Diapositiva 1 - PowerPoint PPT Presentation

About This Presentation
Title:

Diapositiva 1

Description:

Title: Diapositiva 1 Author: Pamela Peretti Last modified by: Stefano Bistarelli Created Date: 8/2/2006 7:12:26 PM Document presentation format: Presentazione su ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 45
Provided by: PamelaP
Category:

less

Transcript and Presenter's Notes

Title: Diapositiva 1


1
Dipartimento di ScienzeUniversità degli Studi
G. dAnnunzioPescara
Dottorato di ricerca in ScienzeXXI
cicloscrutinio annualea.a 2007/2008
Pamela Peretti
tutor Prof. Stefano Bistarelli
2
My PhD thesis
Dipartimento di Scienze - 16 giugno 2015
2
3
  • Risk management is a detailed process of
    identifying factors that could damage or disclose
    data, evaluating those factors in light of data
    value and countermeasure cost, and implementing
    cost-effective solutions for mitigating or
    reducing risk.

Dipartimento di Scienze - 16 giugno 2015
3
4
Terminology
  • An asset is any tangible or intangible item owned
    by an organization that has a value for an
    enterprise and that needs protection.

5
Terminology
  • Any potential occurrence that may cause an
    undesirable or unwanted outcome for an
    organization or for a specific asset is a threat.

Dipartimento di Scienze - 16 giugno 2015
5
6
Terminology
  • The absence or the weakness of a countermeasure
    or safeguard is a vulnerability.

An attack is any intentional attempt to exploit a
vulnerability of an organization's security
infrastructure to cause damage, loss, or
disclosure of assets.
Dipartimento di Scienze - 16 giugno 2015
6
7
Terminology
  • Exposure is being susceptible to asset loss
    because of an attack there is the possibility
    that a vulnerability can or will be exploited by
    an attacker or event.

Dipartimento di Scienze - 16 giugno 2015
7
8
Terminology
  • Risk is the possibility or likelihood that a
    threat will exploit a vulnerability to cause harm
    to an asset.

Dipartimento di Scienze - 16 giugno 2015
8
9
Terminology
  • A countermeasure is anything that removes a
    vulnerability or protects against one or more
    specific attacks.

Dipartimento di Scienze - 16 giugno 2015
9
10
Assessment methodology
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Quantitative approaches
  • Assigns absolute numeric attribute values to
    assets, threats, vulnerabilities and
    countermeasures.
  • Qualitative approaches
  • Qualitative risk analysis is a scenario-based
    approach. You rank threats on a scale to evaluate
    their risks, costs, and effects. Instruments
    brainstorming, Delphi technique, focus groups,
    surveys, questionnaires, checklists and
    interviews.

11
Quantitative approaches
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Assign the AV
  • The Asset Value (AV) is a synthetic measure of
    the cost of creation, development support,
    replacement and ownership value of an asset.

Dipartimento di Scienze - 16 giugno 2015
11
12
Quantitative approaches
  • Calculate the EF and the SLE
  • Calculate the ARO
  • Calculate the ALE

select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
The Exposure factor (EF) represents the
percentage of loss that an organization would
experience if a specific asset were violated by
an attack. The Single Loss Exposure (SLE)
represents a measure of an organization's loss
from a single threat against a specific asset and
can be computed by using the following formula
Dipartimento di Scienze - 16 giugno 2015
12
13
Quantitative approaches
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Calculate the EF and the SLE
  • Calculate the ARO
  • Calculate the ALE

The Annualized Rate of Occurrence (ARO) is the
expected frequency with which a specific threat
or attack will occur within a single year. The
Annualized Loss Expectancy (ALE) is the annually
expected financial loss of an organization which
can be ascribed to a threat and can be computed
by using the following formula
Dipartimento di Scienze - 16 giugno 2015
13
14
Quantitative approaches
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Evaluate the RM and the CSI

The Risk Mitigated by a countermeasure (RM)
represents the effectiveness of a countermeasure
in mitigating the risk of loss deriving from
exploiting a vulnerability. It is a numeric value
between 0 and 1. The Cost of a Security
Investment (CSI) is the cost that an organization
must face for implementing a given countermeasure.
Dipartimento di Scienze - 16 giugno 2015
14
15
Quantitative approaches
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Calculate the ROI

Given an attack a and a countermeasure c which is
able to mitigate a, the Return on Investment
(ROI) is the benefit that a defender of an IT
system expects from the introduction of c into
the system over the costs for implementing that
countermeasure.
Dipartimento di Scienze - 16 giugno 2015
15
16
Quantitative approaches
select the appropriate countermeasures
Identify the possible countermeasures
Identify the possible threats
Identify asset
  • Calculate the ROI
  • Calculate the ROA

The Return on Attack (ROA) is the gain that an
attacker expects from a successful attack a over
the costs he sustains due to the adoption of a
countermeasure c by its target.
where GI is the expected gain of the attack, GI ?
RMc is the lost profit produced by c and costa is
the cost associated to an attack strategy a.
Dipartimento di Scienze - 16 giugno 2015
16
17
Qualitative approaches
  • Qualitative risk analysis is a scenario-based
    approach.
  • A scenario is a written description of a single
    major threat. The description focuses on how a
    threat would be instigated and what effects it
    could have on the organization, the IT
    infrastructure, and specific assets.

