1st Graduate Students Conference Computer Science Department - - PowerPoint PPT Presentation

1st Graduate Students Conference

Computer Science Department October 25th, 2019

sad

Senior Software Security Engineer Sphynx Technology Solutions AG (CH,CY) Email: smyrlis@sphynx.ch PhD Candidate School of Mathematics, Computer Science and Engineering City, University of London (UK) Email: Michail.Smyrlis.2@city.ac.uk

About me

2018 - 2019

UG Student, Computer Science Department, University of Crete (GR)

2012-2016

Research Assistant, CeNACS, City, University of London (UK)

2016- 2019

Se Senio ior So Software Se Secu curit ity Engin ineer, Sphynx Technology Solutions AG (CH) PhD Candidate, City, University of London (UK)

2019 - Present

Software Security Engineer Empelor GmbH (CH)

2016-2019

PhD Student, City, University of London (UK)

2017-2019

Teaching Assistant, City, University of London (CH)

Involvement in projects

• The Toreador Project (H)
• Big Data Supporting Public Hearing Health Policies (EVOTION) (H)

Healthcare/Big Data

• CYBER Security InSURancE — A Framework for Liability Based Trust

(CyberSURE) (M)

• Cyber Security Incident Handling, Warning and Response System for the

European Critical Infrastructures (CYBERSANE) (H)

• Cyber security 4.0: protecting the Industrial Internet of Things (C4IIoT) (H)

Cyber Security

• A Cyber Security Platform for Virtualised 5G cyber range services (SPIDER) (H)
• Cyber Security Threats and Threat Actors Training - Assurance Driven, Multi

Layer, End-to-End Simulation and Training (THREAT-ARREST) (H) Cyber Range

Marie Skłodowska-Curie (M) – Horizon 2020 (H) Sphynx Technology Solutions AG – Empelor GmbH – City, University of London

A continuous security assurance driven approach to cyber ris isk estim imatio ion and im implications to cyber in insurance.

Supervisor: Prof. George Spanoudakis

Overview

Aim Motivation Current Landscape Objectives Approach Monitoring, Testing and Hybrid Assessment Beneficiaries

Aim

Develop a continuous security assurance driven approach supporting the dynamic estimation

• f security and privacy risks for

cyber systems and services based

• n security assurance models for

such systems.

Motivation

• Uncovered threats/vulnerabilities
• Direct and indirect impact of violations
• Reputational Risk
• Financial risks which can lead to cyber insurance – risk transfer due to reputational risks

Security assurance is important – contributes to confidence

• New threats and vulnerabilities detection
• New security countermeasures
• The assessment of different security controls

Continuous assurance

Current Landscape

How the problem is resolved in the industry? How the problem is resolved in academia? Current state of certification and risk assessment/management approaches.

In Industry

✓Nessus / OpenVAS ✓OWASP ZAP ✓Wireshark ✓OWASP Dependency Check / SpotBugs ✓ISO (ISO/IEC 27002:2013) / CSA (CCM) / NIST (NIST 800:30) ✓OCTAVE Allegro (qualitative risk management approach) ✓CORAS (quantitative risk management approach)

Limitations

Standalone security testing tools Outdated standards/guidelines Static certification Labour-intensive inspection and offline testing of cyber systems at distinct time points (e.g. annually) No continuity of security assurance

A model-driven approach to execute monitoring/testing and hybrid certification (CUMULUS) Information Security Risk Analysis Method (ISRAM) Annual Loss Estimation (NeSSoS) Checklists based on security standards (ISO) Cost-benefit Analysis (SAEM)

Academia

Limitations

Outdated checklists Human oriented input No continuity of security certification No automation

Objectives

Develop a Cyber Security Assurance Model to drive the generation of cyber risk estimation with implications to cyber insurance. Develop generic processes for automating the creation and management of security assurance and risk management policies for cyber systems, based on dynamic cyber systems certification, audit and risk assessment of security and privacy for such systems. Develop a novel platform supporting the creation, monitoring, testing and adaptation of hybrid forms of risk assessment.

