Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

Published byNancy Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000."— Presentation transcript:

1 A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000

2 The Problem Security incident data compiled by many sources Lack of agreement between security incident terms used by different sources Unable to combine and compare data for useful analysis

3 Common Language Project Cooperation between Sandia National Labs and CERT/CC Develop a minimum set of high-level terms for security incidents Flexible enough to allow site-specific low-level terms Develop taxonomy for these terms Classification scheme that defines the terms and their relationships

4 Satisfactory Taxonomy Characteristics Mutually exclusive Exhaustive Unambiguous Repeatable Accepted Useful

5 Review of Previous Taxonomies List of terms Trap doors, IP spoofing, dumpster diving List of categories Social engineering, denial-of-service Results categories Corruption, denial Empirical lists External abuse of resource, masquerading Matrices Vulnerabilities vs. potential perpetrators Action-based Interruption, interception

6 CLP Incident Taxonomy Events An action directed at a target intended to change the state of that target* Action A step taken by a user or process in order to achieve a result* Target Logical entity Data, account Physical entity Computer, network * The IEEE Standard Dictionary of Electrical and Electronics Terms, Sixth Edition, 1996.

7 CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event

8 CLP Incident Taxonomy Attacks Use of a tool to exploit a vulnerability to perform an action on a target in order to achieve an unauthorized result Tool Means or method by which a vulnerability is exploited Vulnerability System weakness in which unauthorized access can be gained Unauthorized result An consequence of an the event phase of an attack

9 CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event Unauthorized Result Increased Access Disclosure of Information Corruption of Data Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Attack Information Exchange User Command Script or Program Autonomous Agent Toolkit Data Tap Distributed Tool attack

10 CLP Incident Taxonomy Incident A distinct group of attacks involving specific attackers, attacks, objectives, sites, and timing Attacker Individual(s) who use one or more attacks to reach an objective Objective End goal of an incident

11 CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event Unauthorized Result Increased Access Disclosure of Information Corruption of Data Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Attack Information Exchange User Command Script or Program Autonomou s Agent Toolkit Data Tap Distributed Tool attack Attackers Hackers Spies Terrorists Corporate Raiders Profession Criminals Vandals Voyeurs Objectives Challenge, status, thrill Political gain Financial gain Damage incident

12 CLP Incident Taxonomy Other terms Site and site name Dates Incident numbers Corrective action

13 Future Plans Implement common language Database Analysis of data Forensics Trending Insight into hacker objectives and motives Sharing of data between response teams

Download ppt "A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.

11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Similar presentations

Ads by Google