System-Aware Cyber Security Architecture Rick A. Jones October, 2011.

Slides:



Advertisements
Similar presentations
RAMIRI2 Prague 2012 Project management and the RI Life Cycle.
Advertisements

Information Systems Analysis and Design
1 Chapter 2: Product Development Process and Organization Introduction Importance of human resources: Most companies have similar technology resources.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
System Aware Cyber Security NDIA Barry Horowitz University of Virginia February, Sponsor: DoD, through the Stevens Institute”s SE Research Center.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Managing Reuse Presented by: Aisha Al-Hammadi. Outline Introduction History. The technical and managerial advantages of Reusing Solutions. The main challenges.
(Geneva, Switzerland, September 2014)
The Information Systems Audit Process
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Merlin ITEA Symposium Merlin Overview2 Problem domain Companies hardly develop embedded products completely on their own Embedded systems need.
Enterprise Architecture
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Copyright 2001 Prentice-Hall, Inc. Essentials of Systems Analysis and Design Joseph S. Valacich Joey F. George Jeffrey A. Hoffer Chapter 1 The Systems.
What is Business Analysis Planning & Monitoring?
Chapter 10 Architectural Design
SEC835 Database and Web application security Information Security Architecture.
Overview of the Database Development Process
CSCE 548 Secure Software Development Risk-Based Security Testing.
Test Organization and Management
Annual SERC Research Review, October 5-6, By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.
9/14/2015B.Ramamurthy1 Operating Systems : Overview Bina Ramamurthy CSE421/521.
Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.
An Introduction to Software Architecture
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1 Critical Mission Support Through Energy Security Susan Van Scoyoc Concurrent Technologies Corporation 16 August 2012 Energy Huntsville Meeting Huntsville,
SWE © Solomon Seifu ELABORATION. SWE © Solomon Seifu Lesson 10 Use Case Design.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Copyright Prof. Dr. Shuichiro Yamamoto Prof. Dr. Shuichiro Yamamoto Nagoya University.
1 CMPT 275 High Level Design Phase Modularization.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
Software Architecture Evaluation Methodologies Presented By: Anthony Register.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Cybersecurity for UAS Systems System-Aware Cybersecurity Barry Horowitz University of Virginia November 2015.
RLV Reliability Analysis Guidelines Terry Hardy AST-300/Systems Engineering and Training Division October 26, 2004.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
John D. McGregor Architecture Evaluation
 CMMI  REQUIREMENT DEVELOPMENT  SPECIFIC AND GENERIC GOALS  SG1: Develop CUSTOMER Requirement  SG2: Develop Product Requirement  SG3: Analyze.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
CI R1 LCO Review Panel Preliminary Report. General Comments –Provide clear definition of the goals of the phase (e.g. inception), the scope, etc. in order.
Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Improving performance, reducing risk Dr Apostolos Noulis, Lead Assessor, Business Development Mgr Thessaloniki, 02 June 2014 ISO Energy Management.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 5:Architectural Design l Establishing the overall structure of a software.
CSCE 548 Secure Software Development Risk-Based Security Testing
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Uncontrolled variation is the enemy of quality
IEEE Std 1074: Standard for Software Lifecycle
Security Engineering.
Download Latest CompTIA CAS-002 Exam Dumps PDF Questions - CAS-002 Best Study Material - Realexamdumps.com
NRC Cyber Security Regulatory Overview
Chapter 5 Designing the Architecture Shari L. Pfleeger Joanne M. Atlee
The University of Adelaide, School of Computer Science
An Urgent National Imperative
CIS12-3 IT Project Management
Operating Systems : Overview
Operating Systems : Overview
Introduction to Systems Analysis and Design Stefano Moshi Memorial University College System Analysis & Design BIT
Operating Systems : Overview
Operating Systems : Overview
Presentation transcript:

System-Aware Cyber Security Architecture Rick A. Jones October, 2011

Research Topic Description System-Aware Cyber Security Architecture –Addresses supply chain and insider threats –Embedded into the system to be protected –Includes physical systems as well as information systems Requires system engineering support tools for evaluating architectures factors To facilitate reusability requires establishment of candidate Design Pattern Templates and initiation of a design library –Security Design –System Impact Analyses 2ASRR 10/11 October 2011

Incorporating Recognized Security Functions into an Integrated System-Aware Security Solution Fault-Tolerance – Diverse Implementations of Common Functions – Data Continuity Checking via Voting Cyber Security – Moving Target with Diversity Physical Configuration Hopping Virtual Configuration Hopping – Adversary-Sensitive System Reconstruction Automatic Control Systems – Data Continuity Checking via State Estimation – System Identification Tactical Forensics 3ASRR 10/11 October 2011

