Presentation is loading. Please wait.

Presentation is loading. Please wait.

Casey Fung Network Centric Operations, Boeing Phantom Works

Published byСава Ранковић Modified over 6 years ago

Similar presentations

Presentation on theme: "Casey Fung Network Centric Operations, Boeing Phantom Works"— Presentation transcript:

1 Survivability Analysis of Distributed Systems Using Attack Tree Methodology
Casey Fung Network Centric Operations, Boeing Phantom Works Yi-Liang Chen, Xinyu Wang, Joseph Lee, Richard Tarquini, Mark Anderson Rockwell Scientific Co. Richard Linger SEI/Camegie Mellon University From Military Communication Conference, 2005.

2 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

3 OPLab, Institute of IM, NTU
Introduction Survivability analysis identify the system components susceptible to attacks and to quantify their capabilities to survive the attacks. Attack tree methodology is adopted here to analyze survivability of distributed system with SOA. 有三種survivability analysis的方法 network specification, attack tree, graph representation 2019/2/24 OPLab, Institute of IM, NTU

4 OPLab, Institute of IM, NTU
Introduction A system with SOA A composition of services Being employed to fulfill a system mission objective. The definition of survivability The capability of system services to fulfill the mission objectives in the presence of malicious attacks and/or partial system failures. The attacker’s mission objective is decomposed into sub-components repeatedly until basic attack operation elements are reached at which attacks can be launched. 2019/2/24 OPLab, Institute of IM, NTU

5 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

6 Sample Distributed System Model
The model describes the integrated middleware solution for discovery and distribution for information across MANET 2019/2/24 OPLab, Institute of IM, NTU

7 Sample Distributed System Model
Admin Admin: Responsible for initialization and configuration of other service components. 2019/2/24 OPLab, Institute of IM, NTU

8 Sample Distributed System Model
The InfoBroker (IB) components operate and manage various Channels for different types of information and documents. 2019/2/24 OPLab, Institute of IM, NTU

9 Sample Distributed System Model
QoS QoS: The Quality-of-Service monitor the network traffic as well as the status and behaviors of the other system components and their host platforms. 2019/2/24 OPLab, Institute of IM, NTU

10 Sample Distributed System Model
The Discovery Service (DS) components assist the Publisher and Subscribers to locate the Channel of a particular information/documents of interests. 2019/2/24 OPLab, Institute of IM, NTU

11 Sample Distributed System Model
Pub Sub Pub & Sub: They are not mutually-exclusive. Flow Information flows that occur during the live cycles of the application. 2019/2/24 OPLab, Institute of IM, NTU

12 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

13 Attack Tree Analysis Methodology
The basic principle of attack tree analysis methodology Step 1: Find out the critical mission object of the system as the root node, G0. Step 2: Decompose the upper layer nodes into one or several nodes, each of which should be compromised first. Step 3: Associate those nodes with OR/AND logic relation. Step 4: Repeat Step 2 & 3 in all branches of the tree untill the attacks located in the leaf can be launched independently. 2019/2/24 OPLab, Institute of IM, NTU

14 Attack Tree Analysis Methodology
2019/2/24 OPLab, Institute of IM, NTU

15 Attack Tree Analysis Methodology
Attack tree construction for sample system Two major types of missions in the sample system: The delivery of Commands and Controls (C2) related information. The delivery of Situation Awareness (SA) related information. Those two mission above can be consolidated into the critical one, namely, the CIA of information in the channels. 2019/2/24 OPLab, Institute of IM, NTU

16 Attack Tree Analysis Methodology
Other observations of the operations in the system The Admin is critical only during the initialization and configuration. The Discovery Service is critical to the mission during the registration of the Publishers and Subscribers. The InforBroker is critical if it contains and manages critical channels for the mission. The QoS is critical if it monitors other components related to critical channels or if it manages the QoS contracts related to critical channels. A Publishers/Subscribers becomes critical when it publishes/subscribes to a critical channel. 2019/2/24 OPLab, Institute of IM, NTU

17 Attack Tree Analysis Methodology
2019/2/24 OPLab, Institute of IM, NTU

18 Attack Tree Analysis Methodology
To disrupt the CC creation, it is achievable through disrupting of either the PUB, or the SUB, or the DS, as represented by a logical OR relationship in the attack tree construction. 2019/2/24 OPLab, Institute of IM, NTU

19 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

20 OPLab, Institute of IM, NTU
Intrusion Scenarios Two representations are adopted A vector represents the logical OR relationship among vector element. A multiply symbol represents the logical AND relationship between two multiplicands. 2019/2/24 OPLab, Institute of IM, NTU

21 OPLab, Institute of IM, NTU
Intrusion Scenarios 2019/2/24 OPLab, Institute of IM, NTU

22 OPLab, Institute of IM, NTU
Intrusion Scenarios Some observations The five groups of intrusion scenarios correspond to five second-level attack tree decompositions. In both Group 1 and Group 5, the CIA mission is compromised if any elements in the group is disrupted. That is, the intrusions scenarios are G1, G2, G3, G15, G16, G17, G18 The total number of intrusion scenario is 25. 2019/2/24 OPLab, Institute of IM, NTU

23 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

24 Survivability Analysis
Survivability is a measure of how well the systems can survive attacks. Relate the difficulty level for attacks with the survivability level of the system. We quantitatively define survivability as the minimal cost function to compromise the mission objective with respect to all possible intrusion scenarios. 2019/2/24 OPLab, Institute of IM, NTU

25 Survivability Analysis
The leaf nodes resulting from intrusion analysis are denoted as Gn, n = 1, 2, …, N, where N is the total number of unique leaf nodes. The level of difficulty of launching attacks on the corresponding leaf nodes are denoted as Dn, n = 1, 2, …, N. 2019/2/24 OPLab, Institute of IM, NTU

