Practical and Theoretical Issues on Adaptive Security

1
Practical and Theoretical Issues on Adaptive
Security

• Alexander Shnitko
• Novosibirsk State Technical University

2
Structure of the presentation

• Introduction
• Motivation for adaptive security
• Common problem definition
• Formalization
• General adaptive model
• Mathematical description
• Methods of solution
• Contribution to practical tasks
• Adaptation for different types of security tasks
• Illustrative samples of the adaptation
• Implementation issues
• Verification issues
• Related works
• Conclusions

3
Complex security systems
Theoretical issues

• Adaptive security problem definition
• Security process couldnt be predetermined
• Complete formalization couldnt be provided
• Environment is complex and heterogeneous
• Important practical security factors
• Secondary place in overall information
  infrastructure
• Explicitly cross-disciplinary subject
• Non uniform foundations for security tools and
  methods
• Related trends in information security
• International standardization (ISO 17799, 15408,
  Industry ISS, Capgemini)
• Unifying local solutions to develop universal
  solutions
• Fuzzy problem definitions

Practical issues
4
Adaptive information security
Contribute to different types of security tasks

• Object of adaptation
• General and special information security
  functions
• Hardware and software information security tools
• Overall information security system
• Goals of adaptation
• Security object and environment identification
• Security process performance optimization
• General improving of information security
• Types of adaptation
• Parameters adaptation
• Structure adaptation
• Goal adaptation

Several tasks for adaptive security
Simple and complex methods of the adaptation
5
Levels of security adaptation
Communication protocols, special software and
hardware
Servers, Workstation, special software and
hardware tools
Local software and hardware
Cryptography, security models, etc.
6
General Adaptive Security Model
Environment
X /
U /
Analyzer Device
Detector Device
Responder Device
Complex Security System
Control Device
F
U
X
Y
Control Object
Influence of the Environment
Influence on the Environment
7
Common formalization

• A task of adaptation is considered as a problem
  of optimal control of specified object F. State S
  of the object and its influence Y on the
  environment depends on influences Y of the
  environment and set of adaptable factors U. Goals
  Z of the adaptive control are defined by specific
  constraints on the state of the object.

• Security goals expressed as formal constraints
  on the state of the system
• Control Theory notions is used to describe
  dynamic security processes

8
Mathematical formalization
Constraints expressed as
Where Mx is a function for average-out by the
states of the environment, and h/, g/, q/ is
actually measured systems parameters
9
Adaptive algorithms
adoptable parameters vector and vectors of the
values of the criterion function measured from
till moments of time
recurrent algorithm of the adaptation
Process of adaptation in the adoptable factors
space
Process of adaptation in the system states space
10
Adaptation on different levels

• Formal methods
• Model treated in notion of building blocks of
  formal algorithms
• Integration of special adaptive algorithms in
  traditional tasks
• Standalone workstation
• Adaptation in TCB
• Fuzzy definition and special adaptive algorithms
• Local network
• Adaptation in servers, workstations and security
  perimeter
• Evolutionary adaptation in agent-based models
  (cyber-warfare)
• Distributed network
• Adaptation in information channels
• Redundancy and adaptive optimization

11
Illustrative samples

• Adaptive self-scanning
• Level of adaptation Workstation or Local Network
  level
• Goals Improve general availability, decrease
  risk of DDoS attack
• Solutions Optimized searchless adaptive
  algorithms
• Security policy adaptation
• Level of adaptation Workstation or Local Network
• Goals Improve overall security, decrease risk of
  attack propagation
• Solutions Special stochastic adaptive algorithms

12
Implementation issues

• Obstacles for the implementation
• Complexity of correct definition of goals and
  restrictions
• Necessity of continuous system and environment
  identification
• Speed requirements for the adaptive algorithms
• Some methods of solution
• Redundancy and optimization
• Expert and analytical data usage
• Special algorithms from the Control Theory

13
Verification issues

• Correct integration of adaptive security
• Building secure system from insecure components
• Multi-level security
• Testing of practical adaptive systems
• Specification testing
• Stressful testing
• Statistical contributions

14
Related work

• Adaptation in special information security tasks
• Carney M., Loe B., A Comparison of Methods for
  Implementing Adaptive Security Policies
• Reiher P., Eustice K., Sung K.-M., Adapting
  Encrypted Data Streams in Open Architectures
• Lee W., Cabrera J., Thomas A., Balwalli N.,
  Saluja S., Zhang Y., Performance Adaptation in
  Real-Time Intrusion Detection Systems
• Adaptation in broader context
• Badrinath B., Fox A., Kleinrock L., Popek G.,
  Reiher P., Satyanarayanan M., A Conceptual
  Framework for Network and Client Adaptation
• Marcus L., Local and Global Requirements in an
  Adaptive Security Infrastructure

15
Conclusions

• Adaptation in Security Context
• Advantages
• Contribution to the real-world information
  security with fuzzy definition and uncertain
  conditions
• Access to the methods and tools from the Control
  Theory for the needs of the adaptation
• Disadvantages
• Effectiveness is very dependant on the correct
  definition of security goals
• The additional resources required for the
  adaptation processes
• Further work
• Development and analysis of adaptive algorithms
  for specific security problems
• Research of the usage of statistical methods for
  optimization and verification of the adaptive
  systems

16
Thank you!