Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Offense vs. Cyber Defense: A Theoretical Framework

Published byFay Terry Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Offense vs. Cyber Defense: A Theoretical Framework"— Presentation transcript:

1 Cyber Offense vs. Cyber Defense: A Theoretical Framework
Hwee-Joo Kam, D.Sc., Ferris State University Shuyuan Mary Ho, Ph.D., Florida State University Pairin Katerattanakul, Ph.D., Western Michigan University

2 Research Objectives Investigate the differences in activities, goals, roles, divisions of labor, and rules between system engineers and penetration testers Develop a behavioral model Close the gap between Cyber offense and Cyber defense Contribute viable suggestions and practical implications for securing information

3 Cyber Offense vs. Defense
Penetration testing ascribed to cyber offense Penetration testers launch tests that emulate the real- life cyberattack System engineering ascribed to cyber defense System engineers have to secure IT infrastructure (i.e. web server) in addition to enable system functionalities

4 Activity Theory Focuses on the interaction among subjects (i.e. actors like pen testers and system engineers) to Identify important concepts (i.e. behavioral model) Suggest mechanisms of certain occurrences Explain how and why system engineers or penetration testers behave in certain ways

5 Research Framework

6 Principles of Activity Theory
Principle 1: Unit of analysis Activity system with actions, operations and goals Principle 2: Multi-Voicedness Multiple perspectives, traditions, and interests in activity systems Principle 3: History Past actions taken Recurring patterns in the past actions

7 Principles of Activity Theory
Principle 4: Contradiction Structural tensions among activities systems Cyber offense vs. defense: proactive vs. reactive Principle 5: Expansive Cycles Objects are transformed because of a collaborative, deliberate change effort E.g. a drastic change in system configuration

8 Participants Will involve two groups of students:
Blue team vs. red team One group will take the role of system engineers The other will take role of penetration testers. Each group will consist of 3-5 participants Senior or graduate students with a major in information security State University designated as the Center of Excellence in Information Assurance by the NSA and DHS

9 Cybersecurity Laboratory Experiment
Michigan Cyber Range Sandbox environment Build a vulnerable server XSS SQL Injection Session hijacking ARP poisoning

10 Cybersecurity Laboratory Experiment
System Protection Penetration Testing Description Difficulty Level Difficulty Level Check for any unused open ports. 1 Scan for all the available ports. Close the unused open ports. Exploit the unused open ports using proxy software. Identify users with administrator privileges. 2 Identify users with administrator privileges. Reassign the privileges to users in (3) based on the principle of least privilege. 3 Launch dictionary attack and/or brute force attack using the usernames of users found in (3).

11 Matrix for Data Analysis
Principles Key Areas in Research Data Collection Expected Findings Activity system as unit of analysis Study how each group achieves its goal Report, log files Actions, Operations Multi- voicedness System evaluation from each group, motivation factors Report, interviews Group motivation Historicity Study the pattern of actions taken Rules and division of labor

12 Matrix for Data Analysis
Principles Key Areas in Research Data Collection Expected Findings Contradictions Study the conflicts and between system engineers and pen testers. Report, interviews The social norms (rules) and values in each group Expansive cycles Study any changes occurred during the collaboration between two groups. Transformation of Web server and key activities that cause major changes to the Web server

Download ppt "Cyber Offense vs. Cyber Defense: A Theoretical Framework"

Similar presentations

3/10/07ACM SIGCSE'071 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department.

3/10/07ACM SIGCSE'071 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department.
Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Activity theory. Outline Introduction Philosophical background Evolution of Activity theory –from Vygotsky to Engeström Main concepts and principles Implications.

Activity theory. Outline Introduction Philosophical background Evolution of Activity theory –from Vygotsky to Engeström Main concepts and principles Implications.
Kazuya Sakai Graduate Student Dept. of CSSE, Auburn University Ch 8.6 Using Theoretical Framework.

Kazuya Sakai Graduate Student Dept. of CSSE, Auburn University Ch 8.6 Using Theoretical Framework.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Sydney, October 1 th Limits and potentialities for interactive classes in a multimodal and multimedia web conferencing system Sílvia Dotta, Juliana Braga,

Sydney, October 1 th Limits and potentialities for interactive classes in a multimodal and multimedia web conferencing system Sílvia Dotta, Juliana Braga,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1 Autonomic Computing An Introduction Guenter Kickinger.

1 Autonomic Computing An Introduction Guenter Kickinger.
A Security Review Process for Existing Software Applications

A Security Review Process for Existing Software Applications
Towards an activity-oriented and context-aware collaborative working environments Presented by: Ince T Wangsa Supervised by:

Towards an activity-oriented and context-aware collaborative working environments Presented by: Ince T Wangsa Supervised by:
The Evolution of Management Thought

The Evolution of Management Thought
Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.

Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.
ACTIVITY THEORY AND HUMAN-COMPUTER INTERACTION Simon Tan CS 260, Spring 2009.

ACTIVITY THEORY AND HUMAN-COMPUTER INTERACTION Simon Tan CS 260, Spring 2009.

Similar presentations

Ads by Google