Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust Economics Newcastle, UK March 9, 2010 Aad van Moorsel Newcastle University, UK

Similar presentations


Presentation on theme: "Trust Economics Newcastle, UK March 9, 2010 Aad van Moorsel Newcastle University, UK"— Presentation transcript:

1 Trust Economics Newcastle, UK March 9, 2010 Aad van Moorsel Newcastle University, UK

2 outline (in randomized order) 1.trust economics methodology 2.the research parts: soliciting human, technical and business aspects models ontologies user interfaces 3.examples passwords and compliance budget digital rights management access management 2 © Aad van Moorsel, Newcastle University, 2010

3 trust economics methodology

4 trust economics methodology for security decisions 4 stakeholders discuss a model of the information system trade off: legal issues, human tendencies, business concerns,... © Aad van Moorsel, Newcastle University, 2010

5 trust economics research from the trust economics methodology, the following research follows: 1.identify human, business and technical concerns 2.develop and apply mathematical modelling techniques 3.glue concerns, models and presentation together using a trust economics information security ontology 4.use the models to improve the stakeholders discourse and decisions 5 © Aad van Moorsel, Newcastle University, 2010

6 our involvement 1.identify human, business and technical concerns –are working on a case study in Access Management (Maciej, James, with Geoff and Hilary from Bath) 2.develop and apply mathematical modelling techniques –are generalising concepts to model human behaviour, and are validating it with data collection (Rob, Simon, with Doug, Robin and Bill from UIUC) –do a modelling case study in DRM (Wen) 3.glue concerns, models and presentation together using a trust economics information security ontology –developed an information security ontology, taking into account human behavioural aspect (Simon) –made an ontology editing tool for CISOs (John) –are working on a collaborative web-based tool (John, Simon, Stefan from SBA, Austria) 4.use the models to improve the stakeholders discourse and decision –using participatory design methodology, are working with CISOs to do a user study (Simon, Philip and Angela from UCL) 6 © Aad van Moorsel, Newcastle University, 2010

7 example of the trust economics methodology passwords

8 Information Security Management 8 Find out about how users behave, what the business issues are: CISO1: Transport is a big deal. Interviewer1: We’re trying to recognise this in our user classes. CISO1: We have engineers on the road, have lots of access, and are more gifted in IT. Interviewer1: Do you think it would be useful to configure different user classes? CISO1: I think it’s covered. Interviewer1: And different values, different possible consequences if a loss occurs. I’m assuming you would want to be able to configure. CISO1: Yes. Eg. customer list might or might not be very valuable. Interviewer1: And be able to configure links with different user classes and the assets. CISO1: Yes, if you could, absolutely. Interviewer1: We’re going to stick with defaults at first and allow configuration if needed later. So, the costs of the password policy: running costs, helpdesk staff, trade-off of helpdesk vs. productivity CISO1: That’s right. © Aad van Moorsel, Newcastle University, 2010

9 Information Security Management 9 Find out about how users behave, what the business issues are: Discussion of "Productivity Losses": CISO2: But it’s proportional to amount they earn. This is productivity. eg. $1m salary but bring $20m into the company. There are expense people and productivity people. Interviewer1: We have execs, “road warrior”, office drone. Drones are just a cost. Interviewer2: And the 3 groups have different threat scenarios. CISO2: Risk of over-complicating it, hard to work out who is income-earner and what proportion is income earning. Interviewer2: But this is good point. CISO2: Make it parameterisable, at choice of CISO. … CISO2: So, need to be able to drill down into productivity, cost, - esp in small company. © Aad van Moorsel, Newcastle University, 2010

10 a model of the IT system 10

11 tool to communicate the result to a CISO

12 an information security ontology incorporating human-behavioural implications Simon Parkin, Aad van Moorsel Newcastle University, UK Robert Coles, Bank of America Merrill Lynch

13 trust economics ontology 13 we want to have a set of tools that implement the trust economics methodology needs to work for different case studies need a way to represent, maintain and interrelate relevant information glue between –problem space: technical, human, business –models –interfaces © Aad van Moorsel, Newcastle University, 2010

14 Using an Ontology 14 We chose to use an ontology to address these requirements, because: –An ontology helps to formally define concepts and taxonomies –An ontology serves as a means to share knowledge Potentially across different disciplines –An ontology can relate fragments of knowledge Identify interdependencies © Aad van Moorsel, Newcastle University, 2010

15 Business, Behaviour and Security 15 Example: Password Management –There is a need to balance security and ease-of-use –A complex password may be hard to crack, but might also be hard to remember Is there a way to: –Identify our choices in these situations? –Consider the potential outcomes of our choices in a reasoned manner? © Aad van Moorsel, Newcastle University, 2010

