. We can diversify large software distributions such as the Firefox and Chromium web browsers or a complete Linux distribution. We will present our overall system architecture and preliminary insights and measurements. We will also discuss some practical issues, such as the problem of reporting errors when every binary is unique.

We will also report on a set of groundbreaking new software diversity techniques that can additionally also defend against side-channel attacks by dynamically and systematically randomizing the control flow of programs. Previous software diversity techniques transform each program trace identically. Our new technique instead transforms programs to make each program trace unique. This approach offers probabilistic protection against both online and off-line side-channel attacks, including timing and cache-based attacks.

In particular, we create a large number of unique program execution paths by automatically generating diversified replicas for parts of an input program. At runtime we then randomly and frequently switch between these replicas. As a consequence, no two executions of the same program are ever alike, even when the same inputs are used. Our method requires no manual effort or hardware changes, has a reasonable performance impact, and reduces side-channel information leakage significantly when applied to known attacks on AES.

Bio: Michael Franz is the director of the Secure Systems and Software Laboratory at the University of California, Irvine (UCI). He is a Full Professor of Computer Science in UCI's Donald Bren School of Information and Computer Sciences and a Full Professor of Electrical Engineering and Computer Science (by courtesy) in UCI's Henry Samueli School of Engineering. Prof. Franz was an early pioneer in the areas of mobile code and dynamic compilation. He created an early just-in-time compilation system, contributed to the theory and practice of continuous compilation and optimization, and co-invented the trace compilation technology that eventually became the JavaScript engine in Mozilla’s Firefox browser. Franz received a Dr. sc. techn. degree in Computer Science (advisor: Niklaus Wirth) and a Dipl. Informatik-Ing. ETH degree, both from the Swiss Federal Institute of Technology, ETH Zurich.

Title: Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation

Abstract: The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for attackers. Although many MT techniques have been proposed in the literature, little has been done to evaluate their effectiveness, benefits, and weaknesses. In this talk, we describe the status quo in MT prototyping and evaluation and provide recommendations for a more systematic approach in designing and implementing more effective MT defenses.

Bio: Dr. Hamed Okhravi is a research staff at the Cyber Analytics and Decision Systems group of MIT Lincoln Laboratory, where he leads programs and conducts research in the area of systems security. He is the recipient of 2014 MIT Lincoln Laboratory Early Career Technical Achievement Award and 2015 MIT Team Award for his work on cyber moving target research. His research interests include cyber security, science of security, security metrics, and operating systems. Currently, Dr. Okhravi is developing cyber-attack resilient systems and networks, focusing on analyzing and creating cyber moving target techniques and resilient systems. Dr. Okhravi has served as a program committee member for a number of academic conferences and workshops including ACM Computer and Communications Security (CCS), Symposium on Research in Attacks, Intrusions, and Defenses (RAID), ACM Moving Target Defense (MTD) Workshop, and ACM SafeConfig Workshop. Dr. Okhravi earned his MS and PhD in electrical and computer engineering from University of Illinois at Urbana-Champaign in 2006 and 2010, respectively.

