Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University.

Published byFredrick Coulbourne Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University."— Presentation transcript:

1 Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University

2 Structure of the presentation Introduction Introduction Motivation for adaptive security Motivation for adaptive security Common problem definition Common problem definition Formalization Formalization General adaptive model General adaptive model Mathematical description Mathematical description Methods of solution Methods of solution Contribution to practical tasks Contribution to practical tasks Adaptation for different types of security tasks Adaptation for different types of security tasks Illustrative samples of the adaptation Illustrative samples of the adaptation Implementation issues Implementation issues Verification issues Verification issues Related works Related works Conclusions Conclusions

3 Complex security systems Adaptive security problem definition Adaptive security problem definition Security process couldn’t be predetermined Security process couldn’t be predetermined Complete formalization couldn’t be provided Complete formalization couldn’t be provided Environment is complex and heterogeneous Environment is complex and heterogeneous Important practical security factors Important practical security factors Secondary place in overall information infrastructure Secondary place in overall information infrastructure Explicitly cross-disciplinary subject Explicitly cross-disciplinary subject Non uniform foundations for security tools and methods Non uniform foundations for security tools and methods Related trends in information security Related trends in information security International standardization (ISO: 17799, 15408, Industry: ISS, Capgemini) International standardization (ISO: 17799, 15408, Industry: ISS, Capgemini) Unifying local solutions to develop universal solutions Unifying local solutions to develop universal solutions Fuzzy problem definitions Fuzzy problem definitions Theoretical issues Practical issues

4 Adaptive information security Object of adaptation Object of adaptation General and special information security functions General and special information security functions Hardware and software information security tools Hardware and software information security tools Overall information security system Overall information security system Goals of adaptation Goals of adaptation Security object and environment identification Security object and environment identification Security process performance optimization Security process performance optimization General improving of information security General improving of information security Types of adaptation Types of adaptation Parameters adaptation Parameters adaptation Structure adaptation Structure adaptation Goal adaptation Goal adaptation Contribute to different types of security tasks Several tasks for adaptive security Simple and complex methods of the adaptation

5 Levels of security adaptation Distributed Network Local Network Standalone Workstation Formal methods and algorithms Cryptography, security models, etc. Local software and hardware Servers, Workstation, special software and hardware tools Communication protocols, special software and hardware

6 General Adaptive Security Model Analyzer Device Detector Device Responder Device Control Object Complex Security System Control Device Influence of the Environment Influence on the Environment XY U X / U / F Environment

7 Common formalization A task of adaptation is considered as a problem of optimal control of specified object F. State S of the object and its influence Y on the environment depends on influences Y of the environment and set of adaptable factors U. Goals Z of the adaptive control are defined by specific constraints on the state of the object. Security goals expressed as formal constraints on the state of the system Control Theory notions is used to describe dynamic security processes

8 Mathematical formalization Constraints expressed as: Where M x is a function for average-out by the states of the environment, and h /, g /, q / is actually measured systems parameters

9 Adaptive algorithms – adoptable parameters vector and vectors of the values of the criterion function measured from till moments of time – recurrent algorithm of the adaptation Process of adaptation in the adoptable factors space Process of adaptation in the system states space

10 Adaptation on different levels Formal methods Formal methods Model treated in notion of building blocks of formal algorithms Model treated in notion of building blocks of formal algorithms Integration of special adaptive algorithms in traditional tasks Integration of special adaptive algorithms in traditional tasks Standalone workstation Standalone workstation Adaptation in TCB Adaptation in TCB Fuzzy definition and special adaptive algorithms Fuzzy definition and special adaptive algorithms Local network Local network Adaptation in servers, workstations and security perimeter Adaptation in servers, workstations and security perimeter Evolutionary adaptation in agent-based models (cyber-warfare) Evolutionary adaptation in agent-based models (cyber-warfare) Distributed network Distributed network Adaptation in information channels Adaptation in information channels Redundancy and adaptive optimization Redundancy and adaptive optimization

11 Illustrative samples Adaptive self-scanning Adaptive self-scanning Level of adaptation: Workstation or Local Network level Level of adaptation: Workstation or Local Network level Goals: Improve general availability, decrease risk of DDoS attack Goals: Improve general availability, decrease risk of DDoS attack Solutions: Optimized searchless adaptive algorithms Solutions: Optimized searchless adaptive algorithms Security policy adaptation Security policy adaptation Level of adaptation: Workstation or Local Network Level of adaptation: Workstation or Local Network Goals: Improve overall security, decrease risk of attack propagation Goals: Improve overall security, decrease risk of attack propagation Solutions: Special stochastic adaptive algorithms Solutions: Special stochastic adaptive algorithms