16 Requirements 16 Standards should be represented –Information security mechanisms are guided by policies, which are increasingly informed by standards The usability and security behaviours of staff must be considered –Information assets being accessed; –The vulnerabilities that users create; –The intentional or unintentional threats user actions pose, and; –The potential process controls that may be used and their identifiable effects CISOs must be able to relate ontology content to the security infrastructure they manage –Representation of human factors and external standards should be clear, unambiguous, and illustrate interdependencies © Aad van Moorsel, Newcastle University, 2010

17 Information Security Ontology 17 We created an ontology to represent the human-behavioural implications of information security management decisions –Makes the potential human-behavioural implications visible and comparable Ontology content is aligned with information security management guidelines –We chose the ISO27002: “Code of Practice” standard –Provides a familiar context for information security managers (e.g. CISOs, CIOs, etc.) –Formalised content is encoded in the Web Ontology Language (OWL) Human factors researchers and CISOs can contribute expertise within an ontology framework that connects their respective domains of knowledge –Input from industrial partners and human factors researchers helps to make the ontology relevant and useful to prospective users © Aad van Moorsel, Newcastle University, 2010

18 Ontology - Overview 18 © Aad van Moorsel, Newcastle University, 2010

19 Ontology – Password Policy Example 19 © Aad van Moorsel, Newcastle University, 2010

20 Example – Password Memorisation 20 © Aad van Moorsel, Newcastle University, 2010

21 Example – Recall Methods 21 © Aad van Moorsel, Newcastle University, 2010

22 Example – Password Reset Function 22 © Aad van Moorsel, Newcastle University, 2010

23 Conclusions 23 CISOs need an awareness of the human- behavioural implications of their security management decisions Human Factors researchers need a way to contribute their expertise and align it with concepts that are familiar to CISOs –Standards –IT infrastructure –Business processes We provided an ontology as a solution –Serves as a formalised base of knowledge –one piece of the Trust Economics tools © Aad van Moorsel, Newcastle University, 2010

24 an ontology for structured systems economics Adam Beaument UCL, HP Labs David Pym HP Labs, University of Bath

25 ontology to link with the models 25 © Aad van Moorsel, Newcastle University, 2010 thus far, trust economics ontology represent technology and human behavioural issues how to glue this to the mathematical models?

26 ontology 26 © Aad van Moorsel, Newcastle University, 2010

27 27 © Aad van Moorsel, Newcastle University, 2010

28 conclusion on trust economics ontology 28 © Aad van Moorsel, Newcastle University, 2010 trust economics ontology is work in progress -added human behavioural aspects to IT security concepts -provided an abstraction that allows IT to be represented tailored to process algebraic model to do: -complete as well as simplify... -proof is in the pudding: someone needs to use it in a case study

29 an ontology editor and a community ontology John Mace (project student) Simon Parkin Aad van Moorsel Stefan Fenz SBA, Austria

30 Stakeholders Chief Information Security Officers (CISOs) Human Factors Researchers Ontology experts 30

31 Current Ontology Development Requires use of an ontology creation tool Graphical or text based tools Both create machine readable ontology file from user input User must define underlying ontology structure 31

32 Current Development Issues Knowledge required of ontology development and tools Development knowledge held by ontology experts and not those whose knowledge requires capture Current tools are complex and largely aimed at ontology experts Process is time-consuming and error prone 32

33 how would you want to write ontology content? 33

34 Proposed Solution A simple, intuitive tool to create/modify ontology in graphical form Captures knowledge of domain experts while removing need to know of ontology construction techniques Underlying information security ontology structure is predefined Interactive help system and mechanisms to minimise error 34

35 Implementation Overview 35

36 Ontology Editor 36

37 Adding New Concept 37

38 Ontology Diagram 38

39 Java Translation Program 39

40 Ontology File Written in machine readable Web Ontology Language OWL Created using OWL API File structure: –Header –Classes –Data properties –Object properties –Individuals 40

41 Ontology File Example 41

42 Summary Need for information security ontology editing tool Proposed tool allows domain experts to develop ontology without knowledge of ontology construction Delivers machine readable ontology files Simplifies development process Allow further development of ‘base’ ontology 42

43 Future Developments Ontology too large for small group to develop effectively Vast array of knowledge held globally Ontology development needs to be a collaborative process to be effective Web-oriented collaborative editing tool Basis for 3 rd year dissertation 43

44 user evaluation for trust economics software Simon Parkin Aad van Moorsel Philip Inglesant Angela Sasse UCL

45 participatory design of a trust economics tool 45 assume we have all pieces together: ontology models CISO interfaces what should the tool look like? we conduct a participatory design study with CISOs from: ISS UCL National Grid method: get wish list from CISOs, show a mock-up tool and collect feedback, improve, add model in background, try it out with CISOs, etc. © Aad van Moorsel, Newcastle University, 2010

