petri net modelling of physical vulnerability
DESCRIPTION
The sildes are relative to the presentation of an omonymous paper at the 6th international conference on critical information infrastructure security (CRITIS 2011).The paper is about the evaluation of the vulnerability of a physical protection system by the use of an extensible and customizable Petri Net model.TRANSCRIPT
Petri Net ModellingPetri Net Modelling of Physical Vulnerability of Physical Vulnerability
F. Flammini, S. Marrone, N. Mazzocca, V. Vittorini
Stefano Marrone
Dept. of Mathematics
Second University of Naples
CRITIS 2011September 8-9, 2011Luzern, Switzerland
OutlineOutline
Evaluation of physical protectionChallenges in vulnerability modellingPetri Net vulnerability modelsEvaluation on case studiesConclusions
2
S. Marrone - Petri Net Modelling of Physical Vulnerability
Evaluation of physical Evaluation of physical protectionprotection
Physical security needs quantitative risk assessement◦ Certification◦ design protections and countermeasures◦ cost/benefits tradeoffs
Mathematical and formal models must be used◦ risk assessement methodology◦ widespread in both academia and industry◦ simpler than analyzing the system!!
3
S. Marrone - Petri Net Modelling of Physical Vulnerability
Evaluation of physical Evaluation of physical protectionprotection
Risk model:R = P V D
Pros:◦ simple◦ effective
Cons◦ does not take into account mutual
influences◦ not associated with a methodology
4
S. Marrone - Petri Net Modelling of Physical Vulnerability
Frequency of the Threat
Likelihood that attack
is successful
Damage an attack provokes
Challenges in vulnerability Challenges in vulnerability modellingmodelling
Vulnerability◦ (information security): weakness of a system
which allows attackers to reduce security◦ (physical security): probability for an attacker
to have success against system protectionsHennessey’s model
5
S. Marrone - Petri Net Modelling of Physical Vulnerability
effectiveness
detection
interruptionneutralizati
on
sensing
assessement
Challenges in vulnerability Challenges in vulnerability modellingmodelling
At language level◦ strong mathematical foundation◦ intuitive and user-friendly
At model level◦ usable◦ customizable◦ trustable
6
S. Marrone - Petri Net Modelling of Physical Vulnerability
Petri Nets
Compositional
extensible approach
Petri Net vulnerability ModelsPetri Net vulnerability Models
The models relate time intervals (latencies) with probabilities of the Hennessey model
◦ no deterrent effects (independence of “PVD” factors)
◦ simple instantiation of system parameters◦ simple calculation of results
(multiplication)
◦ Probability of interruption (PI)
7
S. Marrone - Petri Net Modelling of Physical Vulnerability
Petri Net vulnerability ModelsPetri Net vulnerability Models
8
S. Marrone - Petri Net Modelling of Physical Vulnerability
Basic vulnerability model
reaction delay(sensing, assessement,
response)
delay to accomplish attack
Petri Net vulnerability ModelsPetri Net vulnerability Models
9
S. Marrone - Petri Net Modelling of Physical Vulnerability
Detecting failure
Complex Defense Path
Petri Net vulnerability ModelsPetri Net vulnerability Models
10
S. Marrone - Petri Net Modelling of Physical Vulnerability
Two phased attack
Evaluation on case studiesEvaluation on case studies
11
S. Marrone - Petri Net Modelling of Physical Vulnerability
Anti-theft (e.g. critical server in a technical room)
Probability
Latency
Sensing (magnetic switches) PS = 98% LS = 5 sec
Assessment (control room) PA = 95% LA = 45 sec
Response (remote guards) PN = 95% LR = 180 sec
Attack accomplishment (disconnect server and get out of room)
LT =120 sec
PI is evaluated by Petri Net analysis
PI = 34% V = 0.7
Evaluation on case studiesEvaluation on case studies
12
S. Marrone - Petri Net Modelling of Physical Vulnerability
CBRNe (e.g. metro railway application)
Probability
Latency
Sensing (CBRNe detectors) PS = 95% LS = 15 sec
Assessment (detection of source in crowded area)
PA = 95% LA = 30 sec
Response (local guards) PN = 95% LR = 30 sec
Attack accomplishment (deflagrate, etc...)
LT = 30 sec
PI = 29% V = 0.75
Evaluation on case studiesEvaluation on case studies
13
S. Marrone - Petri Net Modelling of Physical Vulnerability
CBRNe (e.g. metro railway application)What if:
◦ Computer based assessement LA = 2 sec
◦ Automatic blocking of turnstile doors LR = 3 sec
PI = 60% V = 0.44
ConclusionsConclusions
Physical vulnerability modelling can be a hard task because:◦ complexity and
heterogeneity of systems◦ evaluation results must
be trustable...◦ usability/completeness
tradeoff
14
S. Marrone - Petri Net Modelling of Physical Vulnerability
George E. P. Box (statistician)
Essentially, all models are wrong,
but some are useful
Safecomp 2011Safecomp 2011
International Conference onComputer Safety, Reliability and Security
Naples, Italy19 / 21 September 2011 - Main Conference
22 September 2011 - Tutorials and Workshops Day
15
S. Marrone - Petri Net Modelling of Physical Vulnerability
Key themeSafety and security of computer-based systems and infrastructures:
from risk assessment to threat mitigation