Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Analysis Natalie Podrazik February 27, 2006 CS 491V/691V.

Published bySuzan Blake Modified over 8 years ago

Similar presentations

Presentation on theme: "Threat Analysis Natalie Podrazik February 27, 2006 CS 491V/691V."— Presentation transcript:

1 Threat Analysis Natalie Podrazik February 27, 2006 CS 491V/691V

2 Natalie Podrazik – natalie2@umbc.edu2 Overview Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations

3 Natalie Podrazik – natalie2@umbc.edu3 Background What is threat analysis? – Potential Attacks/Threats/Risks – Analysis – Countermeasures – Future Preparations NIST’s “Introduction to Threat Analysis Workshop”, October 2005

4 Natalie Podrazik – natalie2@umbc.edu4 Stakes People – Voters – Candidates – Poll Workers – Political Groups – Developers – Board of Elections – Attackers – More... Voting: A System of... – IT – American Politics – Duty – Trust – Inclusion – Safety – Process – Precedence...if it works

5 Natalie Podrazik – natalie2@umbc.edu5 Means of Representation General tactic: – Identify possible attackers – Identify goals of attacker – Enumerate possible ways to achieve goals – Locate key system vulnerabilities – Create resolution plan

6 Natalie Podrazik – natalie2@umbc.edu6 Bruce Sheneier, Dr. Dobb’s Journal, 1999: – Used to “model threats against computer systems” Continual breaking down of goals and means to achieve them Attack Tree Simple Example Cost propagationMultiple Costs

7 Natalie Podrazik – natalie2@umbc.edu7 Attack Tree Evaluation Creation – Refining over time – Realistic costs Advantages – Identifies key security issues – Documenting plans of attack and likelihood – Knowing the system Disadvantages – Amount of documentation – Can only ameliorate foreseen circumstances – Difficult to prioritize/quantize factors Shortened version of an Attack Tree for the interception of a message send with a PGP header.

8 Natalie Podrazik – natalie2@umbc.edu8 Other Means of Representation Threat Catalog – Doug Jones – Attacks -> vulnerabilities -> analysis of defense – Challenges Organization Technology Identity Scale of Attack Fault Tree Analysis – Ensures product performance from software – Attempts to avoid single-point, catastrophic failures

9 Natalie Podrazik – natalie2@umbc.edu9 Challenges Vulnerabilities – System – Process Variety of possible attacks New Field: Systems Engineering Attack Detection Attack Resolution -> too many dimensions to predict all possibilities, but we’ll try to name a few…

10 Natalie Podrazik – natalie2@umbc.edu10 “The Unthinkable”, Part 1 1.Chain Voting 2.Votes On A Roll 3.The Disoriented Optical Scanner 4.When A Number 2 Pencil Is Not Enough 5....we found these poll workers where?

11 Natalie Podrazik – natalie2@umbc.edu11 “The Unthinkable”, Part 2 6.This DRE “fell off the delivery truck”... 7.The Disoriented Touch Screen 8.The Confusing Ballot (Florida 2000 Election) 9.Third Party “Whoopsies” 10.X-ray vision through walls of precinct

12 Natalie Podrazik – natalie2@umbc.edu12 “The Unthinkable”, Part 3 11.“Oops” code 12.Do secure wireless connections exist? 13.I’d rather not have your help, thanks... 14.Trojan Horse 15.Replaceable firmware on Optical Scanners

13 Natalie Podrazik – natalie2@umbc.edu13 “The Unthinkable”, Part 4 16.Unfinished vote = free vote for somebody else 17.“I think I know what they meant by...” 18.Group Conspiracy: “These machines are broken.” 19.“That’s weird. It’s a typo.” 20.Denial of Service Attack

14 Natalie Podrazik – natalie2@umbc.edu14 My Ideas... Write-in bomb threat, terrorist attack, backdoor code Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference Children in the voting booth

15 Natalie Podrazik – natalie2@umbc.edu15 Strategies & Recommendations Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study Tamper Tape Use of “independent expert security team” – Inspection – Assessment – Full Access Use of “Red Team Exercises” on: – Hardware design – Hardware/Firmware configuration – Software Design – Software Configuration – Voting Procedures (not hardware or software, but people and process)

16 Natalie Podrazik – natalie2@umbc.edu16 Conclusions Attack Trees – Identify agents, scenarios, resources, system-wide flaws Challenges: dimensions in system analysis Unforeseen circumstances Independent Team of Experts, but how expert can they be?

17 Natalie Podrazik – natalie2@umbc.edu17 Works Cited 1.All 20 “The Unthinkable” scenarios available at: http://www.vote.nist.gov/threats/papers.htm http://www.vote.nist.gov/threats/papers.htm 2.Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online: http://www.goldbrickgallery.com/bestof2004_2.html http://www.goldbrickgallery.com/bestof2004_2.html 3.Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/Jonesthreattalk.pdf http://www.vote.nist.gov/threats/Jonesthreattalk.pdf 4.Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/mellthreat.pdf http://www.vote.nist.gov/threats/mellthreat.pdf 5.“Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: http://www.brennancenter.org/programs/downloads/voting_systems_final_recomme ndations.pdf: http://www.brennancenter.org/programs/downloads/voting_systems_final_recomme ndations.pdf 6.Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/wackthreat.pdf http://www.vote.nist.gov/threats/wackthreat.pdf 7.Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_treehttp://en.wikipedia.org/wiki/Fault_tree

18 Natalie Podrazik – natalie2@umbc.edu18 Attack Tree: Open Safe The goal of the attacker here is to Open Safe. The means by which he/she accomplishes this is described by each subsequent box. The dotted lines denote the most likely possibilities. Attack Tree…

19 Natalie Podrazik – natalie2@umbc.edu19 Attack Tree: Likelihood by Cost The goal of the attacker here is to Open Safe. The dollar amounts for each box are propagated from the leaf node(s) of each branch, making the most likely estimate along the dotted line, costing $10K to cut open the safe. Note that each parent-child relationship is an implied OR, unless explicitly noted, as in the Eavesdrop action. Attack Tree…

20 Natalie Podrazik – natalie2@umbc.edu20 Attack Tree: Multiple Factors The goal of the attacker here is to Open Safe. Two factors are considered when calculating the most likely (efficient) approach an attacker would take: the use of special equipment and monetary cost to carry out the job. The dotted lines show the best plan of action. Attack Tree…

Download ppt "Threat Analysis Natalie Podrazik February 27, 2006 CS 491V/691V."

Similar presentations

I Think I Voted. E-voting vs. Democracy Prof. David L. Dill Department of Computer Science Stanford University

I Think I Voted. E-voting vs. Democracy Prof. David L. Dill Department of Computer Science Stanford University
Electronic Voting Systems

Electronic Voting Systems
Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.

Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.

TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…

Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA 100823581.

TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
Introduction to Network Defense

Introduction to Network Defense
Absentee Ballot Central Count General Introduction Step by step procedure Forms Tool Kit Dale Simmons, Co-General Counsel: (317) 232-3929 or (800) 622-4941.

Absentee Ballot Central Count General Introduction Step by step procedure Forms Tool Kit Dale Simmons, Co-General Counsel: (317) or (800)
Threat Analysis Lunar Security Services. 2 Overview Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations.

Threat Analysis Lunar Security Services. 2 Overview Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations.

Similar presentations

Ads by Google