Upload File

validation, verification and explanation in a smarter world

  • Home
  • Software
  • Validation, Verification and Explanation in a Smarter World
10
Validating, Verifying and Explaining Security in a Smarter World Arosha K. Bandara 9 April 2015; Bra, Italy

Upload: arosha-bandara

Post on 19-Jul-2015

225 views

Category:

Software


0 download

Report

Tags:

TRANSCRIPT

Page 1: Validation, Verification and Explanation in a Smarter World

Validating, Verifying andExplaining Security in a Smarter WorldArosha K. Bandara9 April 2015; Bra, Italy

Page 2: Validation, Verification and Explanation in a Smarter World

Variable Assets

RisksZero-day Threat

Security Control Failure

Security in a Smarter World

2

Threat

Asset Adaptive Security:Systems that continue to satisfy their security requirements when threats and assets are uncertain / changing.

Attack

Vulnerability

Page 3: Validation, Verification and Explanation in a Smarter World

Validation, Verification & Explanation

● Validation: Will the system protect the assets from security threats? (Have we built the right system?)

● Verification:Has the system been correctly configured to protect the assets from security threats? (Have we built the system right?)

● Explanation:Can we understand the behaviour of the adaptive security system?

Assurances for Adaptive Security

3

Nicholas Morant. National Film Board of Canada. Photothèque. Library and Archives Canada, PA-112911

Page 4: Validation, Verification and Explanation in a Smarter World

Adaptive Security Architecture

4

SecurityMetrics

SecurityDecisionMaking

SecurityControls

Page 5: Validation, Verification and Explanation in a Smarter World

Adaptive Security – VV&E

● Validation: Is the system measuring the right things to determine if a security adaptation is needed and deciding on the right security controls to be deployed?

● Verification: Is the system measuring things and making decisions in the right way?

● Explanation: Can we understand why we are measuring things and the reasons for doing this in particular way?

Security Metrics, Decision Making and Controls

5

Page 6: Validation, Verification and Explanation in a Smarter World

Traceability for VV&E

6

SecurityMetrics

SecurityDecisionMaking

SecurityControls

Security Requirements

Model Causal Relationships

Identify valueof different metrics

RuntimeModels

Page 7: Validation, Verification and Explanation in a Smarter World

Traceability for VV&E

7

SecurityMetrics

SecurityDecisionMaking

SecurityControls

Security Requirements

Model Causal Relationships

Identify valueof different metrics

RuntimeModels

Page 8: Validation, Verification and Explanation in a Smarter World

Traceability for VV&E

8

SecurityMetrics

SecurityDecisionMaking

SecurityControls

Security Requirements

Model Causal Relationships

Identify valueof different metrics

RuntimeModels

Page 9: Validation, Verification and Explanation in a Smarter World

Variable Assets

RisksZero-day Threat

Security Control Failure

Security in a Smarter World

9

Threat

Asset Adaptive Security:Systems that continue to satisfy their security requirements when threats and assets are uncertain / changing.

Attack

Vulnerability

Page 10: Validation, Verification and Explanation in a Smarter World

Final Thoughts

● Are there are specific issues for validating, verifying and explaining adaptive security systems?●  e.g., Assets, Threats, Attackers, Vulnerabilities

● Can we use decision analysis techniques to determine the best metrics and measurement methods to drive adaptation?

● How do the runtime models need to extended to support validation, verification and explanation for adaptive security?

Comments and Questions

10


Smarter Balanced Assessment Consortium · ELA_Practice Test Scoring Guide Grade 8 PT.docx15 (0 points) Response is an explanation that is incorrect, irrelevant, insufficient, or blank

Smarter Moves in IMRT QA - Telenet.beusers.telenet.be/CCURIE/Octavius 1500 Bro_en_91313902_00.pdf · 2015-11-19 · Highlights OCTAVIUS 1500: Patient plan verification with VeriSoft

Smarter collaboration for Smarter planet

Smarter City, Smarter Policy: Crowd Monitoring

NAVIGATING VUCA IN BUILDING A SMARTER PLANET Smarter Business Requires Smarter Information

Enabling Smarter Media Buying with - Google Searchservices.google.com/fh/files/blogs/wp_dfa_adverification_oct2012.pdf · Enabling Smarter Media Buying with Ad Verification ... Finally,

Smarter Traffic Management and Smarter Transportation Systems

Smarter Cities/ Smarter Mobility - Northwestern University

IBM Smarter Storage for Smarter Computing

Smarter CRM for smarter commerce (french)

Smarter Planet. Smarter Buildings - home | SinBerBESTsinberbest.berkeley.edu/sites/default/files/Smarter... · 2020-01-06 · Smarter Planet. Smarter Buildings Ching-Hua Chen-Ritzo

Simply Smarter Communications for Smarter Working

Explanation of the ozone hole and verification of the connections between ozone depleting substances and the ozone hole A.R. (Ravi) Ravishankara NOAA,

GSMA Smarter Apps for Smarter Phones

Smarter Testing Through Smarter Testers

An Explanation of Mobile Verification and SMS Voting for the Spark The Rise Grand Finale

PRE-SHIPMENT INSPECTION PROGRAMME63809ff2-4209...will contact the seller to obtain additional information or explanation to facilitate price verification or to support the seller’s

Work smarter. Live smarter. Play smarter. Fly smarter.€¦ · Real-time data = Smarter pilots. Let’s stay connected. With inflight Wi-Fi, everyone on board can fly smarter by having

Smarter Cloud for Smarter Government - ITFINDitfind.or.kr/smartkorea/2010/12/S1-3.pdf · Smarter Cities Cloud Platform Smarter Government needs provide basis for IBM’s Smarter Cloud

Constitutional explanation Vs. Layman's explanation

Smarter Information, Smarter Consumers-1

Smarter Phones Smarter Moves

ET AL.: EXPLANATION BASED HANDWRITING VERIFICATION … · Mohammad Abuzar Shaikh [email protected] Sargur N. Srihari [email protected] State University of New York at Buffalo

2D Barcode Verification Process Implementation · PDF fileGS1 2D Barcode Verification Process Implementation Guideline developed with the intention of providing a clear explanation

Veterans First Verification Program - U.S. Department of ... · Veterans First Verification Program ... (P.L.) 109-461 entitled ... business documents or Detailed Letters of Explanation

The Philippine Smarter Cities Initiative: Building Smarter Cities Towards a Smarter Philippines

Smarter Balanced Assessment Consortium...The response provides an adequate explanation of how information in Source #1 refutes information in Source #2, but does not appropriately

Ohm’s Law Explanation and Verification Brett MacDonald Andrew Misquita Michael Ramsay Dec.15/09

Smarter Software for Smarter Governments

Creating a Smarter Workforce - Smarter Business 2013

Ohm’s Law Explanation and Verification

Ohm’s Law Explanation and Verification

Fire Alarm Control Panel - Mircom | Safer, Smarter, More ... System Verification ..... 12 1.5 Standby Power ..... 12 1.6 Battery Maintenance ..... • system wiring has been altered

Informed and Interconnected: A Manifesto for Smarter Cities Files/09-141.pdf · A Smarter Planet = Smarter Cities; Smarter Cities = Smarter Communities INTRODUCTION: THE FUTURE PROMISE

STS. Smarter devices. Smarter test systems