Approach

The proposed approach is based on the creation of an innovative framework of integrated tools enabling: The creation of the cyber security assurance model and its specification language. The latter includes meaningful information that will be used for the baseline risk assessment.

The baseline risk assessment of the system including both static and automated vulnerability and threat analysis. Risk assessment methodologies and tools and vulnerability assessment tools that will support the former and specification of high-level models of threat agents, threats and vulnerabilities that may pose different types of risks to cyber system assets will be used. The continuous monitoring, testing and hybrid certification of security and privacy properties included in the assurance model. The dynamic calculation of cyber system exposure of assets of cyber systems to risk. This probabilistic calculation will be based on continuous analysis of the evidence provided by the baseline risk assessment.

The Security Assurance Model

The system’s software, hardware ,physical assets, data and processes. The threats corresponding to these assets and the sequence of events that leads to the manifestation

• f these threats

The security properties that must be maintained for each asset The vulnerabilities that compromise the security properties The security controls that mitigate the exploitation of the vulnerabilities.

Security Assurance Model (UML)

Monitoring, Testing and Hybrid Assessment

Monitoring

• Threats (indicators of attacks)
• Correctness of operation of existing security controls

What can be monitored?

• Maintain the confidentiality, integrity, availability, non-

repudiation etc. Why do we have to monitor a system/asset?

Monitoring example

Security Property: Integrity:data-alteration-detection Monitoring formulae (Expressed in an abstract syntax of Event Calculus)

Integrity – Monitoring Rule Body

Happens(read(_id,_sender,_receiver,_appId,_appName,_hashValue), _t2, [_t2, _t2])

Head

holdsAt(read,keepWriteValue(_appId,_appName,_hashValue), t2)

Integrity – Monitoring Assumption

Body

Happens(write(_id,_sender,_receiver,_appId,_appName,_hashValue), _t1, [_t1, _t1])

Head

Initiate(write,keepWriteValue(_appId,_appName,_hashValue), t1)

Testing

• Dynamic (e.g. Penetration

testing)

• Static (e.g. Static code analysis)

Types of Testing

• Cyber Systems
• Source code

What can be tested?

Hybrid

Combination of testing and monitoring. Why do we need hybrid assessment?

• Conflict identification and resolution
• Conflicts between different testing tools
• Conflicts between monitoring and testing results
• Limitations on monitoring and testing techniques
• Gaps in time periods
• Not all components were monitored

Independent vs dependent mode models

• Primary form of assessment (monitoring or testing)

triggers the other (subordinate) form in order to confirm and/or complete the evidence required for the assessment.

Hybrid example

Security Property: Integrity:data-alteration-detection Hybrid formulae (Expressed in an abstract syntax of Event Calculus)

Integrity – Hybrid Rule Body (Monitoring) Happens(e(_e1,_sc,_TOC,REQ,_fileWrite(_id,_sender,_receiver,_appId,_ap pName,_hashValue),_TOC), _t1, [_t1, _t1]) ^ Happens(e(_e2,_TOC,_RC,RES,_fileWrite(_id,_sender,_receiver,_appId,_ap pName,_hashValueU),_TOC, _t2, [_t1, _t1+x]) ^ (_hashValueU !=NIL) Head (Testing) Happens(e(_e3,_CA,_RC,EXC,testRole(_id,_sender,_receiver,_appId,_appNa me,_hashValueT),_TOC, _t3, [_t2, _t2+y]) ^ (_hashValueT !=NIL)

High-Level Architecture

Beneficiaries

• Insurance
• Healthcare

Multiple domains

• Low-Privilege end user (e.g., Clinicians)
• High-Privilege end user (e.g., CEO)
• Insurers
• System Administrator
• Security Expert
• Security Auditors

Different types of end-users

“Failure is an option here. If things are not failing, you are not innovating enough.”

E.Musk