Presentation is loading. Please wait.

Presentation is loading. Please wait.

H.W. Chan, CSE Dept., CUHK1 Quantitative Evaluation for Operational Security - an Experiment [Ortalo et al., IEEE Transactions on Software Engineering,

Published byJair Bone Modified over 9 years ago

Similar presentations

Presentation on theme: "H.W. Chan, CSE Dept., CUHK1 Quantitative Evaluation for Operational Security - an Experiment [Ortalo et al., IEEE Transactions on Software Engineering,"— Presentation transcript:

1 H.W. Chan, CSE Dept., CUHK1 Quantitative Evaluation for Operational Security - an Experiment [Ortalo et al., IEEE Transactions on Software Engineering, Sept/Oct 1999] Group Meeting, Mar 7, 2000

2 H.W. Chan, CSE Dept., CUHK2 Outline n Introduction n The Approach: – Privilege graphs – Attack state graphs – Mathematical model n The experiment – setup and results n Discussion

3 H.W. Chan, CSE Dept., CUHK3 Introduction n System security has been usually discussed in terms of security requirements and policy – requires cooperation of all users – difficult for ordinary users to comprehend n A quantitative measure for system security is easier to comprehend – a figure representing the ‘degree of security’ of the system can be useful

4 H.W. Chan, CSE Dept., CUHK4 Quantifying security n Borrowing software reliability theory: – In reliability, a piece of software fails upon time of usage; the Mean Time To Failure quantify the reliability of the software – Similar, in security, a system can be breached upon effort of attacks; the Mean Effort to Breach can quantify the security of the system

5 H.W. Chan, CSE Dept., CUHK5 The Approach n Privilege graph: – node: a set of privileges owned by a user or set of users (e.g., a group in Unix) – arc: a vulnerability that cause a user owning one privilege to obtain another, e.g., X Y There is a method allowing a user owning privilege X to obtain privilege Y.

6 H.W. Chan, CSE Dept., CUHK6 Examples of vulnerabilities n Privilege subsets directly issued from the protection scheme n Direct security flaws, e.g., Trojan horse n System features exploited for attack –.rhosts,.xinitrc, setuid programs hwchan1 gds

7 H.W. Chan, CSE Dept., CUHK7 Privilege graph - example A X admin B P Finsider 1 2 3 4 5 6 7 Key 1: Y’s.rhosts is writable by X 2: X can guess Y’s password 3: X can modify Y’s.tcshrc 4: X is a member of Y 5: Y uses a program managed by X 6: X can modify a setuid program owned by Y 7: X is in Y’s.rhosts Key 1: Y’s.rhosts is writable by X 2: X can guess Y’s password 3: X can modify Y’s.tcshrc 4: X is a member of Y 5: Y uses a program managed by X 6: X can modify a setuid program owned by Y 7: X is in Y’s.rhosts

8 H.W. Chan, CSE Dept., CUHK8 Quantifying vulnerabilities n Each arc in the privilege graph should be assigned a weight to quantify the effort required for exploiting the vulnerability n Different factors should be considered, e.g., expertise, time and equipment n No good methods to do this yet!

9 H.W. Chan, CSE Dept., CUHK9 Attacker behavior n In an attack, an attacker begins with some minimal privileges, and wants to obtain some protected privileges. n In a privilege graph, the path from the attacker node to the target node describes the progress of attack: attacker target

10 H.W. Chan, CSE Dept., CUHK10 n There can be more than one paths from the attacker node to the target node – assumption: attacker does not know the shortest path n Two assumptions for attacker behavior – Total memory (TM): all possibilities of attack are considered at any stage of attack – Memoryless (ML): at each newly visited node, only attacks possible from that node are considered

11 H.W. Chan, CSE Dept., CUHK11 Attack state graphs (ML) IFI BFIX ABFIPX BFIPX FIX IP AIP AFIX

12 H.W. Chan, CSE Dept., CUHK12 Attack state graph (TM) IFI BFIX ABFIPX BFIPX FIX IP AIP AFIX FIP AFIP

13 H.W. Chan, CSE Dept., CUHK13 Mathematical Model n Assume the Markov model: – Probability of success in an attack before an amount of effort ‘e’ is spent is: P(e) = 1 - exp(-Le) – L is the rate of attack, and can be assigned as the weight of the vulnerability – thus, mean effort to succeed is 1/L

14 H.W. Chan, CSE Dept., CUHK14 – mean effort spent in state j is E j = 1/summation(L ji ), for all i belongs to out(j) – Mean Effort To security Failure (METF) from initial state k to state i is METF k = E k + summation(L ki *E k *METF i ), for all i belongs to out(k)

15 H.W. Chan, CSE Dept., CUHK15 The experiment n Setup: – Several hundred different workstations – 700 users sharing one global file system – privilege graphs, attacker state graph and METF computed every day from June 95 to Mar 97 (674 days) – vulnerabilities are classified into four levels and given rates 10^-1, 10^-2, 10^-3, 10^-4

16 H.W. Chan, CSE Dept., CUHK16 Results

17 H.W. Chan, CSE Dept., CUHK17 Conclusion and discussion n A preliminary investigation about the security evaluation of operational systems n The assignment of rates of the vulnerabilities is pretty arbitrary, but is key to the validity of the measurement

Download ppt "H.W. Chan, CSE Dept., CUHK1 Quantitative Evaluation for Operational Security - an Experiment [Ortalo et al., IEEE Transactions on Software Engineering,"

Similar presentations

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Operating system Part four Introduction to computer, 2nd semester, 2010/2011 Mr.Nael Aburas Faculty of Information.

Operating system Part four Introduction to computer, 2nd semester, 2010/2011 Mr.Nael Aburas Faculty of Information.
“A Map of Security Risks Associated with Using COTS” Ulf Lindqvist, Erland Jonssson IEEE Computer, June 1998 “Combining Internet connectivity and COTS-based.

“A Map of Security Risks Associated with Using COTS” Ulf Lindqvist, Erland Jonssson IEEE Computer, June 1998 “Combining Internet connectivity and COTS-based.
Artificial Intelligence Chapter 9 Heuristic Search Biointelligence Lab School of Computer Sci. & Eng. Seoul National University.

Artificial Intelligence Chapter 9 Heuristic Search Biointelligence Lab School of Computer Sci. & Eng. Seoul National University.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
A Kolmogorov Complexity Approach for Measuring Attack Path Complexity By Nwokedi C. Idika & Bharat Bhargava Presented by Bharat Bhargava.

A Kolmogorov Complexity Approach for Measuring Attack Path Complexity By Nwokedi C. Idika & Bharat Bhargava Presented by Bharat Bhargava.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Similar presentations

Ads by Google