Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Role of Deception in CND & IO Dr. Stilianos Vidalis Information Security Research Group J133 – School of Computing University of Glamorgan 0044 (0)1443.

Published byMaya Hewitt Modified over 11 years ago

Similar presentations

Presentation on theme: "The Role of Deception in CND & IO Dr. Stilianos Vidalis Information Security Research Group J133 – School of Computing University of Glamorgan 0044 (0)1443."— Presentation transcript:

1 The Role of Deception in CND & IO Dr. Stilianos Vidalis Information Security Research Group J133 – School of Computing University of Glamorgan 0044 (0)1443 482731 svidalis@glam.ac.uk

2 Pro-logos At the beginning there was light… …then the cosmos… …then all the species… …and finally there was WAR!!!

3 Threat Assessment A threat assessment is a statement of threats that are related to vulnerabilities, an organisations assets, and threat agents, and also a statement of the believed capabilities that those threat agents possess. Threat = f (Motivation, Capability, Opportunity, Impact)

4 Motivation Motivation is the degree to which a threat agent is prepared to implement a threat. The motivational factors are the elements that drive a threat agent to consider attacking a computer system: political, secular, personal gain, religious, revenge, power, terrorism, and curiosity Q: Can we deceive Them in believing that they do not want to target us?

5 Capability Capability is the degree to which a threat agent is able to implement a threat: The availability of a number of tools and techniques to implement an attack, and the ability to use the tools and techniques correctly. The availability of education and training to support the correct use of various tools and techniques. The level of resource that a threat agent has, or can acquire over a certain time. Q: Can we deceive Them in believing that they are not able to target us?

6 Opportunity The easiest of the 3 to manage? Opportunity can be defined as a favourable occasion for action. Past: make sure that threat agents will be in no position of creating or exploiting opportunities. Present: Risk is not managed by as but by the threat agents, so concentrate on Motivation

7 Threat Agents? The term threat agent is used to denote an individual or group that can manifest a threat. Hackers are good people!!!....

8 Threat Agent Categories Threat Agents Non-Target Specific Contractors Staff Worms Bacteria Viruses Trojans Logic Bombs Trapdoors Natural Disasters ESA Terrorists Organized Crime Corporation Nation States Employees Fatria (national) Gangs (city) Gangs (blocks) Competitors Partners Maintenance Staff Cleaners Operations Staff Guards Anarchists Religious Political Fatria (international) Governments Religious Followers Extremists General Public Vandals Activists Enthusiasts Media Political parties Fire Flood Lightning Vermin Wind Sand Frost Earthquake

9 Why do we analyse Them? It is a game, the aim: achieve information superiority We need to understand what motivates them We need to know of their technical and educational capability We need to know how they think Security has to be proactive and not reactive

10 How do we analyse Them? We start by identifying them: Threat agent catalogue Historical threat agent data Environmental reports Knowledge of personnel Stakeholder List

11 How do we analyse Them? Vulnerabilities Threat Agents Motivation Opportunity Capability

12 How do we analyse Them? Capability: capability metrics available on request Opportunity: Access to Information Changing Technologies Target Vulnerability Target profile Public Perception Motivation

13 InfoSec Requirements …the activities to protect hardware, software and intangible information at the hardware and software levels (E. Waltz) Information has three abstractions: data, information & knowledge When threat agents acquire knowledge then they are able to launch active attacks with high probability of success. Q: How do we ensure information superiority?

14 IO Taxonomy IO LayerFunctionNETWAR Offence PerceptualManage perception, Disrupt decision processes PSYOPS, Deception InformationDominate information infrastructureNETOPS PhysicalBreak things…, Incapacitate/kill peoplePhysical destruction Defence PerceptualProtect perceptions and decision-making processes Intelligence, Counterintelligence InformationProtect information infrastructureINFOSEC PhysicalProtect operations, protect peopleOPSEC

15 What do we do!!! Could we possibly deceive threat agents? Through deception we can manage our adversarys perception and disrupt his decision-making processes. The outcome can be twofold: either the defenders have time to react and deploy the necessary countermeasures (or finely tune the existing ones), or the threat agent will call off the attack and return to the information gathering process in order to re-examine his plan of action.

16 Is there a limit? Facts: Infrastructures follow a certain logic which allows threat agents to easily enumerate them Administrators introduce vulnerabilities to their system in order to make their lives easier The users of a system are its biggest vulnerability Argument: Can we use deception techniques on our own users?

17 Security through Deception Actions executed to deliberately mislead adversary military decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions that will contribute to the accomplishment of the friendly mission Deception can be used in two ways for ensuring security: Simulating – showing the false, drawing attention away from the real Dissimulating – hiding the real, producing confusion about what is real

18 Technical Solution G4DS – system that brings enterprises together in virtual communities in order to identify and monitor threat agents Virtual Honeypots – system that takes input from G4DS in order to perform near real-time threat agent deception

19 Deception Methodology Everything should be dedicated to the execution of the deception Intelligence must be brought fully into the picture Intelligence must be assessed Secrecy must be enforced The deception plan must be designed at the top levels Full implementation & consistency of all elements of deception Deception must be continuous

20 Epi-logos Need to move reference point from risk assessment to threat assessment Need to be able to identify and monitor threat agents Hackers are good people!!! G4DS – system that brings enterprises together in virtual communities in order to identify and monitor threat agents Virtual Honeypots – system that takes input from G4DS in order to perform near real-time threat agent deception

21 Questions?

Download ppt "The Role of Deception in CND & IO Dr. Stilianos Vidalis Information Security Research Group J133 – School of Computing University of Glamorgan 0044 (0)1443."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Introduction to Information Operations Attaché Corps- SEP 09

Introduction to Information Operations Attaché Corps- SEP 09
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Disaster Emergency Management BY: ELLIAS NARDINI INTERNATIONAL REPRESENTATIVE & GENERAL AGENT APPLIED TRAINING SOLUTIONS, LLC 8527 CHASE GLEN CIRCLE FAIRFAX,

Disaster Emergency Management BY: ELLIAS NARDINI INTERNATIONAL REPRESENTATIVE & GENERAL AGENT APPLIED TRAINING SOLUTIONS, LLC 8527 CHASE GLEN CIRCLE FAIRFAX,
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Acquiring Information Systems and Applications

Acquiring Information Systems and Applications
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Similar presentations

Ads by Google