Using security assessment methods to enhance the feedback from security training Jonas Hallberg Division of Information Systems Swedish Defence Research Agency (FOI) Jonas Hallberg Division of Information Systems Swedish Defence Research Agency (FOI)
Training environment
Security assessment focus
Security assessment context
Security assessment method XMASS - eXtended Method for Assessment of System Security
XMASS – systems modeling Systems are modeled as interconnected components Two main classes of components: 1.Traffic generators, e.g. PCs and PDAs 2.Traffic mediators, e.g. firewalls and hubs Two types of relations: 1.Physical, e.g. network connections 2.Logical, e.g. node dependencies The abstraction level is not fixed Systems are modeled as interconnected components Two main classes of components: 1.Traffic generators, e.g. PCs and PDAs 2.Traffic mediators, e.g. firewalls and hubs Two types of relations: 1.Physical, e.g. network connections 2.Logical, e.g. node dependencies The abstraction level is not fixed
XMASS – security values Entity profiles Security profiles consist of security features with corresponding elementary security values Filtering profiles describes the ability of traffic mediators to block malicious traffic Entity relations Inter-component relations are modeled with a set of functions System-dependent security profiles Computed for each component based on component security profiles and relations System security values Based on the system-dependent security profiles Entity profiles Security profiles consist of security features with corresponding elementary security values Filtering profiles describes the ability of traffic mediators to block malicious traffic Entity relations Inter-component relations are modeled with a set of functions System-dependent security profiles Computed for each component based on component security profiles and relations System security values Based on the system-dependent security profiles
XMASS – tasks
Requirement collections Security feature# requirements Access Control19 Security Logging12 Intrusion Prevention 17 Intrusion Detection 12 Protection against Malware 16
Security profile template
Security profiles
Workflow Preparation Model network Export network model In action Accept tokens Update model After-action review Documentation Preparation Model network Export network model In action Accept tokens Update model After-action review Documentation
Preparation
In action
After-action review
Enhanced training Support the specification of the network Provides in-training security status overview Supports the after-action review Support the specification of the network Provides in-training security status overview Supports the after-action review