Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Modeling and Sharing. Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX.

Published byRosanna McCormick Modified over 9 years ago

Similar presentations

Presentation on theme: "Threat Modeling and Sharing. Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX."— Presentation transcript:

1 Threat Modeling and Sharing

2 Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX PSM with UML Profile for NIEM – Expand to other PSM, create Threat Meta Model – Expand to non-cyber domains Community focused – Leverage existing work (STIX, OpenIOC, IODef, SI*, etc.) – Connect to stakeholder within OMG and external

3 Motivation Threat information sharing critical enabler for ‘wire-speed’ defense of complex systems Information sharing requires shared concepts for subject area – NIEM is used by US federal, state, and local government, as well as internationally – STIX is being adopted by a large number of users – Snort rules are common for IDS Multiple protocols, languages, and models used throughout industry today, but: – Re-use of existing protocols for threat exchange (e.g. IODef) – Focus on threat indicators/signature and classification (e.g. STIX, OpenIOC) Desire to have traceability from indicators to threat actors and their motivation/intent – Leverage existing work performed by social modeling and behavior groups, e.g. SI* Some integration with other enterprise systems, but no comprehensive approach

4 Motivation – Clarification This is NOT to concentrate threat sharing and modeling at OMG – No desire to ‘take over’ from successful approaches such as STIX or OpenIOC – Collaboration with non-OMG member will be critical for success Focus on development of meta- model and semantic interoperability for – broadening view on, and – identifying specific areas of improvement Leverage strength of MDA to threat sharing STIX Threat Models Today are – at best – ad hoc coordinated OpenIOC IODef SI* NIEM Snort Rules Point-to-Point mapping

5 Approach Multi-Phase Approach – Start with initial mapping of existing concepts (STIX Data Model NIEM UML Profile – Develop meta-model for threat modeling and expand scope – Include non-cyber domains Include creation of Platform Independent Model (PIM) and Platform Specific Models (PSM) that represent STIX, OpenIOC Include social model of threat actors, campaigns, motivation – E.g. through leveraging SI* framework concepts Integrate with – NIEM 3.0 – Common Alerting Protocol (CAP) – Other applicable systems Extend beyond cyber threat sharing – Non-cyber domain integration – Sharing of countermeasure for specific threats

6 Phase 1 Create “Cyber Domain PIM” utilizing UML Profile for NIEM to model STIX information exchange – NIEM profile exists today – STIX has currently richest model and broadest interest base Expected output: Specification that includes – Cyber Domain PIM – STIX PSM Rationale: fairly easy to achieve, concretization of a Cyber Domain PIM that can serve as basis for meta- model or semantic models for other platforms

7 Phase 2 Richer social and behavioral modeling, e.g.: – Leverage of SI* framework concepts of modeling social actors and their behavior – Integration with CORAS modeling – Inclusion of XORCISM approaches Expansion of Cyber Domain PIM, adding new PSMs, and/or development of Threat Meta-Model – OpenIOC, IODef, XORCISM, SI*, Snort Rules, etc.

8 Phase 3 (notional) Non-cyber domain modeling – Integration with existing threat models for law-enforcement, defense, emergency preparedness – Develop common threat ontology, based on threat meta-model – Provide cross-domain capabilities, e.g. for describing complex campaigns – Include domains such as Supply Chain Risk Management (SCRM), Digital Forensics (e.g. SCOX, DFXML), etc. Countermeasure modeling – Develop consistent model for countermeasures – Allow mapping of countermeasures to threat – Countermeasure sharing to facilitate automatic mitigation of known threats

9 Goals Enable conceptual interoperability of existing systems – Validate existing mappings (e.g. STIX/OpenIOC) and allow mapping of new PSMs (NIEM Threat Sharing PSM, SI*, XORCISM, etc.) to each other Enable simplified creation of automated threat sharing systems – Tools-supported code generation – Semantic interoperability through shared ontology Enable automatic threat mitigation – Include mitigation recommendations in modeling to enable wire-speed defense Improve attribution capabilities by including richer characterization of social domain in actor/campaign classification – Full traceability from observed indicators to social and individual motivation and intent

10 Notional Timeline

Download ppt "Threat Modeling and Sharing. Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX."

Similar presentations

© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.

© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.
Interoperability Standards for Information Sharing and Safeguarding PM-ISE Slide 1 | Unclassified | Notional | DRAFT.

Interoperability Standards for Information Sharing and Safeguarding PM-ISE Slide 1 | Unclassified | Notional | DRAFT.
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.

Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Profiles Construction Eclipse ECESIS Project - 1 - Construction of Complex UML Profiles UPM ETSI Telecomunicación Ciudad Universitaria s/n Madrid 28040,

Profiles Construction Eclipse ECESIS Project Construction of Complex UML Profiles UPM ETSI Telecomunicación Ciudad Universitaria s/n Madrid 28040,
Modeling Services Model Interoperability Xavier Blanc – University Paris VI.

Modeling Services Model Interoperability Xavier Blanc – University Paris VI.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.

ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.
Catherine Hoang Ioana Singureanu Greg Staudenmaier Detailed Clinical Models for Medical Device Domain Analysis Model 1.

Catherine Hoang Ioana Singureanu Greg Staudenmaier Detailed Clinical Models for Medical Device Domain Analysis Model 1.
Production Rule Representation Team Response Presentation to BEIDTF OMG Montreal Aug 2004 Ruleml.org.

Production Rule Representation Team Response Presentation to BEIDTF OMG Montreal Aug 2004 Ruleml.org.
OMG Architecture Ecosystem SIG Federal CIO Council Data Architecture Subcommittee May 2011 Cory Casanave.

OMG Architecture Ecosystem SIG Federal CIO Council Data Architecture Subcommittee May 2011 Cory Casanave.
Architecture-Driven Modernization Platform SIG KDM RFP.

Architecture-Driven Modernization Platform SIG KDM RFP.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Formal Techniques in Software Engineering Universiteit AntwerpenIntroduction 1.1 Formal Techniques in Software Engineering 3de BAC Informatica Chapter.

Formal Techniques in Software Engineering Universiteit AntwerpenIntroduction 1.1 Formal Techniques in Software Engineering 3de BAC Informatica Chapter.
MDA > Model Driven Architecture > Orçun Dayıbaş > December, 2006 > METU, Ankara.

MDA > Model Driven Architecture > Orçun Dayıbaş > December, 2006 > METU, Ankara.
MDA – Model Driven Architecture: An introduction Franco Flore Senior Product Manager.

MDA – Model Driven Architecture: An introduction Franco Flore Senior Product Manager.
Amit, Keyur, Sabhay and Saleh Model Driven Architecture in the Enterprise.

Amit, Keyur, Sabhay and Saleh Model Driven Architecture in the Enterprise.
Secure Middleware (?) Patrick Morrison 3/1/2006 Secure Systems Group.

Secure Middleware (?) Patrick Morrison 3/1/2006 Secure Systems Group.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.

Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.

Similar presentations

Ads by Google