Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University

Structure of the presentation Introduction Introduction Motivation for adaptive security Motivation for adaptive security Common problem definition Common problem definition Formalization Formalization General adaptive model General adaptive model Mathematical description Mathematical description Methods of solution Methods of solution Contribution to practical tasks Contribution to practical tasks Adaptation for different types of security tasks Adaptation for different types of security tasks Illustrative samples of the adaptation Illustrative samples of the adaptation Implementation issues Implementation issues Verification issues Verification issues Related works Related works Conclusions Conclusions

Complex security systems Adaptive security problem definition Adaptive security problem definition Security process couldn’t be predetermined Security process couldn’t be predetermined Complete formalization couldn’t be provided Complete formalization couldn’t be provided Environment is complex and heterogeneous Environment is complex and heterogeneous Important practical security factors Important practical security factors Secondary place in overall information infrastructure Secondary place in overall information infrastructure Explicitly cross-disciplinary subject Explicitly cross-disciplinary subject Non uniform foundations for security tools and methods Non uniform foundations for security tools and methods Related trends in information security Related trends in information security International standardization (ISO: 17799, 15408, Industry: ISS, Capgemini) International standardization (ISO: 17799, 15408, Industry: ISS, Capgemini) Unifying local solutions to develop universal solutions Unifying local solutions to develop universal solutions Fuzzy problem definitions Fuzzy problem definitions Theoretical issues Practical issues

Adaptive information security Object of adaptation Object of adaptation General and special information security functions General and special information security functions Hardware and software information security tools Hardware and software information security tools Overall information security system Overall information security system Goals of adaptation Goals of adaptation Security object and environment identification Security object and environment identification Security process performance optimization Security process performance optimization General improving of information security General improving of information security Types of adaptation Types of adaptation Parameters adaptation Parameters adaptation Structure adaptation Structure adaptation Goal adaptation Goal adaptation Contribute to different types of security tasks Several tasks for adaptive security Simple and complex methods of the adaptation

Levels of security adaptation Distributed Network Local Network Standalone Workstation Formal methods and algorithms Cryptography, security models, etc. Local software and hardware Servers, Workstation, special software and hardware tools Communication protocols, special software and hardware

General Adaptive Security Model Analyzer Device Detector Device Responder Device Control Object Complex Security System Control Device Influence of the Environment Influence on the Environment XY U X / U / F Environment

Common formalization A task of adaptation is considered as a problem of optimal control of specified object F. State S of the object and its influence Y on the environment depends on influences Y of the environment and set of adaptable factors U. Goals Z of the adaptive control are defined by specific constraints on the state of the object. Security goals expressed as formal constraints on the state of the system Control Theory notions is used to describe dynamic security processes

Mathematical formalization Constraints expressed as: Where M x is a function for average-out by the states of the environment, and h /, g /, q / is actually measured systems parameters

Adaptive algorithms – adoptable parameters vector and vectors of the values of the criterion function measured from till moments of time – recurrent algorithm of the adaptation Process of adaptation in the adoptable factors space Process of adaptation in the system states space

Adaptation on different levels Formal methods Formal methods Model treated in notion of building blocks of formal algorithms Model treated in notion of building blocks of formal algorithms Integration of special adaptive algorithms in traditional tasks Integration of special adaptive algorithms in traditional tasks Standalone workstation Standalone workstation Adaptation in TCB Adaptation in TCB Fuzzy definition and special adaptive algorithms Fuzzy definition and special adaptive algorithms Local network Local network Adaptation in servers, workstations and security perimeter Adaptation in servers, workstations and security perimeter Evolutionary adaptation in agent-based models (cyber-warfare) Evolutionary adaptation in agent-based models (cyber-warfare) Distributed network Distributed network Adaptation in information channels Adaptation in information channels Redundancy and adaptive optimization Redundancy and adaptive optimization

Illustrative samples Adaptive self-scanning Adaptive self-scanning Level of adaptation: Workstation or Local Network level Level of adaptation: Workstation or Local Network level Goals: Improve general availability, decrease risk of DDoS attack Goals: Improve general availability, decrease risk of DDoS attack Solutions: Optimized searchless adaptive algorithms Solutions: Optimized searchless adaptive algorithms Security policy adaptation Security policy adaptation Level of adaptation: Workstation or Local Network Level of adaptation: Workstation or Local Network Goals: Improve overall security, decrease risk of attack propagation Goals: Improve overall security, decrease risk of attack propagation Solutions: Special stochastic adaptive algorithms Solutions: Special stochastic adaptive algorithms

Implementation issues Obstacles for the implementation Obstacles for the implementation Complexity of correct definition of goals and restrictions Complexity of correct definition of goals and restrictions Necessity of continuous system and environment identification Necessity of continuous system and environment identification Speed requirements for the adaptive algorithms Speed requirements for the adaptive algorithms Some methods of solution Some methods of solution Redundancy and optimization Redundancy and optimization Expert and analytical data usage Expert and analytical data usage Special algorithms from the Control Theory Special algorithms from the Control Theory

Verification issues Correct integration of adaptive security Correct integration of adaptive security Building secure system from insecure components Building secure system from insecure components Multi-level security Multi-level security Testing of practical adaptive systems Testing of practical adaptive systems Specification testing Specification testing Stressful testing Stressful testing Statistical contributions Statistical contributions

Related work Adaptation in special information security tasks Adaptation in special information security tasks Carney M., Loe B., A Comparison of Methods for Implementing Adaptive Security Policies Carney M., Loe B., A Comparison of Methods for Implementing Adaptive Security Policies Reiher P., Eustice K., Sung K.-M., Adapting Encrypted Data Streams in Open Architectures Reiher P., Eustice K., Sung K.-M., Adapting Encrypted Data Streams in Open Architectures Lee W., Cabrera J., Thomas A., Balwalli N., Saluja S., Zhang Y., Performance Adaptation in Real-Time Intrusion Detection Systems Lee W., Cabrera J., Thomas A., Balwalli N., Saluja S., Zhang Y., Performance Adaptation in Real-Time Intrusion Detection Systems Adaptation in broader context Adaptation in broader context Badrinath B., Fox A., Kleinrock L., Popek G., Reiher P., Satyanarayanan M., A Conceptual Framework for Network and Client Adaptation Badrinath B., Fox A., Kleinrock L., Popek G., Reiher P., Satyanarayanan M., A Conceptual Framework for Network and Client Adaptation Marcus L., Local and Global Requirements in an Adaptive Security Infrastructure Marcus L., Local and Global Requirements in an Adaptive Security Infrastructure

Conclusions Adaptation in Security Context Adaptation in Security Context Advantages Advantages Contribution to the real-world information security with fuzzy definition and uncertain conditions Contribution to the real-world information security with fuzzy definition and uncertain conditions Access to the methods and tools from the Control Theory for the needs of the adaptation Access to the methods and tools from the Control Theory for the needs of the adaptation Disadvantages Disadvantages Effectiveness is very dependant on the correct definition of security goals Effectiveness is very dependant on the correct definition of security goals The additional resources required for the adaptation processes The additional resources required for the adaptation processes Further work Further work Development and analysis of adaptive algorithms for specific security problems Development and analysis of adaptive algorithms for specific security problems Research of the usage of statistical methods for optimization and verification of the adaptive systems Research of the usage of statistical methods for optimization and verification of the adaptive systems

Thank you!