ranking of security controlling strategies driven by quantitative threat analysis
Post on 24-Feb-2016
40 Views
Preview:
DESCRIPTION
TRANSCRIPT
Ranking of security controlling strategies
driven by quantitative threat analysis.
Tavolo 2: "Big data security evaluation" UNIFI-CNR
Nicola Nostro, Ilaria Matteucci, Andrea Ceccarelli, Felicita Di Giandomenico,
Fabio Martinelli, Andrea Bondavalli
Outline
1.General description of work2.Basics3.Architecture/Framework4.Use case5.Conclusions and future works
Fai della Paganella
1. General description of work2. Basics3. Architecture/Framework
General description of the work
• Security analysis and design are key activities for the protection of critical systems and infrastructure.
• Traditional approaches:– Apply a qualitative threat assessment– Results used as input for the security design such that
appropriate countermeasures are selected• Our work: selection and ranking of security controlling
strategies driven by quantitative threat analysis– Threat analysis that identifies attack points and paths, and
ranks attacks (costs, difficulty, ...)– Such enriched information is used for more elaborated
controlling strategies that derive the appropriate monitoring rules and select countermeasures.
Framework Architecture
• Threat analysis supported by security models provides information on:– Attackers– Attacks and Attack points (as usual from threat analysis)– Attack paths– Relevance of the path (from a security viewpoint)/necessity of
countermeasures– Weights: costs, probabilities
• Security control strategies– Uses weights, relevance of the paths– Current objective: ranking of quantitative security controlling
strategies– Final output is the definition of countermeasures based on the
evaluation of the controlled paths
High-level Workflow
(system) functional requirements
dependability and security requirements
Threats AnalysisRequirements Controlling strategies
Design of security countermeasures
Next Steps –Fai della Paganella
• Identification of appropriate Case Study
• Preliminary version of paper in progress
• Iterative approach to framework
What’s new!
• CEMS use case• Submission to DEVVARTS workshop @
SAFECOMP– DEvelopment, Verification and VAlidation of
cRiTical Systems
Customer Energy Management System
A Customer Energy Management System (CEMS) is an application service or device that communicates with devices in the home.It may have interfaces to the meter to read usage data or to the operations domain to get pricing or other information to make automated or manual decisions to control energy consumption more efficiently.
Man in the Middle Attack
• In MIM attack an opponent captures messages exchanged between the EMG and the CEMS.
• It can – partially alter the content of the messages– Delay messages– reorder messages to produce an unauthorized effect– collect information without altering the content of
the messages• violation of integrity, availability or
confidentiality.
Two profiles: Criminal and Hacker
Is a Control strategies better than another?
To select the controller strategy that better fit a set of requirements (e.g., the minimum cost) we associate to each step a value obtained by the threat analysis.
where k, k’ denote these values.
; ;
Quantitative Control strategies
Definition. Given a path t = (a1,k1) … (an,kn), the label of t is given by (a1 … an) belongs to Act*, and its run weight by |t| = k1 * … * kn belongs to K, where the product * denotes the product of the considered semiring K.
The valuation of a process intuitively corresponds to the sum of all possible quantity of the traces belonging to the process.
Given an attack F, and a semiring K, a controller E2 is better than a controller E1 w.r.t. F the valuation of E1 on F is less then the valuation of E2 on F.
NOTE: the interested reader will find all the evaluations in the paper….
Additional information
• The paper is going to be submitted to DEVVARTS
• We will add also proability of attack as measure for driving the definition of security countermeasures
• Future work: deploy the selected controlling system into the system and evaluate the global system.
top related