SlideShare ist ein Scribd-Unternehmen logo

VIKING cluster meeting 1

Als PPTX, PDF herunterladen
F
fcleary
Technologie
1 von 19
Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
SCADA/Industrial Control system security
The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
[Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
[Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
The tool http://www.kth.se/ees/omskolan/organisation/avdelningar/ics/research/eat
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
Collaboration/usage – VIKING’s “EA models for security analysis” Theory/Modeling language: ,[object Object]

Empfohlen

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 

Empfohlen

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
LogicMindtech Nologies
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
Vijay Karan
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
Shakas Technologies
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
Anton Chuvakin
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
LogicMindtech Nologies
 
22
2222
22
Technology_solution
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEEMEMTECHSTUDENTPROJECTS
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
JPINFOTECH JAYAPRAKASH
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
Hassan Rizwan
 
Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
bauml
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
Andrea Giuliano
 

Weitere ähnliche Inhalte

Was ist angesagt?

SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 

Was ist angesagt? (20)

Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
Ch01
Ch01Ch01
Ch01
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
 
22
2222
22
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
 

Andere mochten auch

Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
Louzel Linejan
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
Jay-R Diacamos
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
songoten77
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
Jester Paquera
 

Andere mochten auch (14)

Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
 
Coherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architectureCoherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architecture
 
Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3
 
Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
 
Benefit Of Computer
Benefit Of ComputerBenefit Of Computer
Benefit Of Computer
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
 
Validity and Reliability
Validity and ReliabilityValidity and Reliability
Validity and Reliability
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnaires
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
 
Precision attachments
Precision attachmentsPrecision attachments
Precision attachments
 
multimedia element
multimedia elementmultimedia element
multimedia element
 
Benefits Of Computer Software
Benefits Of Computer SoftwareBenefits Of Computer Software
Benefits Of Computer Software
 

Ähnlich wie VIKING cluster meeting 1

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
maribethy2y
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
IJEACS
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
UltraUploader
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
Konstantinos Demertzis
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
Alan Quayle
 

Ähnlich wie VIKING cluster meeting 1 (20)

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
 
Presentation copy
Presentation copyPresentation copy
Presentation copy
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
 
F0341026029
F0341026029F0341026029
F0341026029
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
 

Mehr von fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
fcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 

Mehr von fcleary (20)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Syssec
SyssecSyssec
Syssec
 
Nessos
NessosNessos
Nessos
 
Tdl
TdlTdl
Tdl
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

VIKING cluster meeting 1

  • 1. Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
  • 3. The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
  • 4. Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
  • 5. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 6. This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
  • 7. We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
  • 8. Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
  • 9. [Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
  • 10. [Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
  • 11. Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
  • 12. Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
  • 13. What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
  • 14. Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
  • 15. Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
  • 17. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 18. Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
  • 19.
  • 20. Find ways to simplify it
  • 22. Combine with some other modeling language
  • 23.
  • 24. Develop support for automated data collection