Threat Modeling and Sharing. Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX.

Slides:



Advertisements
Similar presentations
© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.
Advertisements

Interoperability Standards for Information Sharing and Safeguarding PM-ISE Slide 1 | Unclassified | Notional | DRAFT.
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Profiles Construction Eclipse ECESIS Project Construction of Complex UML Profiles UPM ETSI Telecomunicación Ciudad Universitaria s/n Madrid 28040,
Modeling Services Model Interoperability Xavier Blanc – University Paris VI.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.
Catherine Hoang Ioana Singureanu Greg Staudenmaier Detailed Clinical Models for Medical Device Domain Analysis Model 1.
Production Rule Representation Team Response Presentation to BEIDTF OMG Montreal Aug 2004 Ruleml.org.
OMG Architecture Ecosystem SIG Federal CIO Council Data Architecture Subcommittee May 2011 Cory Casanave.
Architecture-Driven Modernization Platform SIG KDM RFP.
Systems Engineering in a System of Systems Context
Formal Techniques in Software Engineering Universiteit AntwerpenIntroduction 1.1 Formal Techniques in Software Engineering 3de BAC Informatica Chapter.
MDA > Model Driven Architecture > Orçun Dayıbaş > December, 2006 > METU, Ankara.
MDA – Model Driven Architecture: An introduction Franco Flore Senior Product Manager.
Amit, Keyur, Sabhay and Saleh Model Driven Architecture in the Enterprise.
Secure Middleware (?) Patrick Morrison 3/1/2006 Secure Systems Group.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.
Model Driven Architecture (MDA) Partha Kuchana. Agenda What is MDA Modeling Approaches MDA in a NutShell MDA Models SDLC MDA Models (an Example) MDA -
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
DCMO - CIO Architecture Federation Pilot Larry Singer 5 January, 2012.
Applying MDA in the ATM: A practical approach Teodora Bozheva, Terry Bailey (ESI) Julia Reznik, Tom Ritter (Fraunhofer FOKUS)
NIEM-UML Profile Justin Stekervetz, NIEM PMO
MDA Guide Version CYT. 2 Outline OMG Vision and Process Introduction to MDA How is MDA Used? MDA Transformations Other MDA Capabilities Using the.
SC32 WG2 Metadata Standards Tutorial Metadata Registries and Big Data WG2 N1945 June 9, 2014 Beijing, China.
DMSO Technical Exchange 3 Oct 03 1 Web Services Supporting Simulation to Global Information Grid Mark Pullen George Mason University with support from.
Faculty of Informatics and Information Technologies Slovak University of Technology Peter Kajsa and Ľubomír Majtás Design.
UML based dependability modeling, analysis and synthesis Proposers: TU Budapest: A. Pataricza, Gy. Csertán, I. Majzik, D. Varró PDCC Pisa: L. Simoncini,
Architecture Ecosystem Foundation (AEF) RFP aesig/ Draft RFP Presentation June 2010.
3 April SOA: Services Oriented Architecture MDA: Model Driven Architecture.
Introduction to MDA (Model Driven Architecture) CYT.
Web services for Enterprise Collaboration Applying MDA to web services for enterprise collaboration Doc Mars/ Doc webserv/
Larry L. Johnson Federal Transition Framework.
2nd TTCN-3 User Conference, June The TTCN-3 Metamodel – A Basis for Tool Integration Ina Schieferdecker TU Berlin/Fraunhofer Fokus Hajo Eichler,
C W3C Government Linked Data Working Group Cory Casanave 06/30/2011 Cory Casanave Cory-c at modeldriven dot com CEO, Model Driven Solutions Founder,
Ontology for Federation and Integration of Systems Cross-track A2 Summary Anatoly Levenchuk & Cory Casanave Co-chairs 1 Ontology Summit 2012
Cairo Corporation An Inc 500 Company ISO9001:2000 CERTIFIED 8(a) ۰ SDB ۰ WOB ۰ GSA ۰ GSA STARS The Dream of a Common Language: Extending the Role of the.
Interoperability Framework Overview Health Information Technology (HIT) Standards Committee June 24, 2010 Presented by: Douglas Fridsma, MD, PhD Acting.
ISO/IEC CD and WD : Core Model and Model Mapping ISO/IEC JTC1/SC32/WG September 2005, Toronto SC32/WG2 Japan (Kanrikogaku Ltd) Masaharu.
Measuring the Quality of Decisionmaking and Planning Framed in the Context of IBC Experimentation February 9, 2007 Evidence Based Research, Inc.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
FEA DRM Management Strategy Presented by : Mary McCaffery, US EPA.
S&I Integration with NIEM (DRAFT) Standards Development Support June 8, 2011.
United States Department of Justice Achieving Information Interoperability and Business Agility The Justice Reference Architecture:
Advances in Threat and Risk Information Sharing
Discussion about MFI-8: Metamodel for Role and Goal Registration
A Mediated Approach towards Web Service Choreography Michael Stollberg, Dumitru Roman, Juan Miguel Gomez DERI – Digital Enterprise Research Institute
Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.
CTI STIX SC Status Report October 22, 2015.
Semantic Data Extraction for B2B Integration Syntactic-to-Semantic Middleware Bruno Silva 1, Jorge Cardoso 2 1 2
Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 2, Modeling with UML: UML 2 Metamodel Note to Instructor: The material in this.
Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.
Architecture Ecosystem SIG March 2010 Update Jacksonville FL.
Developing an IDM Information Delivery Manual Part 1. Industry Workgroup Training, Creating IDMs Alliance NA 2010 Dianne Davis, NA-IDM Coordinator Jan.
Information Architecture WG: Report of the Fall 2004 Meeting November 16th, 2004 Dan Crichton, NASA/JPL.
OMG Architecture Ecosystem SIG Enterprise Data World 2011.
Page 1 Hitachi Ltd. – FhI FOKUS TTCN-3 User Conference, June 2005 MDA based approach for generation of TTCN-3 test specifications Hideto Ogawa, Hitachi.
1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL
Discussion Topics for Exploring OMG UPDM Way-ahead
Agenda Federated Enterprise Architecture Vision
SysML v2 Formalism: Requirements & Benefits
Enterprise Data Model Enterprise Architecture approach Insights on application for through-life collaboration 2018 – E. Jesson.
Domain Specific Product Description Exchange
Evaluating Compuware OptimalJ as an MDA tool
Constructing MDA-based Application Using Rational XDE for .NET
Semantic Information Modeling for Federation
Model Driven Software Development
Presentation transcript:

