Adaptive Risk Management System (ARMS)

1
Adaptive Risk Management System (ARMS)

• Mihaela Ulieru

Network and Information Security Workshop, Halifax
2
IMMUNITY IN CYBERSPACE
Information Ecosystem (Global Open Dynamic
Interactive EVERYONE)
New Business Models (Strategic Partnerships)
Self-Organizing
Mirroring Biological Behavior
SOFTWARE-DRIVEN
NEW THREATS!
3
Victim or Perpetrator ?

• Only those who risk going too far can possibly
  find out how far one can go T. S. Elliott
• VICTIM can you trust your computer?
• PERPETRATOR how far can I go without being
  caught?

4
Risk Management Approach to Security

• Risk management is at the core of security and
  trust
• Risk analysis - the process of evaluating system
  vulnerabilities and the threats facing it
• Risk analysis involves ability to trust our
  judgement as well as the reliability and security
  or predictability of the environment in which the
  analysis is performed.
• We must also be able to trust that our privacy is
  not at risk.

5
CIP Frameworkhttp//www2.nr.no/coras/
CORAS A Platform for Risk Analysis of
Security-Critical Systems
6

• Risk analysis aids in developing a security
  strategy and provides the basis for establishing
  a cost-effective security program that minimizes
  the effects of risk.

7
Integrated Approach to Security
8
Security Risk Analysis

• Should indicate
• (1) the current level of risk (Risk metrics),
• (2) the likely consequences, and
• (3) what to do about it if the residual risk is
  too high.

9
Risk Metrics
10
Risk Analysis Terminology

• Asset - Anything with value and in need of
  protection.
• Threat - An action or potential action with the
  propensity to cause damage.
• Vulnerability - A condition of weakness. If there
  were no vulnerabilities, there wouldbe no concern
  for threat activity.
• Countermeasure - Any device or action with the
  ability to reduce vulnerability.
• Expected Loss - The anticipated negative impact
  to assets due to threat manifestation.
• Impact - Losses as a result of threat activity
  are normally expressed in one or moreRisk
  Analysis Terminology
• Impact areas Four areas are commonly used
  Destruction, Denial of Service, Disclosure, and
  Modification.

11
Security Risk Analysis

• Examination of the interrelationships between
  assets, threats, vulnerabilities, and
  countermeasures to determine the current level of
  risk.
• Residual risk the level of risk that remains
  after consideration of all in-place
  countermeasures, vulnerability levels, and
  related threats.
• Ultimately, it is the residual risk that must be
  accepted as is or reduced to a point where it
  can be accepted.

12
Security Risk Analysis
13
Risk Assessment

• Identifies plausible threats, vulnerabilities,
  and potential consequences.
• Process that identifies the probable consequences
  or risks associated with the vulnerabilities and
  provides the basis for establishing a
  cost-effective security program.

14
Risk Management

• The process of implementing and maintaining
  countermeasures that reduce the effects of risk
  to an acceptable level.
• Consists of the spectrum of decisions made and
  actions taken to prevent, mitigate, or manage
  adverse consequences if potential threats become
  reality and exploit identified vulnerabilities.

15
Risk Assessment

• Includes the following steps
• Identifying core service processes
• Identifying critical assets (including
  supporting information technology systems) that
  support those core processes
• Identifying the potential threats to and
  vulnerabilities of those critical assets

16
Risk Analysis

• Identifies the existing security controls,
  calculates vulnerabilities, and evaluates the
  effect of threats on each area of vulnerability.
• Procedure attempts to strike an economic balance
  between the impact of risks and the cost of
  security solutions intended to manage them

17
Key Elements

• All risk analysis methodologies enable system
  users to compare possible losses to their agency
  with the cost of countermeasures (a.k.a.
  safeguards or controls) designed to protect
  against those losses.

18
KEY FACTORS

• To be useful, a risk analysis methodology should
  produce a quantitative statement of the impact of
  a risk or the effect of specific security
  problems. The three key elements in risk analysis
  are
• (1) A statement of impact or the cost of a
  specific difficulty if it happens,
• (2) A measure of the effectiveness of in-place
  countermeasures, and
• (3) A series of recommendations to correct or
  minimize identified problems.

19
Supply Networks
20
Network Optimization Theory

• Capacitated network flow model (removing a fixed
  number of nodes)
• Minimum cost flow model (interdiction reduces
  capacity and increases cost flow along an arc)
• Shortest path model optimal set of arcs to be
  monitored so as to cost-effectively detect an
  evader

21
Threat Sources
22
Network Safeguarding

• Determine the frail links and nodes with respect
  to a given type of threat and add resources (e.g.
  sensors) to detect and thwart threats
• ? Where do we place the sensors
• Security-aware design of supply networks
  capture the effect of safeguarding constraint on
  parameters and network cost

23
Functional Ecomap of ARMS
24
Human Immune Response System
Recognition
Defence
25
Artificial Immune Response System
26
Autonomic Risk Management System (ARMS)
27
Functional View of ARMS
28
Immune Cyberspace Extended to an Immune World
29
ARMS Framework
30
Risk Holarchy
31
Emergency Response Holarchy
32
Support Holarchy
33
Cybersecurity Holarchy
34
CHALLENGES

• Can a trusted access capability be built into
  security protected environments, enabling
  emergency help (medical, fire brigade and police)
  to intervene when life-critical help is at stake?
• How can we decide on the appropriate policies,
  strategies, architectures and allocation of
  resources in the absence of an assumed rationale
  for threat?
• Across an open, large community, how can
  knowledge be securely exchanged over time, as the
  community evolves and data and trust change?
• How can we manage the security associated with
  spontaneous cooperation without imposed or
  predefined fixed roles and rules?
• Can the ideal of running secure applications on
  an insecure network be reached? Can we include
  liability in the design rationale?

