CSCE 548 Architectural Risk Analysis - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

CSCE 548 Architectural Risk Analysis

Description:

CSCE 548 Architectural Risk Analysis CSCE 548 - Farkas * Research Activities Preliminary hypothesis Comparison of natural and computer disasters Study the factors ... – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 37
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: CSCE 548 Architectural Risk Analysis


1
CSCE 548 Architectural Risk Analysis
2
Reading
  • This lecture
  • McGraw Chapter 5
  • Next lecture
  • Secure Software Construction
  • Jan Jürjens, Towards Development of Secure
    Systems using UMLsec, http//citeseer.ist.psu.edu/
    536233.html
  • Lodderstedt et. al, SecureUML A UML-Based
    Modeling Language for Model-Driven Security,
    http//citeseer.ist.psu.edu/lodderstedt02secureuml
    .html

3
Application of Touchpoints
External Review
3. Penetration Testing
1. Code Review (Tools)
6. Security Requirements
4. Risk-Based Security Tests
2. Risk Analysis
7. Security Operations
2. Risk Analysis
5. Abuse cases
Requirement and Use cases
Architecture and Design
Test Plans
Code
Tests and Test Results
Feedback from the Field
4
Requirement Analysis
  • Identify and document the customers requirements
    for a proposed system
  • Client brief idea on what the system should do
  • Requirement Analyst
  • Detailed system requirements
  • Implied requirements
  • Regulatory requiremetns
  • Create Software Requirements Specification (SRS)
  • What the product should do

5
Software Requirement Specification
  • Functional requirements
  • Features a software has
  • Implied requirements
  • Non-Functional requirements
  • Performance, reliability, security, etc.
  • Effects quality of product
  • Regulatory requirements
  • Law, standards, organizational regulation,
    contract, etc.
  • External interface requirements
  • Interaction with other software and hardware
  • Acceptance criteria
  • Confirm that the software is working according to
    the clients specification

6
Review SRS
  • Cost effective getting the requirements right
  • Manual review team of experts (at least 3) for
    1.5- 2 hours/session
  • Detection rate of good review 60-90
  • More cost effective to do requirement review than
    code testing alone

7
Design Flaws
  • 50 of security problems
  • Need explicitly identifying risk
  • Quantifying impact tie technology issues and
    concerns to business
  • Continuous risk management

8
Security Risk Analysis
  • Risk analysis identifying and ranking risks
  • Risk management number of discrete risk analysis
    exercises, tracking risk, mitigating risks
  • Need understanding of business impact

9
Security Risk Analysis
  • Learn about the target of analysis
  • Discuss security issues
  • Determine probability of compromise
  • Perform impact analysis
  • Rank risks
  • Develop mitigation strategy
  • Report findings

10
Learn about the target
  • Specifications, documents, design, etc.
  • Discuss, brainstorm
  • Determine major components and security needs
  • Use/study software
  • Identify threats

11
Discuss security issues
  • Argue about how the product works, areas of
    disagreement
  • Identify possible vulnerabilities (lists, tools)
  • Identify exploits and protection
  • Understand security controls (current, planned)

12
Determine probability of compromise
  • Attack scenarios
  • Historical data
  • Balance control against threat

13
Perform impact analysis
  • Impact on assets and business goals
  • Impact on security posture
  • Impact on social sector

14
Rank risk
  • Connect to business goals
  • Regulatory requirements
  • Customers needs
  • Capabilities

15
Develop mitigation strategy
  • Countermeasures
  • Technical
  • Societal
  • Ecomonics
  • Capabilities and preferences

16
Report findings
  • Major vs. minor risks
  • Decision support for mitigating risk

17
Traditional Risk Analysis
  • Financial loss-based
  • Balance cost vs. loss
  • Mathematically derived risk rating
  • Threat, probability, and impact
  • Qualitative assessment
  • Knowledge-driven or anecdotal factors
  • Social Impact

18
Terminology
  • Asset object of protection
  • Risk probability that the asset will suffer an
    attack
  • Threat the actor (agent) who is the source of
    danger
  • Vulnerability defect or weakness in the system
  • Countermeasures or safeguards management,
    operational, and technical control to protect
    confidentiality, integrity, and availability
  • Impact impact on the organization
  • Probability likelihood that the event will occur
    (high, medium, low)

19
Knowledge Requirements
  • Three basic steps
  • Attack resistance analysis
  • Attack patterns and exploit graphs
  • Ambiguity analysis
  • Knowledge of design principles
  • Weakness analysis
  • Knowledge of security issues
  • Forest-level view What does the software do?
  • Critical components and interaction between them
  • Identify risk related to flaws