Threat Modeling and Sharing

Summary Proposal to kick off Threat Modeling project – Multi-phase approach – Initially: create Cyber Domain PIM and STIX PSM with UML Profile for NIEM – Expand to other PSM, create Threat Meta Model – Expand to non-cyber domains Community focused – Leverage existing work (STIX, OpenIOC, IODef, SI*, etc.) – Connect to stakeholder within OMG and external

Motivation Threat information sharing critical enabler for ‘wire-speed’ defense of complex systems Information sharing requires shared concepts for subject area – NIEM is used by US federal, state, and local government, as well as internationally – STIX is being adopted by a large number of users – Snort rules are common for IDS Multiple protocols, languages, and models used throughout industry today, but: – Re-use of existing protocols for threat exchange (e.g. IODef) – Focus on threat indicators/signature and classification (e.g. STIX, OpenIOC) Desire to have traceability from indicators to threat actors and their motivation/intent – Leverage existing work performed by social modeling and behavior groups, e.g. SI* Some integration with other enterprise systems, but no comprehensive approach

Motivation – Clarification This is NOT to concentrate threat sharing and modeling at OMG – No desire to ‘take over’ from successful approaches such as STIX or OpenIOC – Collaboration with non-OMG member will be critical for success Focus on development of meta- model and semantic interoperability for – broadening view on, and – identifying specific areas of improvement Leverage strength of MDA to threat sharing STIX Threat Models Today are – at best – ad hoc coordinated OpenIOC IODef SI* NIEM Snort Rules Point-to-Point mapping

Approach Multi-Phase Approach – Start with initial mapping of existing concepts (STIX Data Model NIEM UML Profile – Develop meta-model for threat modeling and expand scope – Include non-cyber domains Include creation of Platform Independent Model (PIM) and Platform Specific Models (PSM) that represent STIX, OpenIOC Include social model of threat actors, campaigns, motivation – E.g. through leveraging SI* framework concepts Integrate with – NIEM 3.0 – Common Alerting Protocol (CAP) – Other applicable systems Extend beyond cyber threat sharing – Non-cyber domain integration – Sharing of countermeasure for specific threats

Phase 1 Create “Cyber Domain PIM” utilizing UML Profile for NIEM to model STIX information exchange – NIEM profile exists today – STIX has currently richest model and broadest interest base Expected output: Specification that includes – Cyber Domain PIM – STIX PSM Rationale: fairly easy to achieve, concretization of a Cyber Domain PIM that can serve as basis for meta- model or semantic models for other platforms

Phase 2 Richer social and behavioral modeling, e.g.: – Leverage of SI* framework concepts of modeling social actors and their behavior – Integration with CORAS modeling – Inclusion of XORCISM approaches Expansion of Cyber Domain PIM, adding new PSMs, and/or development of Threat Meta-Model – OpenIOC, IODef, XORCISM, SI*, Snort Rules, etc.

Phase 3 (notional) Non-cyber domain modeling – Integration with existing threat models for law-enforcement, defense, emergency preparedness – Develop common threat ontology, based on threat meta-model – Provide cross-domain capabilities, e.g. for describing complex campaigns – Include domains such as Supply Chain Risk Management (SCRM), Digital Forensics (e.g. SCOX, DFXML), etc. Countermeasure modeling – Develop consistent model for countermeasures – Allow mapping of countermeasures to threat – Countermeasure sharing to facilitate automatic mitigation of known threats

Goals Enable conceptual interoperability of existing systems – Validate existing mappings (e.g. STIX/OpenIOC) and allow mapping of new PSMs (NIEM Threat Sharing PSM, SI*, XORCISM, etc.) to each other Enable simplified creation of automated threat sharing systems – Tools-supported code generation – Semantic interoperability through shared ontology Enable automatic threat mitigation – Include mitigation recommendations in modeling to enable wire-speed defense Improve attribution capabilities by including richer characterization of social domain in actor/campaign classification – Full traceability from observed indicators to social and individual motivation and intent

Notional Timeline

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.