CCS 2015 MTD Workshop, Monday October 12, 2015
6:45 AM - 8:00 AM Breakfast and Registration (Colorado Foyer and Central Registration Area)
8:00 AM - 8:15 AM Opening Remarks & Logistics
Session Chair: George Cybenko 8:15 AM - 9:15 AM Keynotes: Michael Franz (University of California, Ivine), "From Fine Grained Code Diversity to Execute-Only-Memory: The Cat and Mouse Game Between Attackers and Defenders Continues"
Session #1 (regular paper), MTD Modeling and Evaluation I, Session Chair: Chris Lamb (Sandia National Labs) 9:15 AM - 9:45 AM "A Quantitative Framework for Moving Target Defense Effectiveness Evaluation", Kara Zaffarano (Siege Technologies); Joshua Taylor (Siege Technologies); Samuel Hamilton (Siege Technologies)
9:45 AM - 10:15 AM "A Theory of Cyber Attacks -- A Step Towards Analyzing MTD Systems", Rui Zhuang (Kansas State University); Alexandru G. Bardas (Kansas State University); Scott A. Deloach (Kansas State University); Xinming Ou (Kansas State University)
10:15 AM - 10:45 AM "Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance", Michael Crouse (Harvard University); Bryan Prosser (Wake Forest University); Errin Fulp (Wake Forest University)
10:45 AM - 11:10 AM Coffee Break
Session #2 (short papers), MTD Technologies I, Session Chair: Xinming Ou (South Florida University) 11:10 AM - 11:30 AM "Characterizing Network-Based Moving Target Defenses", Marc Green (Worcester Polytechnic Institute); Douglas MacFarland (Worcester Polytechnic Institute); Doran Smestad (Worcester Polytechnic Institute); Craig Shue (Worcester Polytechnic Institute)
11:30 AM - 11:50 AM "The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking", Douglas MacFarland (Worcester Polytechnic Institute); Craig Shue(Worcester Polytechnic Institute)
11:50 AM - 12:10 PM "VINE: A Cyber Emulation Environment for MTD Experimentation", Thomas C Eskridge (Florida Institute of Technology);  Marco Carvalho (Florida Institute of Technology); Evan Stoner (Florida Institute of Technology); Troy Toggweiler (Florida Institute of Technology); Adrian Granados (Florida Institute of Technology)
12:10 PM - 12:30 PM "Adaptive Just-In-Time Code Diversification", Abhinav Jangda (IIT (BHU) Varanasi); Mohit Mishra (IIT (BHU) Varanasi); Bjorn De Sutter (Ghent University)
12:30 PM - 1:45 PM Lunch
Session Chair: Dijiang Huang 1:45 PM -2:45 PM Keynotes: Hamed Okhravi (MIT Lincoln Laboratory), "Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation"
Session #3 (regular paper), MTD Modeling and Evaluation II, Session Chair: Zhuo Lu (University of Memphis) 2:45 PM - 3:15 PM "Empirical Game-Theoretic Analysis for Moving Target Defense", Achintya Prakash (University of Michigan); Michael Wellman (University of Michigan)
3:15 PM - 3:45 PM "Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graph", Erik Miehling (University of Michigan); Mohammad Rasouli (University of Michigan); Demosthenis Teneketzis (University of Michigan)
3:45 PM - 4:00 PM Coffee Break
Session #4 (regular paper), MTD Technologies II, Session Chair: Thomas Eskridge (Florida Institute of Technology) 4:00 PM - 4:30 PM "DHT Blind Rendezvous for Session Establishment in Network Layer Moving Target Defenses", Christopher Morrell (Virginia Tech); Reese Moore (Virginia Tech); Randy Marchany (Virginia Tech); Joseph Tront (Virginia Tech)
4:30 PM - 5:00 PM "To Be Proactive or Not: A Framework to Model Cyber Maneuvers for Critical Path Protection in MANETs", Zhuo Lu (University of Memphis); Lisa Marvel (Army Research Laboratory); Cliff Wang (North Carolina State University)
5:00 PM - 5:30 PM "Software Protection with Code Mobility", Alessandro Cabutto (University of East London); Paolo Falcarin (University of East London); Bert Abrath (Ghent University); Bart Coppens (Ghent University);  Bjorn De Sutter (Ghent University)
5:30 PM - 6:15 PM Panel Discussion and Wrap up


PC Chairs: George Cybenko (Dartmouth College, USA)
Dijiang Huang (Arizona State University, USA)
Publicity Chair: Massimiliano Albanese (George Mason University, USA)
Program Committee: Gail-Joon Ahn (Arizona State University, USA)
Ehab Al-Shaer (University of North Carolina, Charlotte, USA)
Massimiliano Albanese (George Mason University, USA)
Hasan Cam (US Army Research Laboratory, USA)
Marco Carvalho (Florida Institute of Technology, USA)
Scott DeLoach (Kansas State University, USA)
Yuval Elovici (Ben-Gurion University of the Negev, Israel)
Rob Erbacher (US Army Research Laboratory, USA)
Michael Franz (University of California, Irvine, USA)
Robert Gray (BAE Systems)
Jason Hamlet (Sandia National Laboratories, USA)
Sushil Jajodia (George Mason University, USA)
Myong Kang (US Naval Research Laboratory, USA)
Angelos Keromytis (Columbia University, USA)
Christopher Lamb (Sandia National Laboratories, USA)
Jason Li (Intelligent Automation, Inc. (IAI), USA)
Peng Liu (Penn State University, USA)
Tom Longstaff (John Hopkins University, USA)
Lisa Marvel (US Army Research Laboratory, USA)
Patrick McDaniel (Penn State University, USA)
Prasant Mohapatra (University of California, Davis, USA)
Sanjai Narain (Applied Communication Sciences)
Hamed Okhravi (MIT Lincoln Laboratory, USA)
Xinming Ou (Kansas State University, USA)
Radha Poovendran (University of Washington, USA)
Kui Ren (University at Buffalo, USA)
Kun Sun (College of William and Mary, USA)
Vipin Swarup (MITRE, USA)
Jason Syversen (Siege Technologies)
Cliff Wang (North Carolina State University, USA)
Web Chair: Sandeep Pisharody (Arizona State University, USA)

Updated: July 27, 2015