System-Aware Security Architecture 4ASRR 10/11 October 2011 System to be Protected Inputs Outputs Internal Measurements System-Aware Security Sub-System Internal Controls

System-Aware Cyber Security Subsystem 5ASRR 10/11 October 2011 System-Aware Security Sub- System System Control Signaling Measurement Analysis Security Control Decisions Measurements System to be Protected Hopping & Restoral Control

System-Aware Security Analysis 6ASRR 10/11 October 2011 Mission-Risk Ranked System Functions (1) (2) (3) (4) … (N) Selected set for hopping Number of hopped functions System Latency Delay in compromise detection Mission Risk Rate of hopping System Latency

System-Aware Security for Facility Defense 7ASRR 10/11 October 2011

Facility Defense System to be Secured We consider a facility defense system consisting of: – Streaming sensors continuously monitoring discrete areas – Streaming Servers distributing sensor data, received over a wired network, to mobile users over a wireless broadcast network – Mobile users receiving alerts and streaming data regarding potential problems 8ASRR 10/11 October 2011

Illustrative Architectural Diagram for Candidate Facility Defense System for System-Aware Security 9

Potential Cyber Attacks Replay attacks masking malicious activity initiated through – Sensor system – Streaming servers – User devices DoS attacks addressed through redundancy – Sensor system – Streaming servers – Operational procedures and redundancy regarding user devices 10ASRR 10/11 October 2011

System-Aware Solution for Securing the Facility Defense System Replay attack defense – Diversely Redundant Streaming Sensors, with Voting (Data Continuity Checking) – Diversely Redundant, Virtually Hopped Streaming Servers – Diverse User Devices, with Rotating User Surveillance Assignments and Device Use – Mobile User based Data Continuity Checking DoS defense – Redundancy at the Sensor and Streaming server levels – Streaming servers / User feed back loops to enable redistribution of data and job responsibilities 11ASRR 10/11 October 2011

Illustrative System-Aware Solution Architecture 12

Observable Regions / User Fidelity Impacts of 3 Stream Continuous Voting 13

Observable Regions / User Fidelity Impacts of 3 Stream Continuous Voting Loss in User Presentation Fidelity 14

Observable Regions / User Fidelity Impacts of 3 Stream Continuous Voting Reduction in Maximum Observable Regions 15

Duty Cycle Voting for Increasing the Possible Number of Observable Regions Concept – Use of time division for voting permits an increase in the number of possible surveillance points – User compares streams concurrently received from multiple diversely redundant servers to discover discontinuities – 3 parameters can be utilized to govern voting Number of Observed Regions Deemed acceptable Voting Interval for data continuity checking across all regions Streaming period time allotted for continuity checking (Voting Time), which can be less than the Voting Interval – Given the Voting Time can be a subset of the Voting Interval, the use of time division can be utilized to manage information distribution over the broadcast network, interleaving multiple streams for voting users with single streams for other users who are not voting 16ASRR 10/11 October 2011

Illustrative System-Aware Solution Architecture with Duty Cycle Voting 17

Illustrative System-Aware Solution Architecture with Duty Cycle Voting 18

Illustrative System-Aware Solution Architecture with Duty Cycle Voting 19

Duty Cycle Voting for Increasing the Possible Number of Observable Regions User 3 Time Wireless Network Time User 2 User 1 Column Heights = Data / Time Interval 20

Observable Regions / User Fidelity Impacts of 3 Stream Continuous Voting 21

Additional Collateral System Impacts Common Cause Failures are reduced MTBF increases in relationship to the individual diverse component reliabilities Development cost increases based on the cost to develop voting and duty cycle management components, as well as to resolve lower level technical issues that may arise – Synchronization needs – Software integration – Performance impact measurements and enhancement needs (e.g. CPU utilization, memory, and energy usage) One time and life cycle cost increase in relationship to the increased complexity 22

Scoring Framework 23

Need: Methodology for Evaluating Alternative Security Solutions for a Particular System A methodology is required in order to clarify reasoning and prioritizations regarding unavoidable cyber security vagaries: – Relationships between solutions and adversarial responses – Multidimensional contributions of individual security services to complex attributes, such as deterrence Scores can be derived in many different forms – Single scalar value where bigger is better – 2 scalar values: (1) security value added, (2) system-level disvalues – Multi-objective component scores providing more transparency 24ASRR 10/11 October 2011