46 tool to communicate the result to a CISO

47 CISO user interfaces 47 © Aad van Moorsel, Newcastle University, 2010

48 Information Security Management 48 Find out about how users behave, what the business issues are: CISO1: Transport is a big deal. Interviewer1: We’re trying to recognise this in our user classes. CISO1: We have engineers on the road, have lots of access, and are more gifted in IT. Interviewer1: Do you think it would be useful to configure different user classes? CISO1: I think it’s covered. Interviewer1: And different values, different possible consequences if a loss occurs. I’m assuming you would want to be able to configure. CISO1: Yes. Eg. customer list might or might not be very valuable. Interviewer1: And be able to configure links with different user classes and the assets. CISO1: Yes, if you could, absolutely. Interviewer1: We’re going to stick with defaults at first and allow configuration if needed later. So, the costs of the password policy: running costs, helpdesk staff, trade-off of helpdesk vs. productivity CISO1: That’s right. © Aad van Moorsel, Newcastle University, 2010

49 Information Security Management 49 Find out about how users behave, what the business issues are: Discussion of "Productivity Losses": CISO2: But it’s proportional to amount they earn. This is productivity. eg. $1m salary but bring $20m into the company. There are expense people and productivity people. Interviewer1: We have execs, “road warrior”, office drone. Drones are just a cost. Interviewer2: And the 3 groups have different threat scenarios. CISO2: Risk of over-complicating it, hard to work out who is income-earner and what proportion is income earning. Interviewer2: But this is good point. CISO2: Make it parameterisable, at choice of CISO. … CISO2: So, need to be able to drill down into productivity, cost, - esp in small company. © Aad van Moorsel, Newcastle University, 2010

50 example of the trust economics methodology access management Maciej Machulak (also funded by JISC SMART) James Turland (funded by EPSRC AMPS) Wen Zeng (for DRM) Aad van Moorsel Geoff Duggan Hilary Johnson University of Bath

51 Project Description The SMART (Student-Managed Access to Online Resources) project will develop an online data access management system based on the User-Managed Access (UMA) Web protocol, deploy it within Newcastle University and evaluate the system through a user study. –The project team will also contribute to the standardisation effort of the UMA protocol by actively participating in the User-Managed Access Work Group (UMA WG – charter of the Kantara Initiative) 51

52 Project Description - UMA User-Managed Access protocol – allows an individual control the authorization of data sharing and service access made between online services on the individual's behalf. Source: 52

53 Project Description – Objectives Objectives: –Define scenario for UMA use case within Higher Education (HE) environments –Develop UMA-based authorisation solution –Deploy the UMA-based solution within Newcastle University: Integrate the system with institutional Web applications Evaluate the system through a user study –Contribute with the scenario, software and project findings to the UMA WG and actively participate in the standardisation effort of the UMA Web protocol. –Demonstrate, document and disseminate project outputs 53

54 trust economics applied to access management we build the application we build models to quantify trust or CIA properties we investigate user interfaces and user behaviour to input into the model related: we also build DRM models, trading off productivity and confidentiality 54

55 modelling concepts and model validation Rob Cain (funded by HP) Simon Parkin Aad van Moorsel Doug Eskin (funded by HP) Robin Berthier Bill Sanders University of Illinois at Urbana-Champaign

56 project objectives performance models traditionally have not included human behavioural aspects in their models we want to have generic modelling constructs to represent human behaviour, tendencies and choices: –compliance budget –risk propensity –impact of training –role dependent behaviour we want to validate our models with collected data –offline data, such as from interviews –online data, measure ‘live’ we want to optimise the data collection strategy in some cases, it makes sense to extend our trust economics methodology with a strategy for data collection 56

57 Presentation of Mobius 57

58 Sample Results 58

59 Sample Mobius Results (Cont.) 59

60 Criticality of Using Data The goal of using data is to provide credibility to the model: –By defining and tuning input parameters according to individual organization –By assessing the validity of prediction results Issues: –Numerous data sources –Collection and processing phases are expensive and time consuming –No strategy to drive data monitoring –Mismatch between model and data that can be collected 60

61 Data Collection Approach 1.Design specialized model according to requirements 2.Classify potential data sources according to their cost and quality 3.Optimize collection of data according to parameter importance 4.Run data validation and execute model Model Importance Stakeholders Data Sources Cost / Quality Input parameter definition Output validation Input parameter definition Output validation 61

62 Data Sources Classification Cost: –Cost to obtain –Time to obtain –Transparency –Legislative process Quality: –Accuracy –Applicability Importance: –Influence of parameter value on output 62

