Using Ontologies to Quantify Attack Surfaces

Slides:



Advertisements
Similar presentations
Sachin Rawat Crypsis SDL Threat Modeling.
Advertisements

1 Computational Asset Description for Cyber Experiment Support using OWL Telcordia Contact: Marian Nodine Telcordia Technologies Applied Research
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Systems Engineering in a System of Systems Context
The Experience Factory May 2004 Leonardo Vaccaro.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
Technical Architectures
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Systems Engineering Foundations of Software Systems Integration Peter Denno, Allison Barnard Feeney Manufacturing Engineering Laboratory National Institute.
Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
An approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis Centre for Research and Technology Hellas.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.
Ontology Summit 2015 Track C Report-back Summit Synthesis Session 1, 19 Feb 2015.
© DATAMAT S.p.A. – Giuseppe Avellino, Stefano Beco, Barbara Cantalupo, Andrea Cavallini A Semantic Workflow Authoring Tool for Programming Grids.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
ICT EMMSAD’05 13/ Assessing Business Process Modeling Languages Using a Generic Quality Framework Anna Gunhild Nysetvold* John Krogstie *, § IDI,
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
1 Open Ontology Repository initiative - Planning Meeting - Thu Co-conveners: PeterYim, LeoObrst & MikeDean ref.:
21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.
Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’ : NETWORK MANEUVER COMMANDER – Resilient Cyber.
© 2013 IBM Corporation Accelerating Product and Service Innovation Service Virtualization Testing in Managed Environments Michael Elder, IBM Senior Technical.
The best of WF 4.0 and AppFabric Damir Dobric MVP-Connected System Developer Microsoft Connected System Division Advisor Visual Studio Inner Circle member.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
MEKON & HOBO Java Frameworks for building Ontology-Driven Applications Current use cases:  Almost (!) products:  Knowledge-driven clinical documentation.
Grid as a Service. Agenda Targets Overview and awareness of the obtained material which determines the needs for defining Grid as a service and suggest.
1 CASE Computer Aided Software Engineering. 2 What is CASE ? A good workshop for any craftsperson has three primary characteristics 1.A collection of.
1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL
Dr. Ir. Yeffry Handoko Putra
Chapter 19: Network Management
Big Data Enterprise Patterns
STRIDE to a secure Smart Grid in a hybrid cloud
Threat Modeling - An Overview All Your Data is Mine
Efficient Multi-User Indexing for Secure Keyword Search
Self Healing and Dynamic Construction Framework:
Understanding of Automation Framework
Evaluating Existing Systems
Introduction to Design Patterns
Joseph JaJa, Mike Smorul, and Sangchul Song
Distribution and components
Evaluating Existing Systems
<Name of Product>Pilot Closeout Meeting <Customer Name>
Chapter 18 MobileApp Design
Metrics-Focused Analysis of Network Flow Data
Component-Based Software Engineering: Technologies, Development Frameworks, and Quality Assurance Schemes X. Cai, M. R. Lyu, K.F. Wong, R. Ko.
Ontology Reuse In MBSE Henson Graves Abstract January 2011
The University of Adelaide, School of Computer Science
Shifting from “Incident” to “Continuous” Response
Chapter 2 – Software Processes
Core Platform The base of EmpFinesse™ Suite.
What's New in eCognition 9
System Modeling Assessment & Roadmap Joint OMG/INCOSE Working Group
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
Service Oriented Architectures (SOA): What Users Need to Know.
AMI Security Roadmap April 13, 2007.
Engineering Secure Software
Automated Analysis and Code Generation for Domain-Specific Models
Towards Unified Management
Semantic Knowledge Store Tim Martin SPAWARSYSCEN, San Diego, CA
BPaaS Evaluation Research Prototype
Engineering Secure Software
What's New in eCognition 9
System architecture, Def.
Software Development Process Using UML Recap
Presentation transcript:

Using Ontologies to Quantify Attack Surfaces Mr. Michael Atighetchi, Dr. Borislava Simidchieva, Dr. Fusun Yaman, Raytheon BBN Technologies Dr. Thomas Eskridge Dr. Marco Carvalho Florida Institute of Technology Captain Nicholas Paltzer Air Force Research Laboratory Distribution Statement “A” (Approved for Public Release, Distribution Unlimited). This material is based upon work supported by the Air Force Research Laboratory under Contract No. FA8750-14-C-0104. 03.10.10

Context Problem: Defense selection and configuration is a poorly understood, non-quantifiable process Add defenses that provide little value or even increase the attack surface Introduce unacceptable overhead Cause unintended side effects when combining multiple defenses Objective: Provide tools enabling automated security quantification of distributed systems with a focus on architectural patterns Model key concepts related to cyber defense Provide algorithms to quantify and minimize attack surfaces Focus on Moving Target Defense