Metrics Attack phase-based security value factors: – Pre-Attack (Deterrence) – Trans-Attack (Defense) – Post-Attack (Restoration) Would include collateral system impact metrics for the security architecture: Performance Reliability, Safety Complexity, Costs 25ASRR 10/11 October 2011

26 System-Aware Security System Scoring Matrix Value Factors DeterrenceReal Time Defense Restor- ation Collateral System Impacts Implemen- tation Cost Life Cycle Cost Other Security Services Diversity (s 1 ) s 11 s 12 s 1j Hopping (s 2 ) s 21 s 22 s 2j Data Continuity Checking (s 3 ) s 31 s 32 s 3j Tactical Forensics (s 4 ) s 41 s 42 s 4j Other (s i )s i1 s i2 s ij Relative Value Weights k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 kjkj

ASRR 10/11 October System-Aware Security System Scoring Matrix Value Factors DeterrenceReal Time Defense Restor- ation Collateral System Impacts Implemen- tation Cost Life Cycle Cost Other Security Services Diversity (s 1 ) s 11 s 12 s 1j Hopping (s 2 ) s 21 s 22 s 2j Data Continuity Checking (s 3 ) s 31 s 32 s 3j Tactical Forensics (s 4 ) s 41 s 42 s 4j Other (s i )s i1 s i2 s ij Relative Value Weights k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 kjkj s ij = Assurance Level of the ith service as related to the jth value factor s ij = Quantized Assurance Level = 0…M Security Score Max Possible Score = n x M

28 Example Facility Defense Scoring Matrix Value Factors DeterrenceReal Time Defense Restor- ation Collateral System Impacts Implemen- tation Cost Life Cycle Cost Security Services Diversity (s 1 ) Hopping (s 2 ) Data Continuity Checking (s 3 ) Tactical Forensics (s 4 ) Relative Value Weights K 1 =0.30K 2 = 0.20k 3 =0.10K 4 = 0.20K 5 = 0.05K 6 = 0.15 Max Possible Score = 20Facility Defense Score = 11.5 Strongest Area is Restoration Weakest Area is Life Cycle Cost

On Going Exploration A practical methodology for determining Assurance Level Values Methodology for addressing uncertainty in assigning Assurance Level Values Methodology for utilizing Relative Value Weights Tradeoffs between scoring simplicity and transparency of results 29ASRR 10/11 October 2011

Structured Arguments for System Scoring Builds upon the legacy of work developed for safety and information assurance case evaluations Utilizes Goal Structuring Notation (GSN) for communicating arguments to support assigned scores in a repeatable and clear manner System-Aware security scoring arguments for a particular system architecture include: – Context supplied by the system owner and includes an available risk analysis for the system being protected and scoring guidelines – System supplier provides the list of security services to be applied and characterizes the purposes expected of security services that are deemed as most pertinent to reducing risk Specific claims about value factors and the anticipated effects of security services on these factors Explanations of how each security service is anticipated to impact specific value factor claims, including explicitly dividing each service into policy, process, and technology components with corresponding explanations of value 30

Simplified Diagrammatic Representation of a Structured Argument for Deterrence Scoring (1) Architectural Deterrence Claim Assigned suitable scores for deterrence Service Selection Strategy Decompose the Architecture to isolate, for the purposes of scoring, security services that address deterrence Data Continuity Service Claim Improves deterrence Diversity Service Claim Forensics Service Claim Hopping Service Claim See later slide Scoring Assignment Strategy Utilize experts to score service claims with accompanying rationale Context Risk analysis and scoring guidelines 31

Simplified Diagrammatic Representation of a Structured Argument for Deterrence Scoring (2) Data Continuity Service Claim Improves deterrence Data Continuity Service Claim (1) Exploitation design requires distributed exploit designers Data Continuity Service Claim (2) Exploitation design requires designers with deep systems knowledge Data Continuity Service Claim (n) ….. 32

Simplified Diagrammatic Representation of a Structured Argument for Deterrence Scoring (3) Data Continuity Service Claim Improves deterrence Data Continuity Service Claim (1) Exploitation design requires distributed exploit designers Red Team Evidence Document System Design Team Evidence Document Intelligence Analysis Evidence Document 33

Simplified Diagrammatic Representation of a Structured Argument for Deterrence Scoring (4) Data Continuity Service Claim Improves deterrence Data Continuity Service Claim (2) Exploitation design requires designers with deep systems knowledge System Design Team Evidence Document 34

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.