12 Implementation issues Obstacles for the implementation Obstacles for the implementation Complexity of correct definition of goals and restrictions Complexity of correct definition of goals and restrictions Necessity of continuous system and environment identification Necessity of continuous system and environment identification Speed requirements for the adaptive algorithms Speed requirements for the adaptive algorithms Some methods of solution Some methods of solution Redundancy and optimization Redundancy and optimization Expert and analytical data usage Expert and analytical data usage Special algorithms from the Control Theory Special algorithms from the Control Theory

13 Verification issues Correct integration of adaptive security Correct integration of adaptive security Building secure system from insecure components Building secure system from insecure components Multi-level security Multi-level security Testing of practical adaptive systems Testing of practical adaptive systems Specification testing Specification testing Stressful testing Stressful testing Statistical contributions Statistical contributions

14 Related work Adaptation in special information security tasks Adaptation in special information security tasks Carney M., Loe B., A Comparison of Methods for Implementing Adaptive Security Policies Carney M., Loe B., A Comparison of Methods for Implementing Adaptive Security Policies Reiher P., Eustice K., Sung K.-M., Adapting Encrypted Data Streams in Open Architectures Reiher P., Eustice K., Sung K.-M., Adapting Encrypted Data Streams in Open Architectures Lee W., Cabrera J., Thomas A., Balwalli N., Saluja S., Zhang Y., Performance Adaptation in Real-Time Intrusion Detection Systems Lee W., Cabrera J., Thomas A., Balwalli N., Saluja S., Zhang Y., Performance Adaptation in Real-Time Intrusion Detection Systems Adaptation in broader context Adaptation in broader context Badrinath B., Fox A., Kleinrock L., Popek G., Reiher P., Satyanarayanan M., A Conceptual Framework for Network and Client Adaptation Badrinath B., Fox A., Kleinrock L., Popek G., Reiher P., Satyanarayanan M., A Conceptual Framework for Network and Client Adaptation Marcus L., Local and Global Requirements in an Adaptive Security Infrastructure Marcus L., Local and Global Requirements in an Adaptive Security Infrastructure

15 Conclusions Adaptation in Security Context Adaptation in Security Context Advantages Advantages Contribution to the real-world information security with fuzzy definition and uncertain conditions Contribution to the real-world information security with fuzzy definition and uncertain conditions Access to the methods and tools from the Control Theory for the needs of the adaptation Access to the methods and tools from the Control Theory for the needs of the adaptation Disadvantages Disadvantages Effectiveness is very dependant on the correct definition of security goals Effectiveness is very dependant on the correct definition of security goals The additional resources required for the adaptation processes The additional resources required for the adaptation processes Further work Further work Development and analysis of adaptive algorithms for specific security problems Development and analysis of adaptive algorithms for specific security problems Research of the usage of statistical methods for optimization and verification of the adaptive systems Research of the usage of statistical methods for optimization and verification of the adaptive systems

16 Thank you!

Download ppt "Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University."

Similar presentations

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.
1 Integrity Service Excellence Complex Information Systems 19 Mar 13 Robert J. Bonneau, Ph.D. AFOSR/RTC.

1 Integrity Service Excellence Complex Information Systems 19 Mar 13 Robert J. Bonneau, Ph.D. AFOSR/RTC.
ISWC Doctoral Symposium Monday, 7 November 2005

ISWC Doctoral Symposium Monday, 7 November 2005
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

1 An Adaptive GA for Multi Objective Flexible Manufacturing Systems A. Younes, H. Ghenniwa, S. Areibi uoguelph.ca.

1 An Adaptive GA for Multi Objective Flexible Manufacturing Systems A. Younes, H. Ghenniwa, S. Areibi uoguelph.ca.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Data - Information - Knowledge

Data - Information - Knowledge
8.

8.
1 Sensor Networks and Networked Societies of Artifacts Jose Rolim University of Geneva.

1 Sensor Networks and Networked Societies of Artifacts Jose Rolim University of Geneva.
FIN 685: Risk Management Topic 5: Simulation Larry Schrenk, Instructor.

FIN 685: Risk Management Topic 5: Simulation Larry Schrenk, Instructor.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.

Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.

1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
High-Level System Design Using Foresight Giovanna Di Marzo Serugendo IT / CE.

High-Level System Design Using Foresight Giovanna Di Marzo Serugendo IT / CE.
Systems Engineer An engineer who specializes in the implementation of production systems This material is based upon work supported by the National Science.

Systems Engineer An engineer who specializes in the implementation of production systems This material is based upon work supported by the National Science.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

Similar presentations

Ads by Google