26 Survivability Analysis
Suppose there are a total of M intrusion scenarios, the mth intrusion scenario is denoted as wherein Gm1, …, GmIm are the list of leaf nodes under mth intrusion scenario, and Im is the total number leaf nodes under the mth intrusion scenario. 2019/2/24 OPLab, Institute of IM, NTU

27 Survivability Analysis
The cost function to compromise mission objective via the mth intrusion scenario is defined as To make the methodology tractable, we simplify the function f to a numerical summation function as 2019/2/24 OPLab, Institute of IM, NTU

28 Survivability Analysis
The quantitative measure of survivability is represented by The underlining assumption is that the system survivability is determined by the weakest link among all intrusion scenarios 2019/2/24 OPLab, Institute of IM, NTU

29 Survivability Analysis
To calculate survivability, we need to find both There exists two puzzles The intrusion analysis solves the first problem of finding {mi} where all intrusion scenarios and their leaf node compositions are derived. The second problem of finding {Di} requires investigation of the possible attack patterns on those leaf nodes. 2019/2/24 OPLab, Institute of IM, NTU

30 Survivability Analysis
To demonstrate the methodology, we estimate the difficulty level by our experience. There are ten difficulty levels with 10 being the most difficult and 1 being the easiest. The attack patterns investigation on leaf nodes requires knowledge of implementation details of the system as well as state-of-the-art attack tools and software. 2019/2/24 OPLab, Institute of IM, NTU

31 Survivability Analysis
Some rules used Synchronized attack is the most difficult, while physical disruption through jamming is the easiest. Attack of PUB/SUB/DS/IB node can be from any layer of computer network. The level of attack difficulty increases as network layer moves up, i.e., application > transport > routing > MAC. Knowledge of packet format, network node address, and protocol at a particular layer is needed to launch attack targeting that layer. Eavesdropping requires application layer attack. PUB and SUB are easier to disrupt than IB and DS. 2019/2/24 OPLab, Institute of IM, NTU

32 Survivability Analysis
We can obtain the result from a sequence of survivability analysis The survivability of the system is the minimum of all intrusion cost functions from all give groups, which gives a value of 1. (Group 5, G18 = 1, disrupt physical layer) Taking all five groups of intrusion scenario into account, it is easy to see that disrupting physical layer and MAC layer are the easiest. Therefore, these two require the most attention in the design of a distributed system. (Group 5, G17 = 3, disrupt MAC layer) 2019/2/24 OPLab, Institute of IM, NTU

33 OPLab, Institute of IM, NTU
Outline Introduction Sample Distributed System Model Attack Tree Analysis Methodology Intrusion Scenarios Survivability Analysis Conclusion 2019/2/24 OPLab, Institute of IM, NTU

34 OPLab, Institute of IM, NTU
Conclusion From this case study, we identified the components that could be penetrated and damaged by intrusion and provided valuable suggestions to enhance system survivability design. For future study, we would focus on the simplifying assumption that fm is a numerical summation function. Address the problem of normalizing the difficulty metrics so that their additive property is valid. 2019/2/24 OPLab, Institute of IM, NTU

Download ppt "Casey Fung Network Centric Operations, Boeing Phantom Works"

Similar presentations

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Report on Common Intrusion Detection Framework By Ganesh Godavari.

Report on Common Intrusion Detection Framework By Ganesh Godavari.
Alternative Approach to Systems Analysis Structured analysis

Alternative Approach to Systems Analysis Structured analysis
ARCH-01: Introduction to the OpenEdge™ Reference Architecture Don Sorcinelli Applied Technology Group.

ARCH-01: Introduction to the OpenEdge™ Reference Architecture Don Sorcinelli Applied Technology Group.
Decision Making: An Introduction 1. 2 Decision Making Decision Making is a process of choosing among two or more alternative courses of action for the.

Decision Making: An Introduction 1. 2 Decision Making Decision Making is a process of choosing among two or more alternative courses of action for the.
0 AT&L Service-oriented Architecture (SOA) Demonstration Briefing Presented: DAMIR Conference - October 30 and 31, 2007 Gary R. Bliss Acquisition Resource.

0 AT&L Service-oriented Architecture (SOA) Demonstration Briefing Presented: DAMIR Conference - October 30 and 31, 2007 Gary R. Bliss Acquisition Resource.
Factor Analysis There are two main types of factor analysis:

Factor Analysis There are two main types of factor analysis:
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.

1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.
Kendall & KendallCopyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall 9 Kendall & Kendall Systems Analysis and Design, 9e Process Specifications.

Kendall & KendallCopyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall 9 Kendall & Kendall Systems Analysis and Design, 9e Process Specifications.
Software Architecture. Agenda Why architect? What is architecture? What does an architect do? What principles guide the process of architecting?

Software Architecture. Agenda " Why architect? " What is architecture? " What does an architect do? " What principles guide the process of architecting?
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Chapter 6: The Traditional Approach to Requirements

Chapter 6: The Traditional Approach to Requirements
Game theoretic models for detecting network intrusions OPLab 1.

Game theoretic models for detecting network intrusions OPLab 1.
Architecting secure software systems

Architecting secure software systems
Trust-based Multi-Objective Optimization for Node-to-Task Assignment in Coalition Networks 1 Jin-Hee Cho, Ing-Ray Chen, Yating Wang, and Kevin S. Chan.

Trust-based Multi-Objective Optimization for Node-to-Task Assignment in Coalition Networks 1 Jin-Hee Cho, Ing-Ray Chen, Yating Wang, and Kevin S. Chan.
An Introduction to Software Architecture

An Introduction to Software Architecture
9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.

9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.

Similar presentations

Ads by Google