Dipartimento di Scienze - 16 giugno 2015
17
18
A security scenario
Diffusion of reserved information
Interruption of service
Loss of data
Dipartimento di Scienze - 16 giugno 2015
18
19
Defence trees
  • Defence trees are an extension of attack trees
    Schneier00.
  • Attack tree
  • the root is an asset of an IT system
  • paths from a leaf to the root represent
    attacks to the asset
  • the non-leaf nodes can be
  • and-nodes
  • or-nodes

root
or-nodes
and-nodes
  • Defence tree
  • attack tree
  • a set of countermeasures

Dipartimento di Scienze - 16 giugno 2015
19
20
Defence trees
Steal datastored in a server
21
Quantitative evaluation
  • An economic evaluation of threats
  • Considering multiple attacks and countermeasures
  • Combining the defender's and the attacker's
    points of view
  • Three novel indexes
  • The Exposure Factor during Critical Time
  • The Exposure Factor under Retaliation
  • The Risk Mitigated against Collusion
  • Interaction between attackers and defender
  • Defence tree as strategic game
  • Using economic indexes as payoffs

Dipartimento di Scienze - 16 giugno 2015
21
22
Quantitative evaluation
  • An economic evaluation of threats
  • Considering multiple attacks and countermeasures
  • Combining the defender's and the attacker's
    points of view
  • Three novel indexes
  • The Exposure Factor during Critical Time
  • The Exposure Factor under Retaliation
  • The Risk Mitigated against Collusion
  • Interaction between attackers and defender
  • Defence tree as strategic game
  • Using economic indexes as payoffs

Dipartimento di Scienze - 16 giugno 2015
22
23
An economic evaluation of threats
The Return on Investment (ROI)
The Return on Attack (ROA)
24
Multiple attacks and countermeasures
1
3
2
Dipartimento di Scienze - 16 giugno 2015
24
25
Multiple attacks and countermeasures
Dipartimento di Scienze - 16 giugno 2015
25
26
Multiple attacks and countermeasures
Dipartimento di Scienze - 16 giugno 2015
26
27
Quantitative evaluation
  • An economic evaluation of threats
  • Considering multiple attacks and countermeasures
  • Combining the defender's and the attacker's
    points of view
  • Three novel indexes
  • The Exposure Factor during Critical Time
  • The Exposure Factor under Retaliation
  • The Risk Mitigated against Collusion
  • Interaction between attackers and defender
  • Defence tree as strategic game
  • Using economic indexes as payoffs

Dipartimento di Scienze - 16 giugno 2015
27
28
Three novel indexes
29
Quantitative evaluation
  • An economic evaluation of threats
  • Considering multiple attacks and countermeasures
  • Combining the defender's and the attacker's
    points of view
  • Three novel indexes
  • The Exposure Factor during Critical Time
  • The Exposure Factor under Retaliation
  • The Risk Mitigated against Collusion
  • Interaction between attackers and defender
  • Defence tree as strategic game
  • Using economic indexes as payoffs

Dipartimento di Scienze - 16 giugno 2015
29
30
Strategic game
  • We consider a strategic game
  • 2 players the defender and the attacker of a
    system.
  • Sd the set of defender's strategies (the
    countermeasures)
  • Sa the set of attacker's strategies (the
    vulnerability)
  • ROI and ROA payoff functions for the defender
    and the attacker

a1
a2
Ud1 Ua1
c2
Ud0 Ua2
c3
Ud1 Ua0
c3
c1
Ud1 Ua2
31
Strategic game example
Selection of a single countermeasure/attack
!
The set of strategies for the defender and the
attacker is composed by a single action.
Dipartimento di Scienze - 16 giugno 2015
31
16
32
Strategic game example
Selection of a single countermeasure/attack
!
The set of strategies for the defender and the
attacker is composed by a single action.
Dipartimento di Scienze - 16 giugno 2015
32
16
33
Qualitative evaluation
  • Cp-defence trees
  • AND-composition of preference
  • OR-composition of preference
  • Translation of AND/OR attacks into ASO programs
  • AND attacks
  • OR attacks

Dipartimento di Scienze - 16 giugno 2015
33
34
Qualitative evaluation
  • Cp-defence trees
  • AND-composition of preference
  • OR-composition of preference
  • Translation of AND/OR attacks into ASO programs
  • AND attacks
  • OR attacks

Dipartimento di Scienze - 16 giugno 2015
34
35
Cp-defence trees
Cp-net Boutiliet99 are a graphical formalism to
specify and representing conditional preference
relations.
Cp-defence tree is a defence tree enriched with
conditional preference over attack and
countermeasures.
a2Âa1Âa6Âa5Âa3Âa4
a1 c1Â c2Â c3
a2 c5Â c3Â c4
a3 c6Â c7
a4 c8Â c9
a5 c11Â c10
a6 c13Â c12
Dipartimento di Scienze - 16 giugno 2015
35
36
AND-composition of preference
  • An and-attack is an attack composed by a set of
    actions that an attacker has to successfully
    achieve to obtain his goal.

