Defensive Resource Allocations with Security Chokepoints in IPv6 Networks

Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a sele...

Full description

Saved in:
Bibliographic Details
Published inData and Applications Security and Privacy XXIX Vol. 9149; pp. 261 - 276
Main Authors Gueye, Assane, Mell, Peter, Harang, Richard, La, Richard J.
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2015
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Chokepoints
Computer security
Information architecture
IPv6
Moving target
Security
Vertex partitioning
Online AccessGet full text
ISBN3319208098
9783319208091
ISSN0302-9743
1611-3349
1611-3349
DOI10.1007/978-3-319-20810-7_19

Cover

Abstract Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a select group of chokepoint hosts to enhance detection or deter penetration. Chokepoints are chosen such that, together, they connect small isolated clusters of the communication graph. Hence, attackers attempting to propagate are limited to a small set of targets or have to penetrate one or more chokepoints. Optimal placement of chokepoints requires solving an NP-hard problem and, hence, we approximate optimal solutions via a suite of heuristics. We test our algorithms on data from a large operational network and discover that heightened security measures are only needed on 0.65 % of the nodes to restrict unimpeded attacker propagation to no more than 15 % of the network.
AbstractList Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a select group of chokepoint hosts to enhance detection or deter penetration. Chokepoints are chosen such that, together, they connect small isolated clusters of the communication graph. Hence, attackers attempting to propagate are limited to a small set of targets or have to penetrate one or more chokepoints. Optimal placement of chokepoints requires solving an NP-hard problem and, hence, we approximate optimal solutions via a suite of heuristics. We test our algorithms on data from a large operational network and discover that heightened security measures are only needed on 0.65 % of the nodes to restrict unimpeded attacker propagation to no more than 15 % of the network.
Author Harang, Richard
La, Richard J.
Mell, Peter
Gueye, Assane
Author_xml – sequence: 1
  givenname: Assane
  surname: Gueye
  fullname: Gueye, Assane
  email: agueye@umd.edu
  organization: University of Maryland, College Park, USA
– sequence: 2
  givenname: Peter
  surname: Mell
  fullname: Mell, Peter
  email: peter.mell@nist.gov
  organization: National Institute of Standards and Technology, Gaithersburg, USA
– sequence: 3
  givenname: Richard
  surname: Harang
  fullname: Harang, Richard
  email: richard.e.harang.civ@mail.mil
  organization: U.S. Army Research Laboratory, Adelphi, USA
– sequence: 4
  givenname: Richard J.
  surname: La
  fullname: La, Richard J.
  email: hyongla@umd.edu
  organization: University of Maryland, College Park, USA
BookMark eNqNkcluGzEMQNUmKeqk-YMe5gfUUMtoOQbuZiBoijY5C_KYU089kaaSHMN_XzkOcm1PBEg-gnw8J6chBiTkPYMPDEBfWW2ooIJZysEwoNox-4qci5p5SrDXZMYUY1QIaU9eCmDNKZmBAE6tluINmVnGjRKqhbfkMuffAMDa1kgjZmTxEXsMeXjE5gfmuE0dNtfjGDtfhhhysxvKuvmJ3TYNZd_M13GDUxxCyc0QmsX3R9V8w7KLaZPfkbPejxkvn-MFuf_86W7-ld7cflnMr2_oWihTqOYgFXDT8xZ7AZ6zuog31mhcyVXLUUsLK6E7U3uMXS2ZwmXPDCilsR4rLkh7nLsNk9_v_Di6KQ0PPu0dA3cQ56o4J1y14Z48uYO4yvEjl2t7-IXJLWPc5H9B8ghNKf7ZYi4OD1SHoSQ_dms_FUzZKW60sK3jEhxX8n-x-gRdbbxgfwHA0Y66
ContentType Book Chapter
Copyright IFIP International Federation for Information Processing 2015
Copyright_xml – notice: IFIP International Federation for Information Processing 2015
DBID FFUUA
ABOKW
UNPAY
DEWEY 005.8
DOI 10.1007/978-3-319-20810-7_19