35
Purpose

• To create an agent-wireless network which endowed
  with a proper Ontology be able to exchange
  information, first in simulated emergencies then
  in a real emergency.

36
Technology Involved

• JADE (Java Agent DEvelopment Framework) 4 is a
  software framework fully implemented in Java
  language. It simplifies the implementation of
  multi-agent systems through a middle-ware that
  claims to comply with the FIPA specifications and
  through a set of tools that supports the
  debugging and deployment phase
• LEAP (Lightweight Extensible Agent Platform) 5
  The synergy between the JADE platform and the
  LEAP libraries allows to obtain a FIPA-compliant
  agent platform with reduced footprint and
  compatibility with mobile Java environments down
  to J2ME-CLDC
• J2ME (Java 2 Platform, Micro Edition) 6
• CLDC (Connected, Limited Device Configuration)
• MIDP (Mobile Information Device Profile)
• JAVA-enabled PDAs and Cell Phones

37
Distributed System

• Problems
• Different Network Protocols
• Proprietary Code
• No interaction possible

38
Multi-Agent Approach

• Advantages
• Interoperability
• Standardized (FIPA)
• Expandability
• JAVA-based

39
Deployed Platform
Planet-Lab Node (planetlab2.enel.ucalgary.ca1099)
JADE-LEAP Server
Hospital Manager Agents
Ambulance Manager Agent
GPRS
Windows Station

Internet
DB1
Nokia 6600
Bluetooth
Linux Station
FortunaGPSmart
GPS
DB2
40
Developed Application

• Messages Screen

41
Developed Application
42
SECURITY HOLARCHY
43
EXAMPLE
44
Wireless Network
?
?
?
PAN
LAN
WAN
45
Scalable Secure Web Based Services for e-Health
Static Environment
46
E-Health Holarchy

47
ARMS as an Autonomic Computing System

• The system must know itself in terms of what
  resources it has access to, what its capabilities
  and limitations are and how and why it is
  connected to other systems.
• This is achieved by the Risk Management Database,
  which continuously stores and dynamically updates
  information about systems status and its
  environment, through the adaptive risk agents,
  and by the Risk Agent Determination of Risks
  component.
• The system must be able to automatically
  configure and reconfigure itself depending on the
  changing computing environment. This is achieved
  via the controlled emergence within the Holarchic
  structure.
• The system must be able to optimize its
  performance to ensure the most efficient
  computing process. The controlled emergence
  mechanism, guarantees optimality of resources
  used as well as maximal efficiency in task
  accomplishment.

48
The Case for Autonomic Computing

• The system must be able to work around
  encountered problems by either repairing itself
  or routing functions away from the trouble. This
  is achieved via the inter-holarchic interaction
  between the risk management, infrastructure and
  support holarchies.
• The system must detect, identify and protect
  itself against various types of attacks to
  maintain overall system security and integrity.
  ARMS was designed with this purpose in mind, each
  of its holarchies working collaboratively at
  various levels of resolution to accomplish this.
• The system must be able to adapt to its
  environment as it changes, interacting with
  neighbouring systems and establishing
  communication protocols. The Adaptive Risk
  Agents, ensure the fulfilment of this
  requirement, using the mechanism provided by the
  Risk Agent Determination of Risk component.

49
The Case for Autonomic Computing

• The system must rely on open standards. The
  open-systems approach to ARMS design is
  transparent in the functional ecomap, which
  emphasizes ARMS continuous communication with the
  outside world via an agent-exchange osmosis
  process. In all our implementations we are using
  the FIPA (Foundation for intelligent Physical
  Agents) open standard for agent implementation,
  which ensures this requirements fulfilment.
• The system must anticipate the demand on its
  resources while keeping transparent to users. The
  anticipatory feature is ensured by the middle
  ARMS component, which continuously uses the risk
  management agents to collect information from the
  external (and internal) environment and allocates
  resources optimally via the controlled emergence
  mechanism.

50
CONCLUSIONS

• Applying life emergence approach to the virtual
  societies living in Cyberspace endows them with
  behavioral properties characteristic to natural
  systems.
• Entropy minimization induces self-organization
  properties
• Selection enables evolution of the virtual
  organization in Cyberspace (like a social
  organism) by autocatalytic mating with new
  partners, as they are discovered in a continuous
  incremental improvement search process.

51
OVERALL CHALLENGES

• Can pathological emergent behavior of the total
  system, arising from the interactions between
  people, agents, objects, and their various
  policies, be avoided?
• How do we translate the interaction of agents in
  different contexts and environments into machine
  understandable language?
• How do we express and code sufficient real world
  semantics when the scope of interaction between
  agents is too broad or not predefined?

52
Questions
53
(No Transcript)
54
(No Transcript)
55
(No Transcript)
56
(No Transcript)
57
eRisk

• Digital Risk Management resolves the complexity
  associated with implementing digital solutions
  and measuring their performance through Service
  Level Management. It includes selecting the
  optimum technology set, managing external
  partners and alliances, linking payments to
  targets, defining rigorous quality control
  procedures, managing system availability,
  achieving the expected return on investment, and
  bringing about changes in corporate culture
  required for successful business.
• http//www.mi2g.com/cgi/mi2g/pdfs/drm.pdf

58
PROCESS

• Security policy requires the creation of an
  ongoing information management planning process
  that includes planning for the security of each
  organization's information assets.
• Risk management is an ongoing, proactive program
  for establishing and maintaining an acceptable
  information system security posture.
• Once an acceptable security posture is attained
  accreditation or certification, the risk
  management program monitors it through every day
  activities and follow-on security risk analyses.
• In many cases, the rules, regulations, or
  policies that govern the information security
  program will stipulate when a follow-on risk
  analysis must be done.