Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur.

Similar presentations


Presentation on theme: "Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur."— Presentation transcript:

1 Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur SG17 Tutorial Geneva 15 Dec 2010 V1.1

2 CYBEX Basics The new cybersecurity paradigm know your weaknesses minimize the vulnerabilities know your attacks share the heuristics within trust communities CYBEX – techniques for the new paradigm Weakness, vulnerability and state Event, incident, and heuristics Information exchange policy Identification, discovery, and query Identity assurance Exchange protocols X.1500 culminates a broadly supported 2-year effort Consists of a non-prescriptive, extensible, complementary collection of tools that can be used as needed 2

3 Todays Reality security by design is not a reasonable objective today, as the code/systems are too complex, distributed, autonomous and constantly changing Common global protocol platforms for the trusted exchange of information are essential A distributed, security management network plane that supports autonomy is emerging Single national centres for this purpose are not feasible and would represent a massive vulnerability 3

4 CYBEX Facilitates a Global Cybersecurity Model 4 CYBEX Information Exchange Techniques Deny resources Stored event data availability Identity Management Forensics & heuristics analysis Provide data for analysis Encryption/ VPNs esp. for signalling Resilient infrastructure Routing & resource constraints Network/ application state & integrity Real-time data availability Measures for protection Measures for threat detection Blacklists & whitelists Vulnerability notices Measures for threat response Provide basis for additional actions Patch development Provide basis for actions Reputation sanctions Provide awareness of vulnerabilities and remedies

5 The CYBEX Model 5 Cybersecurity Information use (out of scope) structuring cybersecurity information for exchange purposes identifying and discovering cybersecurity information and entities establishment of trust and policy agreement between exchanging entities requesting and responding with cybersecurity information assuring the integrity of the cybersecurity information exchange Cybersecurity Entities Cybersecurity Entities Cybersecurity Information acquisition (out of scope)

6 Exchange Policies Exchange Weakness, Vulnerability/State Exchange Event/Incident/Heuristics Exchange CYBEX Technique Clusters: Structured Information Event Expressions Malicious Behavior Malware Patterns Incident and Attack Patterns Knowledge Base Weaknesses Vulnerabilities and Exposures Platforms State Assessment Results Security State Measurement Configuration Checklists Terms and conditions

7 Exchange Protocol CYBEX Technique Clusters: Utilities Identity Assurance Authentication Assurance Methods Authentication Assurance Methods Authentication Assurance Levels Identification, Discovery, Query Common Namespaces Discovery enabling mechanisms Request and distribution mechanisms Interaction Security Transport Security Trusted Platforms Trusted Network Connect

8 Todays Use Cases Your computer Patch Tuesday Open Windows Update X.1500 Appendices NICT CYBEX Ontology Japans JVN USA Federal Desktop Core Configuration/ US Government Configuration Baseline 8

9 Significant adoption rate SG17 December 2010 Geneva Cybersecurity Workshop Session 5.1 Robert A. Martin of MITRE described the essentials for Vendor Neutral Security Measurement & Management with Standards Ian Bryant of the EU NEISAS Project described the challenges in sharing security information for infrastructure protection Takeshi Takahashi of NICT described an ontological approach for cybersecurity information haring, especially for Cloud Computing Thomas Millar of the US-CERT presented an operational model of CIRT processes for improved collaboration and capability development Luc Dandurand of NATO described his organizations new initiative for cyber defence data exchange and collaboration infrastructure (CDXI) Damir Rajnovic of FIRST described the structure and mechanisms of the principal global organization of cybersecurity incident centers IETF October 2010 Beijing Meeting CYBEX conceptualized as a security management layer 9

10 Toward Network Security Planes: Security Automation Schemas Everywhere 10 OVAL Open Vulnerability and Assessment Language CWE Common Weakness Enumeration CVE Common Vulnerabilities and Exposures CPE Common Platform Enumeration CVSS Common Vulnerability Scoring System CVSS Common Vulnerability Scoring System CWSS Common Weakness Scoring System CCE Common Configuration Enumeration XCCDF eXensible Configuration Checklist Description Format XCCDF eXensible Configuration Checklist Description Format ARF Assessment Result Format ARF Assessment Result Format SCAP Security Automation Tools

11 What about Future Networks/NGNs? A potential implementation of a CYBEX reference model for NGNs is depicted in the following diagrams SCAP should be ubiquitous in the models This approach is adapted from a similar approach already being taken for NGN Identity Management NGN providers would play a substantial CYBEX framework-support function with understood assurance levels among themselves and all network devices and capabilities within their domain Under this approach, CYBEX techniques would be adapted as necessary through the use of extensions and reflected in a new extensible Y-series Recommendation ETSI TISPAN is already working on a similar model 11

12 CYBEX applied to Future Network Strata 12 Management Plane Control Plane NGN Transport Stratum User Plane Management Plane Control Plane NGN Service Stratum User Plane Figure 2/Y.2011 Scope of CYBEX

13 CYBEX applied to Future Network Functions 13 Resources Transfer Functional Area Transport Management Functions Resources Infrastructural, application, middleware and baseware services Services Transport Control Functions Service Management Functions Service Control Functions Scope of CYBEX Figure 3/Y.2011

14 CYBEX applied to Future Network Models toward a NGN/FN security plane 14 CYBEX Exchange on NNI Interfaces Service Control Transport Stratum Application Support NGN Provider A End User Functions Management Functions CYEX Functions CYBEX Functions Service Control Transport Stratum Application Support NGN Provider B End User Functions Management Functions Cybex Functions CYBEX Functions CYBEX Exchange on UNI Interfaces


Download ppt "Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur."

Similar presentations


Ads by Google