20
Risk Calculation
  • Financial loss ALE SLE x ARO
  • ALE annualized loss expectancy
  • SLE single loss expectancy
  • ARO annualized rate of occurrence
  • Distinguish between attacks based on frequency of
    occurance
  • Qualitative risk assessment (e.g., loss of
    reputation, loss of trust, etc.)
  • ROI return-on-investment
  • Note security is more like insurance it will
    never hit a big payoff

21
Limitations of Traditional Approaches
  • Hard to find correct data for statistical
    distribution
  • Do not necessarily provide an easy guide
  • Modern applications are complex contextual
    variability of risk

22
Modern Risk Analysis
  • Address risk as early as possible in the
    requirements level
  • Impact
  • Legal and/or regulatory risk
  • Financial or commercial considerations
  • Contractual considerations
  • Social Impact
  • Requirements must-haves, important-to-have,
    and nice-but-unnecessary-to-have

23
Basic Risk Analysis
  • Tailored for specific vulnerabilities
  • High-level overview
  • Meaningful results
  • Cross-tier analysis different trust zones
  • Use of deployment pattern
  • Decomposing software on a component-by-component
    basis

24
Risk Analysis Practice
  • Ad-hoc manner
  • Does not scale and not repeatable or consistent
  • Depends on knowledge and expertise of analyst
  • Results are difficult to compare

25
Attack Resistance Analysis
  • Information about known attacks, attack patterns,
    and vulnerabilities known problems
  • Identify general flaws using secure design
    literature and checklists
  • Map attack patterns based on abuse cases and
    attack patterns
  • Identify risk in the architecture using
    checklist
  • Understand and demonstrate the viability of known
    attacks

26
Ambiguity Analysis
  • Discover new risks
  • Parallel activities of team members ? unify
    understanding
  • Private list of possible flaws
  • Describe together how the system worked
  • Need a team of experienced analysts

27
Weakness Analysis
  • Understanding the impact of external software
    dependencies
  • Middleware
  • Outside libraries
  • Distributed code
  • Services
  • Physical environment
  • Etc.

28
Social Vulnerability of Computer Attacks
Vipul Gupta
29
Background
  • What is Social Vulnerability
  • No single definition
  • Generally accepted as inability of the society
    to move out of harms way, that is, incase of a
    disaster (or computer attack) how easily can the
    society (or the victim (s)) recover from it
  • Why Social Vulnerability
  • Every computer attack has economic and social
    impacts
  • Social impacts of a computer attack are usually
    not quantifiable

30
Background
  • Impacts on our society (examples)
  • Death caused by malfunctioning of computer based
    equipment
  • Suicide due to losing everything in a computer
    based fraud scheme
  • Ruining of ones credit
  • Depression, anxiety, other emotional or physical
    health related issues
  • Internet Addiction may be caused by the
    presence of computer
  • Etc.
  • What happens if the computer based system is not
    available for the intended use (DoS or virus
    attacks considered)

31
Importance of Social Vulnerability
  • Computers are an essential part of todays life
  • Large scale computer attacks will inhibit the
    functioning of the society (yes, they may be
    possible in future)
  • Are some sections of the society likely to be
    more damaged in the event of a computer attack ?
    (Ability to recover easily from those attacks)

32
Background
  • Research Goal
  • Map the social vulnerability of computer attacks
    based on geographical locations within South
    Carolina
  • Develop a model for social vulnerability
    assessment of computer attacks (currently no such
    model exists)

33
Background
  • Research on Social Vulnerability in Natural
    Disasters
  • Extensive research has been done in this area
  • Hypothesize the similarities and differences
    between a computer attack and a natural disaster
    (why?)
  • Most natural disasters are prone to specific
    geographical areas
  • Do computer attacks exhibit the same feature
    (based on the social factors)

34
Research Activities
  • Preliminary hypothesis
  • Comparison of natural and computer disasters
  • Study the factors influencing computer attacks
  • Identified 9 factors to indicate vulnerability to
    attacks updates, installed security software,
    malicious email scanning, firewall protection,
    free downloads, P2P sharing, unverified
    downloads, shared system/passwords, system
    maintenance

35
Research Activities
  • Considered age, education (computer experience),
    income (wealth) as the social factors influencing
    the vulnerability (/-) to study
  • Are some people more prone to computer attacks
    than others?
  • Can some people recover from a computer attack
    faster than others?
  • Income Education Age
  • The 9 factors

36
Next Class
  • Expressing Security Needs during design
Write a Comment
User Comments (0)
About PowerShow.com