DatabaseName ProQuest Ebook Central - Book Chapters - Demo use only
Unpaywall for CDI: Monographs and Miscellaneous Content
Unpaywall
DatabaseTitleList
Database_xml – sequence: 1
  dbid: UNPAY
  name: Unpaywall
  url: https://proxy.k.utb.cz/login?url=https://unpaywall.org/
  sourceTypes: Open Access Repository
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 3319208101
9783319208107
EISSN 1611-3349
Editor Samarati, Pierangela
Editor_xml – sequence: 1
  fullname: Samarati, Pierangela
EndPage 276
ExternalDocumentID oai:HAL:hal-01745826v1
EBC6287395_240_264
EBC5587046_240_264
GroupedDBID 0D6
0DA
38.
AABBV
AAGZE
AAZAK
AAZUS
ABBVZ
ABFTD
ABMNI
ACKNT
ACRRC
AEDXK
AEJLV
AEKFX
AETDV
AEZAY
ALMA_UNASSIGNED_HOLDINGS
APFYR
AZZ
BBABE
CZZ
FFUUA
I4C
IEZ
IY-
LDH
SBO
SFQCF
TMQGW
TPJZQ
TSXQS
TWXRB
Z7R
Z7S
Z7U
Z7X
Z7Y
Z7Z
Z81
Z83
Z84
Z85
Z88
-DT
-GH
-~X
1SB
29L
2HA
2HV
5QI
875
AASHB
ACGFS
ADCXD
AEFIE
EJD
F5P
FEDTE
HVGLF
LAS
P2P
RNI
RSU
SVGTG
VI1
~02
ABOKW
UNPAY
ID FETCH-LOGICAL-h368t-72046028f25ef30a21848a8987ed4d52e7490d37c828f89db16ebf180667e6113
IEDL.DBID UNPAY
ISBN 3319208098
9783319208091
ISSN 0302-9743
1611-3349
IngestDate Sun Oct 26 02:18:23 EDT 2025
Wed Sep 17 04:00:57 EDT 2025
Thu May 29 01:00:16 EDT 2025
Wed May 28 23:42:57 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
LCCallNum QA76.9.A25QA76.9.D3Q
Language English
License cc-by
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-h368t-72046028f25ef30a21848a8987ed4d52e7490d37c828f89db16ebf180667e6113
OCLC 912863650
OpenAccessLink https://proxy.k.utb.cz/login?url=https://inria.hal.science/hal-01745826
PQID EBC5587046_240_264
PageCount 16
ParticipantIDs unpaywall_primary_10_1007_978_3_319_20810_7_19
springer_books_10_1007_978_3_319_20810_7_19
proquest_ebookcentralchapters_6287395_240_264
proquest_ebookcentralchapters_5587046_240_264
PublicationCentury 2000
PublicationDate 2015
PublicationDateYYYYMMDD 2015-01-01
PublicationDate_xml – year: 2015
  text: 2015
PublicationDecade 2010
PublicationPlace Switzerland
PublicationPlace_xml – name: Switzerland
– name: Cham
PublicationSeriesSubtitle Information Systems and Applications, incl. Internet/Web, and HCI
PublicationSeriesTitle Lecture Notes in Computer Science
PublicationSeriesTitleAlternate Lect.Notes Computer
PublicationSubtitle 29th Annual IFIP WG 11. 3 Working Conference, DBSec 2015, Fairfax, VA, USA, July 13-15, 2015, Proceedings
PublicationTitle Data and Applications Security and Privacy XXIX
PublicationYear 2015
Publisher Springer International Publishing AG
Springer International Publishing
Publisher_xml – name: Springer International Publishing AG
– name: Springer International Publishing
RelatedPersons Kleinberg, Jon M.
Mattern, Friedemann
Naor, Moni
Mitchell, John C.
Terzopoulos, Demetri
Steffen, Bernhard
Pandu Rangan, C.
Kanade, Takeo
Kittler, Josef
Weikum, Gerhard
Hutchison, David
Tygar, Doug
RelatedPersons_xml – sequence: 1
  givenname: David
  surname: Hutchison
  fullname: Hutchison, David
  organization: Dept. Computer Sciences, Lancaster University, Lancaster, United Kingdom
– sequence: 2
  givenname: Takeo
  surname: Kanade
  fullname: Kanade, Takeo
  organization: Robotics Institute, Carnegie Mellon University, Pittsburgh, USA
– sequence: 3
  givenname: Josef
  surname: Kittler
  fullname: Kittler, Josef
  organization: Fac. Engineering & Physical Sciences, University of Surrey, Guildford, United Kingdom
– sequence: 4
  givenname: Jon M.
  surname: Kleinberg
  fullname: Kleinberg, Jon M.
  organization: Cornell University, Ithaca, USA
– sequence: 5
  givenname: Friedemann
  surname: Mattern
  fullname: Mattern, Friedemann
  organization: ETH Zürich, Zürich, Switzerland
– sequence: 6
  givenname: John C.
  surname: Mitchell