Systematic Quantification of Defense Postures

Attack Surface Reasoning (ASR) Objective: Measure attack surfaces for security quantification Establish appropriate metrics for quantifying different attack surfaces Incorporate mission security and cost measurements Address usability issues through representative and composite measures of effectiveness Technical Achievements Models for attack surfaces that include systems, defenses, and attack vectors to enable quantitative characterization of attack surfaces Metrics for characterizing the attack surface of a dynamic, distributed system at the application, operating system, and network layers Algorithms for evaluating the effectiveness of defenses and minimizing attack surfaces

Modeling Approach Express a configuration C as a collection of OWL models C = {system, defense, attack, adversary, mission, metrics} Ontology openly available at https://ds.bbn.com/projects/asr.html Focus on interactions between distributed components Adversaries tend to take advantage of weak seems Make as few assumptions about adversaries as possible Minimize “garbage in, garbage out” problems Leverage extensible knowledge representation frameworks with powerful query languages Ontologies expressed in OWL Models can queried with SPARQL Automate model creation when possible Increase consistency and minimize cost of manual model creation

Systems Model Capture the relevant aspects of systems Based on Microsoft’s STRIDE dataflow model Process DLLs, EXEs, service External Entity People, other systems Data Flow Network flow, function call Data Store File Database Trust Boundary Process boundary File system Extensions Hierarchical Layering Inclusion of specific concepts to make models more understandable

Attack Model 6 >500 >943 Attack Types S = Spoofing T = Tampering R = Repudiation I = Information Disclosure D = Denial of Service E = Elevation of Privilege Expresses high-level attack steps Microsoft 6 STRIDE Common Attack Pattern Enumeration And Classification MITRE >500 CAPAC MITRE Common Weakness Enumeration >943 CWE

Attack Step Model Example AttackStepDefinition:

Current Set of Modeled Attack Steps

Adversary Model Captures assumptions we make about adversaries Starting position Overall objective of the attack Quantification experiments assess attack surfaces across many different adversary models To increase efficiency of attack vector finding, knowledge of adversarial workflows can be expressed in AttackVectorTemplates

Defense Model Express the security provided and cost incurred by cyber defenses Defense models may add new entities to system models (new data flows, processes, etc.) Current set of modeled defenses includes three types of MTDs Time-bounding observables (e.g., IPHopping) Masquerading (OS Masquerading) Time-bounding footholds (e.g., continuous restart via Watchdogs)

Mission Model Missions are simply modeled as a subset of data flows together with information security and cost requirements Security requirements are expressed as Confidentiality, Integrity, Availability Cost requirements are expressed as %change of latency and throughput Missions (and their individual flows) can be in three distinct modes Pass, degraded, fail

Metrics Model Attack surface metrics are themselves expressed through a model Cover {system & mission, security & cost} dimensions

Attack Surface Indexes

Quantification Methodology Security Mission Cost 1. Wrap Defense 2. Scan System into Model 4. Quantify Attack Surface ASI ACI AMI 123 Networked System System Fail System -5 +12 Fail System Virtual Experimentation Environment System +13 +3 Degraded Mission Networked System* Attack System +23 +5 Pass 3. Characterize Defense 5. Validate Attack Vectors Experimentation: System auto-scan Defense cost characterization Attack vector validation Analytics: Cost and security metrics Attack vector finding Attack surface minimization

Experimental Results Generated models of tens of hosts and a small number of defenses and attack steps Deployed scanning capabilities on BBN network and virtualized network at customer location and automatically generated system models from live systems Explore runtime complexity of attack vector finding and metrics computation algorithms using a random model generator

Conclusion and Next Steps We created a framework for quantifying attack surfaces using semantic models Our ontologies are openly available at https://ds.bbn.com/projects/asr.html We hope you will try them out and provide feedback! Next Steps Automate defense deployment exploration within a system through a genetic search algorithm Include metrics to capture interaction effect between multiple cyber defenses Expand scenario to enterprise-scale regimes Extend the set of modeled cyber defenses beyond MTDs Proxy overlay networks, deception, reactive defenses

Contacts Mr. Michael Atighetchi, matighet@bbn.com Dr. Borislava Simidchieva, simidchieva@bbn.com Dr. Fusun Yaman, fyaman@bbn.com Dr. Thomas Eskridge, teskridge@fit.edu Dr. Marco Carvalho, mcarvalho@cs.fit.edu Captain Nicholas Paltzer, nicholas.paltzer@us.af.mil