Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.

Meeting TENACE PhD Session Fai della Paganella, 11 febbraio 2014 R esilient C omputing L ab A methodology and supporting techniques for the assessment.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Software Quality Assurance Plan

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Ilaria.

Effective Design of Trusted Information Systems Luděk Novák,

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Lecture 1: Overview modified from slides of Lawrie Brown.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

Introducing Computer and Network Security

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

By: Ashwin Vignesh Madhu

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Risk Management.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Risk Assessment Frameworks

Computer Security: Principles and Practice

SEC835 Database and Web application security Information Security Architecture.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

CSCE 548 Secure Software Development Risk-Based Security Testing.

G53SEC Computer Security Introduction to G53SEC 1.

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

A Framework for Automated Web Application Security Evaluation

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Querying Structured Text in an XML Database By Xuemei Luo.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Information Security What is Information Security?

What’s MPEG-21 ? (a short summary of available papers by OCCAMM)

1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.

Alaa Mubaied Risk Management Alaa Mubaied

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Describing Early Security Requirements using Use Case Maps Jameleddine Hassine King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia

SecSDLC Chapter 2.

Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Using system security metrics to enhance resiliency Dr. Sara Bitan ENGINEERING RESILIENT & ROBUST SYSTEMS 24-Jan-2011 Bitan: Using system security metrics.

Developing GRID Applications GRACE Project

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 16 – IT Security.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 4: Security Management.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Information Systems Security

Database and Cloud Security

Risk management.

Information Security Principles and Practices

CSCE 548 Secure Software Development Risk-Based Security Testing

ISSeG Integrated Site Security for Grids WP2 - Methodology

Yves Deswarte Contribution of Quantitative Security Evaluation to Intrusion Detection Yves Deswarte RAID’ September.

Cyber security Policy development and implementation

Chapter 1 Key Security Terms.

ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions

Presentation transcript:

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea Ceccarelli, Ilaria Matteucci, Felicita Di Giandomenico Fai della Paganella - February 12, 2014

Outline 1.General description of work 2.Basics 3.Architecture/Framework 4.Use case 5.Conclusions and future works

General description of the work Security analysis and design are key activities for the protection of critical systems and infrastructure. Traditional approaches: – Apply a qualitative threat assessment – Results used as input for the security design such that appropriate countermeasures are selected Our work: selection and ranking of security controlling strategies driven by quantitative threat analysis – Threat analysis that identifies attack points and paths, and ranks attacks (costs, difficulty,...) – Such enriched information is used for more elaborated controlling strategies that derive the appropriate monitoring rules and select countermeasures.

Basics – Threat Analysis Purpose is to create a data base of threats, vulnerabilities and countermeasures – Start from the identification of the assets to protect – identifies the potential vulnerabilities and the related threats – takes into account the severity of the threats – countermeasures plan are defined A vulnerability is represented by a bug, a flaw, a weakness or exposure of an application; a system, a device or a service which could lead to issues of confidentiality, integrity or availability. A threat represents the occurrence of a harmful event, by exploiting one or more vulnerabilities.

Basics – Control strategies (1) A control strategy is defined in order to guarantee “security” at run-time. A security policy is expressed over the traces of the system. Guaranteeing security means that the controlled system satisfies security policies.

Basics – Control strategies (2) The truncation strategy recognizes bad sequences of actions and halts program execution before security property is violated, but cannot otherwise modify program behavior. The suppression strategy can halt program execution and suppress individual program actions without terminating the program outright. The insertion strategy can insert a sequence of actions into the program actions stream as well as terminate the program.

Framework Architecture Threat analysis supported by security models provides information on: – Attackers – Attacks and Attack points (as usual from threat analysis) – Attack paths – Relevance of the path (from a security viewpoint)/necessity of countermeasures – Weights: costs, probabilities Security control strategies – Uses weights, relevance of the paths – Current objective: ranking of quantitative security controlling strategies – Final output is the definition of countermeasures based on the evaluation of the controlled paths

High-level Workflow (system) functional requirements dependability and security requirements Threats Analysis Requirements Controlling strategies Design of security countermeasures

Use case description Critical system – Several categories of users – Heterogeneous devices Security and Privacy requirements to protect – guarantees that authorized users do not compromise, counterfeit, steal or unnecessarily query data, or do not abuse of the data correlation and data search capacity behind what is strictly necessary for their work.

ADVISE formalism 1.Attack Execution Graph (AEG) – attack graph with different nodes: attack steps, access domains, skills, and goals 2. Adversary Profile: the set of items initially owned, proficiency in attack skills, and policies: – payoff, costs, detection risk The algorithm evaluates the reachable states for a planning horizon, and selects the most appealing E. LeMay, M.D. Ford, K. Keefe, W.H. Sanders, C. Muehrcke, “Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)”. QEST 2011:

(Insider) Threat analysis and AEG – resulting AEG Data Theft Attack Execution Graph

(insider) Threat analysis and AEG – quantitative results Based on predefined metrics of interest – Attackers; – Critical paths, probability to follow a path; – Critical Attack Steps; – Attack costs; –... AttributesSystem Administrator System Expert Skill Cost00 Detection Payoff1000

Quantitative Control strategies We can associate with each trace manipulation a measure, e.g., a cost. Definition of a controller process trough a Generalized Process Algebra in which each step is associated with a value. Definition. Given a path t = (a 1,k 1 ) … (a n,k n ), the label of t is given by (a 1 … a n ) belongs to Act*, and its run weight by |t| = k 1 * … * k n belongs to K, where the product * denotes the product of the considered semiring K. The valuation of a process intuitively corresponds to the sum of all possible quantity of the traces belonging to the process.

Is a Control strategies better than another? To select the controller strategy that better fit a set of requirements (e.g., the minimum cost) we associate to each step a value obtained by the threat analysis. where k,k’ denote these values. ;;

Next Steps Identification of appropriate Case Study Preliminary version of paper in progress Iterative approach to framework