63 63 Low Medium High Organization Budget Parameters input/o utput CategoryParameterDescriptionVariablesInfluenceData Sources and Cost inBudget Total security investment IT budget. Default is 100 medium IT security survey (http://www.gartner.com, interview with IT directors public gov. budget data inBudget Training investment Training budget. Always, one-off 100 USB stick = 100, software = 0, install and maintenance = 0 low interview with IT directors public gov. budget data inBudget Support proportion of budget Experimental value. Proportion of Active Security Investment used for support high interview with IT directors public gov. budget data inBudget Monitoring proportion of budget Experimental value. 1 – (Support proportion of budget) high interview with IT directors public gov. budget data 63 © Aad van Moorsel, Newcastle University, 2010

64 64 input/ output CategoryParameterDescriptionVariablesInfluenceData Sources and Cost in User behavior Compliance budget Effort willing to spend conforming with security policy that doesn't benefit you. in User behavior Perceived benefit of task Effort willing to put in without using compliance budget. Generalised: understanding, investment, incentives User survey Overall Human Parameters 64 © Aad van Moorsel, Newcastle University, 2010

65 input/ou tput CategoryParameterDescriptionVariablesInfluenceData Sources and Cost in Culture of organization Prob, of leaving default password Organization policy, user trainingmedium inUser behaviorPassword strength Organization policy, user trainingmedium in Attacker determination Password strength threshold Compromised by brute force attack Password stength, attacker determination medium inUser behavior Password update frequency Organization policy, user trainingmedium inUser behavior Prob. of being locked out when password is forgottenOrganization policy, user trainingmedium inUser interface Prob. of finding lost password efficiency of password recovery tech. medium inUser interface Prob. of needing support (#support queries / #users)prob. of forgetting passwordmedium inUser behavior Management reprimands medium inUser behavior Negative support experiences medium outUser behavior Prob. password can be compromised high outSecurityAvailability#successful data transfer high outSecurityConfidentiality#exposures + #reveals high Password: Probability of Break-in 65

66 data collection research four sub problems: determine which data is needed to validate the model: –provide input parameter values –validate output parameters technical implementation of the data collection optimize data collection such that cost is within a certain bound: need to find the important parameters and trade off with cost of collecting it add data collection to the trust economics methodology: –a data collection strategy will be associated with the use of a model 66

67 conclusion 67 trust economics research in Newcastle: ontology for human behavioural aspects, incl. editor and community version tool design with CISOs modelling: DRM and Access Management data collection strategies for validation work to be done: generic ontology for trust economics, underlying the tools actual tool building evaluation of the methodology and formulate a publication strategy © Aad van Moorsel, Newcastle University, 2010

68 trust economics info Publications: An Information Security Ontology Incorporating Human-Behavioural Implications. Simon Parkin, Aad van Moorsel, Robert Coles. International Conference on Security of Information and Networks, 2009 Risk Modelling of Access Control Policies with Human-Behavioural Factors. Simon Parkin and Aad van Moorsel. International Workshop on Performability Modeling of Computer and Communication Systems, A Knowledge Base for Justified Information Security Decision-Making. Daria Stepanova, Simon Parkin, Aad van Moorsel. International Conference on Software and Data Technologies, Architecting Dependable Access Control Systems for Multi-Domain Computing Environments. Maciej Machulak, Simon Parkin, Aad van Moorsel. Architecting Dependable Systems VI, R. De Lemos, J. Fabre C. Gacek, F. Gadducci and M. ter Beek (Eds.), Springer, LNCS 5835, pp. 49—75, Trust Economics Feasibility Study. Robert Coles, Jonathan Griffin, Hilary Johnson, Brian Monahan, Simon Parkin, David Pym, Angela Sasse and Aad van Moorsel. Workshop on Resilience Assessment and Dependability Benchmarking, The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies. Simon Parkin, Rouaa Yassin-Kassab and Aad van Moorsel. International Service Availability Symposium, Technical reports: Architecture and Protocol for User-Controlled Access Management in Web 2.0 Applications. Maciej Machulak, Aad van Moorsel. CS-TR 1191, 2010 Ontology Editing Tool for Information Security and Human Factors Experts. John Mace, Simon Parkin, Aad van Moorsel. CS-TR 1172, 2009 Use Cases for User-Centric Access Control for the Web, Maciej Machulak, Aad van Moorsel. CS-TR 1165, 2009 A Novel Approach to Access Control for the Web. Maciej Machulak, Aad van Moorsel. CS-TR 1157, 2009 Proceedings of the First Trust Economics Workshop. Philip Inglesant, Maciej Machulak, Simon Parkin, Aad van Moorsel, Julian Williams (Eds.). CS-TR 1153, A Trust-economic Perspective on Information Security Technologies. Simon Parkin, Aad van Moorsel. CS-TR 1056, © Aad van Moorsel, Newcastle University, 2010


Download ppt "Trust Economics Newcastle, UK March 9, 2010 Aad van Moorsel Newcastle University, UK"

Similar presentations


Ads by Google