Presentation is loading. Please wait.

Presentation is loading. Please wait.

O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY A Systems Development and Implementation Study for 21st Century Software and Security Third.

Published byCandace Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY A Systems Development and Implementation Study for 21st Century Software and Security Third."— Presentation transcript:

1 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY A Systems Development and Implementation Study for 21st Century Software and Security Third Cyber Security and Information Infrastructure Research Workshop May 2007 Andrew Loebl, James Nutaro, and Teja Kuruganti Oak Ridge National Laboratory {loeblas,nutarojj,kurugantipv}@ornl.gov Rajanikanth Jammalamadaka University of Arizona rajani@ece.arizona.edu

2 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY This work was inspired by the lead author’s experience with projects implementing the Revolution in Military Affairs. This concept development was not funded by any combination of work related to any of these projects.

3 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Complex (not merely complicated), continuously evolving, interdependent elements that exhibit functionality far beyond our current “system of systems” concepts. Design and implementation merge with updates and configuration management. Systems operate naturally within a domain of constant conflict and failure while delivering intended results. * May not be distinguishable as hardware or software What Is A Modern ‘Software’ * System?

4 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Research: Human Attributes Respected Machine Attributes Respected Computational Emergence Foundations for Analysis and Design Adaptive Infrastructure Adaptive and Predictable System Quality Policy, Acquisition, and Management Generation Characteristics: Fast and Correct Development Ultra large-, ultra small-scale Ultra high-quality, and/or ultra high consistency Beyond complexity and cost limits of currently available hardware and education Moore was correct 20 th Century technology, concepts, and methods will not suffice Shaping the Future of Modern Systems

5 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Imbedded systems are rapidly replacing desktop systems for critical applications Imbedded systems are becoming more powerful and more flexible Imbedded systems will be the invisible systems of the future, with no owner, no administrator, no upgrades or patches, ubiquitous (some negatives here), not stealthy as objective Modern Systems Attributes include; Networked, Imbedded

6 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Vulnerable systems will be difficult to locate, and impossible to “fix” Attackers will use imbedded systems to move silently through the network Our current work in network security does not handle this new paradigm well At risk will be everything from consumer products to critical infrastructures Implications of Network Imbedded Systems

7 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Modern Applications Systems Will Be Developed with A Discipline Practiced Only in the Earliest Years of Systems Development Computational Methods Formalized: Provable solutions Mathematically verifiable Numerically and computationally closed to insertion or extraction tested piecemeal Formal Development Framework(s) Standards Evolutionary development Model based development Quantifiable definitions of performance metrics Functional/operational decomposition Completeness Security/integrity

8 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Motivating Factors for Analyzing Security and Information Assurance Requirements for Digitally Based Systems  Complexity  Expectations  Reliability  Pervasiveness  Ubiquity  Integration

9 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Characteristics for a Preliminary Model for Information Assurance and Systems Security  Security related requirements analysis executed  Security and performance requirements empirically understood  Marginal additional assurance of measures considered better understood  Cost consequences in two dimensions better understood

10 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Notional Vulnerability Model Offered for Illustration  Only singular threats considered  Illustrate specification needed to inform requirements determination and design decisions  Expected operational life time of a threat  Appraise performance metrics for essential security processes  Describes expected operational life-time of a threat in terms of; identification and elimination

11 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY A Probabilistic Model Formulation  D(td) denotes the probability of identifying the attack within the time interval [0, td] after the attack has begun.  [K(t)|D(td)] is the conditional probability of neutralizing the attack at time t given that the attack was identified at time td.  Dc(td) denotes the probability of not identifying the attack within the time interval [0, td]  [K(t)|Dc(td)] denotes the probability of neutralizing the attack before it is identified  K(t) is probability of neutralizing the attack after a time t, as described by Baye’s theorem as K(t) = [K(t)|D(td)]D(td) + [K(t)|Dc(td)]Dc(td)  [K(t)|Dc(td)] = 0. Therefore, K(t) is K(t) = [K(t)|D(td)]D(td) (The expected lifetime of an attack.)

12 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Notional (cont’d)  k(t) denotes the probability density function of K(t) This is the quantified vulnerability

13 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Example 1; GPS Jamming  D(td) denotes the time, in minutes, to detect jammer,  [K(t)|D(td)] is a random variable denoting the time, again in minutes, to kill jammer following detection  D(td) is a triangular distribution with [0, 60] minutes as end points and a mode of 30  [K(t)|D(td)] is a triangular distribution with [0, 10] minutes as end points and a mode of 5 minutes

14 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Example 1; GPS Jamming (con’t)  K(t) time needed to kill the jammer is expected attack lifetime is = 30 minutes

15 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Empirical Understanding Is Valuable  Other distributions of jammer detection and jammer elimination capabilities evaluated in simulations  Adequacy of a requirement to detect within a critical time period can be evaluated  Fundamental relationship between detection and elimination can be studied  Cost to protect against jamming for which durations can be evaluated  Cost to protect against jamming versus other independent threats, like denial of service, can be evaluated  Through and empirical determination, a host of assumptions and scenarios can be evaluated  With experience, other threats can be evaluated, but our notional model must be improved

16 O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY Conclusions  research needed to develop a quantitative, model based, requirements analysis methodology for security and assurance of vulnerable systems and information for many classes of threat  methods will help produce testable, model based requirements that contribute to security and assurance  requirements thus produced can be validated  validations and extents can be communicated clearly to stakeholders and developers, to provide a objective bases for system verification.  significant reduction in lifetime system costs can accrue  through a quantifiable understanding of requirements and effective, but not merely redundant, application of measures  extent of experimental development needed to combine and improve measures  help to inform decision makers about realistic system performance expectations  ensure that performance expectations are met through more adequate and less expensive system verification, and  reduce system maintenance costs for this assurance and security purpose.

Download ppt "O AK R IDGE N ATIONAL L ABORATORY U. S. D EPARTMENT OF E NERGY A Systems Development and Implementation Study for 21st Century Software and Security Third."

Similar presentations

Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.

Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.
Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.

Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.
Lecture 5 Themes in this session Building and managing the data warehouse Data extraction and transformation Technical issues.

Lecture 5 Themes in this session Building and managing the data warehouse Data extraction and transformation Technical issues.
Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.
What is Software Engineering? And why is it so hard?

What is Software Engineering? And why is it so hard?
Software Quality Metrics

Software Quality Metrics
The Architecture Design Process

The Architecture Design Process
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.

Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Software Architecture Quality. Outline Importance of assessing software architecture Better predict the quality of the system to be built How to improve.

Software Architecture Quality. Outline Importance of assessing software architecture Better predict the quality of the system to be built How to improve.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Cloud Usability Framework

Cloud Usability Framework
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
Information Technology Audit

Information Technology Audit
Computer Simulation A Laboratory to Evaluate “What-if” Questions.

Computer Simulation A Laboratory to Evaluate “What-if” Questions.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Similar presentations

Ads by Google