  fullname: Mitchell, John C.
  organization: Stanford University Dept. Computer Science, Stanford, USA
– sequence: 7
  givenname: Moni
  surname: Naor
  fullname: Naor, Moni
  organization: Computer Science, Weizmann Institute of Science, Rehovot, Israel
– sequence: 8
  givenname: C.
  surname: Pandu Rangan
  fullname: Pandu Rangan, C.
  organization: Indian Institute of Technology Madras, Chennai, India
– sequence: 9
  givenname: Bernhard
  surname: Steffen
  fullname: Steffen, Bernhard
  organization: Technical University of Dortmund, Dortmund, Germany
– sequence: 10
  givenname: Demetri
  surname: Terzopoulos
  fullname: Terzopoulos, Demetri
  organization: University of California, Los Angeles Dept. Computer Science, Los Angeles, USA
– sequence: 11
  givenname: Doug
  surname: Tygar
  fullname: Tygar, Doug
  organization: Management & Systems (SIMS), University of California, Berkeley Dept. Computer Science & Informatio, Berkeley, USA
– sequence: 12
  givenname: Gerhard
  surname: Weikum
  fullname: Weikum, Gerhard
  organization: Max Planck Institute for Informatics, Saarbrücken, Germany
SSID ssj0001558483
ssj0002792
Score 1.7559453
Snippet Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign...
SourceID unpaywall
springer
proquest
SourceType Open Access Repository
Publisher
StartPage 261
SubjectTerms Chokepoints
Computer security
Information architecture
IPv6
Moving target
Security
Vertex partitioning
Title Defensive Resource Allocations with Security Chokepoints in IPv6 Networks
URI http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=5587046&ppg=264
http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6287395&ppg=264
http://link.springer.com/10.1007/978-3-319-20810-7_19
https://inria.hal.science/hal-01745826
UnpaywallVersion submittedVersion
Volume 9149
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwED5BOyAYylMUAfLAhhzaOPFjrKClIFQhQRFMVh6OqKhCRVMQ_HrOeUBhoGLL4CTWnRN_n--7O4AjoZSRfsujCdI2iiskojIObT9il7GwLUIR5CrfAe8Pvct7_74UyOa5MCna3XlE3FnuACd4jXxX2PgOX4Y69xFz16A-HFx3HooQgUtVqaTntiYf89RcjlwR_repOi7ufi0qdPsnmvwKgK7CyiydBO9vwXg8t8f0GnBeza6Qljw5syx0oo9fhRsXT38d1mwGA7GpBWi1DVgy6SY0qv4NpPyct-DizCSFfp1Up_ikM7a7W74YiT2jJTdlgzt83PMTovVRmk3JKCUX16-cDAoR-XQbhr3u7Wmflq0V6CPjMqO2NQ1HaJG4vklYK7BETwZSSWFiL_ZdIzzVipmIkJAlUqH3uAmTtrSSWINWZjtQS59TswskYAoph4c8RklbP0x5kTBIfI3hIVcsbgKtjK3zAHCpOo0KI0y17-M_w-MasYVGeLZwPEeSh-_8Hn9ceVDb4VNdVWJG12um0fU6d722rm-C8-VkPSkKevx5w95_b9iHWvYyMweIVbLwEOqd7uXV3WG5YD8BHtvjwQ
linkProvider Unpaywall
linkToUnpaywall http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELagHRAM5SmKAHlgQw5pnPgxVkBpGapKUKlMVh6OWrVKK5KC4NdzzqMUBiq2DE5i3Tnx9_m-u0PoikuphWe7JAbaRmCFhEREgelH7FAatHjA_Vzl22fdofs48kalQDbPhUnA7tYYcGe5A9zANfBdbuI7bBvVmQeYu4bqw_6g_VKECBwiSyU9MzX5qCvXcuSK8L9J1XFg97MJV62faHIVAN1FO8tk4X-8-7PZ2h7TaaCHanaFtGRqLbPACj9_FW7cPP19tGcyGLBJLQCrHaAtnRyiRtW_AZef8xHq3em40K_j6hQft2dmd8sXIzZntPipbHAHj5tPAa1PkizFkwT3Bm8M9wsReXqMhp3759suKVsrkDFlIiOmNQ0DaBE7no6p7RuiJ3whBdeRG3mO5q60I8pDIGSxkOA9poO4JYwkVoOV6QmqJfNEnyLsUwmUwwUeI4WpHybdkGsgvlqzgEkaNRGpjK3yAHCpOg0LI6TK8-Cf4TIF2EIBPNs4ngHJg3d-j7-uPKjM8FRVlZjB9YoqcL3KXa-M65vIWjlZLYqCHn_ecPbfG85RLXtd6gvAKllwWS7ULwi34iw
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Data+and+Applications+Security+and+Privacy+XXIX&rft.atitle=Defensive+Resource+Allocations+with+Security+Chokepoints+in+IPv6+Networks&rft.date=2015-01-01&rft.pub=Springer+International+Publishing+AG&rft.isbn=9783319208091&rft.volume=9149&rft_id=info:doi/10.1007%2F978-3-319-20810-7_19&rft.externalDBID=264&rft.externalDocID=EBC5587046_240_264
thumbnail_s http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F5587046-l.jpg
http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6287395-l.jpg