Download presentation
Presentation is loading. Please wait.
Published byJessie Sanders Modified over 6 years ago
1
Yves Deswarte deswarte@laas.fr
Contribution of Quantitative Security Evaluation to Intrusion Detection Yves Deswarte RAID’96 16-19 September 1998
2
Security Evaluation Usual evaluation techniques:
evaluation criteria (TCSEC, ITSEC,...) : ~ qualitative risk analysis: (vulnerabilities, threats, consequences) they are static analyses rather than dynamic: “How was the system designed? ” rather than “How is it used? ” Quantitative evaluation objectives: trade-off security-usability monitor security evolution wrt. configuration changes identify the best possible improvements
3
Quantitative Evaluation Framework
Identification of security objectives: security policy Modeling vulnerabilities Building the possible intrusion process Computation of significative measures
4
Vulnerability Modeling: privilege graph
1) Y’s .rhosts is writable by X 2) X can guess Y's password 3) X can modify Y’s .tcshrc 4) X is a member of Y 5) Y uses a program managed by X 6) X can modify a setuid program owned by Y 7) X is in Y's .rhosts B P 1 A X admin F insider 2 4 5 6 7 3 node = a privilege set arc = a method to transfer privileges = vulnerability path = set of vulnerabilities that can be exploited by a possible intruder to reach a target weight assigned to each arc = assessment of the difficulty to exploit the vulnerability (time, expertise, equipment, collusion, ...)
5
Assumptions on the Intrusion Process
Intrusion Process = all the possible attack scenarios Basic Assumptions: the intruder knows only the vulnerabilities exploitable with his privileges the intruder will not exploit vulnerabilities which would give him privileges he already owns. and either: Total Memory (TM): the intruder considers all the vulnerabilities he has not yet exploited MemoryLess (ML): the intruder only considers the vulnerabilities reachable from the newly acquired privileges
6
Example of Intrusion Process
B P 1 A X admin F insider 2 4 5 6 7 3 ML Assumption TM Assumption 3 6 5 7 4 1 2 1 3 2 6 5 7 4
7
Quantitative Measures
Identify attacker-target couples For each couple, compute: METF-ML : mean effort to reach the target with assumption ML METF-TM : mean effort to reach the target with assumption TM Shortest Path : mean effort to run through the shortest path Number of Paths : number of paths from the attacker node to the target node
8
Experiment Objectives
Validate the approach: assess the measures pertinence wrt. security evolution study the feasibility of evaluation a “real system” Was not an objective: improve the security, correct the vulnerabilities
9
Experiment Context Distributed System: LAN, NFS Unix
700 users computers 21 months (June March 1997) 13 types of vulnerabilities (.rhosts, .*rc, passwords, etc.) 4 effort levels: Objectives:
10
Experiment Results - Example
11
Comparison with other Tools (I)
number of vulnerabilities METF-ML and METF-TM
12
Comparison with other Tools (II)
vulnerability numbers in each class METF-ML and METF-TM
13
Relationship with Intrusion Detection
Quantitative Evaluation Intrusion Detection: Privilege Graph model: to correlate user behavior with progression towards a target alarm rating according to the effort remaining to reach a target Intrusion Detection Quantitative Evaluation: to tune vulnerability weight according to user profile (Trojan Horses)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.