Achieving security cannot be done with a single, silver-bullet solution; instead, good security involves a collection of mechanisms that work together to balance the cost of securing computer systems with the possible damage caused by security compromises. Last year, I developed — with great deal of input from my PhD adviser Prof. Eugene Spafford (aka Spaf) — a taxonomy of protection mechanisms commonly used in systems’ defenses.
The diagram shows four major categories of protection mechanisms and illustrates how they intersect achieving multiple goals. The rationale behind having these intersecting categories is that a single layer of security is not adequate to protect organizations – so multi-level security controls are needed (Sourour et al, 2009). In this model, the first goal is to deny unauthorized access and isolate our computer systems from untrusted agents. However, if adversaries succeed in penetrating these security defenses, we should have degradation and obfuscation mechanisms in place that slow the lateral movement of attackers in penetrating our internal systems. At the same time, this should make the extraction of data from penetrated systems more challenging.
Even if we slow the attackers down and obfuscate our information, advanced adversaries may explore our systems undetected. This motivates the need for a third level of security controls that involves using means of deceit and negative information. These techniques are designed to lead attackers astray and augment our systems with decoys to detect stealthy adversaries. Furthermore, this deceitful information will waste the time of the attackers and/or add risk during their infiltration. We will provide more discussion and give some example on how to achieve these goals in the third section below. The final group of mechanisms in our taxonomy is designed to attribute the attackers and give us the ability to have counter-operations.