A x,y,zC a,b,c
and-composition
x a  b  c
y b  c
z a  b
a  b  c
x Æ y Æ z
Dipartimento di Scienze - 16 giugno 2015
36
37
AND-composition of preference
  • An and-attack is an attack composed by a set of
    actions that an attacker has to successfully
    achieve to obtain his goal.

A x,yC a,b,c,d
and-composition
x a  b
y c  d
x Æ y
c  d  a  b
x  y
Dipartimento di Scienze - 16 giugno 2015
37
38
OR-composition of preference
  • An or-attack is an attack composed by different
    and alternative actions that an attacker has to
    successfully achieve to obtain his goal.

x a  b  c
y c  a
z a  b
A x,y,zC a,b,c
x Ç y Ç z
or-composition
lta,a,agt
lta,a,bgt
a a,b a,c b,c a,b,c
lta,c,agt
lta,c,bgt
ltb,a,agt
b,c a,b
ltb,a,agt
ltb,a,bgt
ltb,c,agt
ltb,c,bgt
ltb,c,bgt
ltc,a,agt
ltc,a,bgt
ltc,c,agt
ltc,c,bgt
b b
a c
a b
Dipartimento di Scienze - 16 giugno 2015
38
39
Qualitative evaluation
  • Cp-defence trees
  • AND-composition of preference
  • OR-composition of preference
  • Translation of AND/OR attacks into ASO programs
  • AND attacks
  • OR attacks

Dipartimento di Scienze - 16 giugno 2015
39
40
Translation of AND-attacks
AND
rx1 x à rx2 a Ç b Ç c à x ?x1 a gt b gt c à x
Px ?
rx1 x Ã
r1 root Ã
Pand ?
rx2 a Ç b Ç c à x
r2 x Ç y à root
?x1 a gt b gt c à x
Py ?
ry1 y à ry2 a Ç b à y ?y1 a gt b à y
ry1 y Ã
ry2 a Ç b à y
?y1 a gt b à y
The optimal answer set associated to ltPand,Fgt is
the set M4root, x,a The preferred set of
countermeasures is the set a.
Dipartimento di Scienze - 16 giugno 2015
40
41
Translation of OR-attacks
OR
r1 root Ã
Por ?
rx1 x à rx2 a Ç b Ç c à x ?x1 a gt b gt c à x
Px ?
rx1 x Ã
rx2 a Ç b Ç c à x
r2 x à root
?x1 a gt b gt c à x
r3 y à root
Py ?
ry1 y à ry2 a Ç b à y ?y1 a gt b à y
ry1 y Ã
ry2 a Ç b à y
?y1 a gt b à y
The optimal answer set associated to ltPor,Fgt is
M1root, x, y, a The preferred set of
countermeasures is the set a.
Dipartimento di Scienze - 16 giugno 2015
41
42
ASO and Cp-defence tree
Logic programming
Conditional preference rules
root ? a12 ? root a34 ? root a56 ? root a1 ?
a12 a2 ? a12 a3 ? a34 a4 ? a34 a5 v a6 ? a56
c1 v c2 v c3 ? a1 c3 v c4 v c5 ? a2 c6 v c7 ?
a3 c8 v c9 ? a4 c10 v c11 ? a5 c12 v c13 ? a6
c1 gt c2 gt c3 ? a1 c5 gt c3 gt c4 ? a2 c6 gt c7 ?
a3 c8 gt c9 ? a4 c11 gt c10 ? a5 c13 gt c12 ? a6
Dipartimento di Scienze - 16 giugno 2015
42
43
ASO and Cp-defence tree
Logic programming
Ranking of preference rules
root ? a12 ? root a34 ? root a56 ? root a1 ?
a12 a2 ? a12 a3 ? a34 a4 ? a34 a5 v a6 ? a56
?1 c5 gt c3 gt c4 ? a2 ?2 c1 gt c2 gt c3 ? a1 ?3
c13 gt c12 ? a6 ?4 c11 gt c10 ? a5 ?5 c6 gt c7
? a3 ?6 c8 gt c9 ? a4
c1 v c2 v c3 ? a1 c3 v c4 v c5 ? a2 c6 v c7 ?
a3 c8 v c9 ? a4 c10 v c11 ? a5 c12 v c13 ? a6
Dipartimento di Scienze - 16 giugno 2015
43
44
Dipartimento di ScienzeUniversità degli Studi
G. dAnnunzioPescara
Dottorato di ricerca in ScienzeXXI
cicloscrutinio annualea.a 2007/2008
Pamela Peretti
tutor Prof. Stefano Bistarelli
Dipartimento di Scienze - 16 giugno 2015
44
Write a Comment
User Comments (0)
About PowerShow.com