Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.

Published byKade Tuley Modified over 9 years ago

Similar presentations

Presentation on theme: "Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea."— Presentation transcript:

1 Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea Ceccarelli, Ilaria Matteucci, Felicita Di Giandomenico Fai della Paganella - February 12, 2014

2 Outline 1.General description of work 2.Basics 3.Architecture/Framework 4.Use case 5.Conclusions and future works

3 General description of the work Security analysis and design are key activities for the protection of critical systems and infrastructure. Traditional approaches: – Apply a qualitative threat assessment – Results used as input for the security design such that appropriate countermeasures are selected Our work: selection and ranking of security controlling strategies driven by quantitative threat analysis – Threat analysis that identifies attack points and paths, and ranks attacks (costs, difficulty,...) – Such enriched information is used for more elaborated controlling strategies that derive the appropriate monitoring rules and select countermeasures.

4 Basics – Threat Analysis Purpose is to create a data base of threats, vulnerabilities and countermeasures – Start from the identification of the assets to protect – identifies the potential vulnerabilities and the related threats – takes into account the severity of the threats – countermeasures plan are defined A vulnerability is represented by a bug, a flaw, a weakness or exposure of an application; a system, a device or a service which could lead to issues of confidentiality, integrity or availability. A threat represents the occurrence of a harmful event, by exploiting one or more vulnerabilities.

5 Basics – Control strategies (1) A control strategy is defined in order to guarantee “security” at run-time. A security policy is expressed over the traces of the system. Guaranteeing security means that the controlled system satisfies security policies.

6 Basics – Control strategies (2) The truncation strategy recognizes bad sequences of actions and halts program execution before security property is violated, but cannot otherwise modify program behavior. The suppression strategy can halt program execution and suppress individual program actions without terminating the program outright. The insertion strategy can insert a sequence of actions into the program actions stream as well as terminate the program.

7 Framework Architecture Threat analysis supported by security models provides information on: – Attackers – Attacks and Attack points (as usual from threat analysis) – Attack paths – Relevance of the path (from a security viewpoint)/necessity of countermeasures – Weights: costs, probabilities Security control strategies – Uses weights, relevance of the paths – Current objective: ranking of quantitative security controlling strategies – Final output is the definition of countermeasures based on the evaluation of the controlled paths

8 High-level Workflow (system) functional requirements dependability and security requirements Threats Analysis Requirements Controlling strategies Design of security countermeasures

9 Use case description Critical system – Several categories of users – Heterogeneous devices Security and Privacy requirements to protect – guarantees that authorized users do not compromise, counterfeit, steal or unnecessarily query data, or do not abuse of the data correlation and data search capacity behind what is strictly necessary for their work.

10 ADVISE formalism 1.Attack Execution Graph (AEG) – attack graph with different nodes: attack steps, access domains, skills, and goals 2. Adversary Profile: the set of items initially owned, proficiency in attack skills, and policies: – payoff, costs, detection risk The algorithm evaluates the reachable states for a planning horizon, and selects the most appealing E. LeMay, M.D. Ford, K. Keefe, W.H. Sanders, C. Muehrcke, “Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)”. QEST 2011: 191-200

11 (Insider) Threat analysis and AEG – resulting AEG Data Theft Attack Execution Graph

12 (insider) Threat analysis and AEG – quantitative results Based on predefined metrics of interest – Attackers; – Critical paths, probability to follow a path; – Critical Attack Steps; – Attack costs; –... AttributesSystem Administrator System Expert Skill800500 Cost00 Detection0.10.4 Payoff1000

13 Quantitative Control strategies We can associate with each trace manipulation a measure, e.g., a cost. Definition of a controller process trough a Generalized Process Algebra in which each step is associated with a value. Definition. Given a path t = (a 1,k 1 ) … (a n,k n ), the label of t is given by (a 1 … a n ) belongs to Act*, and its run weight by |t| = k 1 * … * k n belongs to K, where the product * denotes the product of the considered semiring K. The valuation of a process intuitively corresponds to the sum of all possible quantity of the traces belonging to the process.

14 Is a Control strategies better than another? To select the controller strategy that better fit a set of requirements (e.g., the minimum cost) we associate to each step a value obtained by the threat analysis. where k,k’ denote these values. ;;

15 Next Steps Identification of appropriate Case Study Preliminary version of paper in progress Iterative approach to framework

16

Download ppt "Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea."

Similar presentations

Operating System Security

Operating System Security
Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.
Meeting TENACE PhD Session Fai della Paganella, 11 febbraio 2014 R esilient C omputing L ab A methodology and supporting techniques for the assessment.

Meeting TENACE PhD Session Fai della Paganella, 11 febbraio 2014 R esilient C omputing L ab A methodology and supporting techniques for the assessment.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Software Quality Assurance Plan

Software Quality Assurance Plan
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Ilaria.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Ilaria.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Introducing Computer and Network Security

Introducing Computer and Network Security
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Risk Management.

Risk Management.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Risk Assessment Frameworks

Risk Assessment Frameworks
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google