Senior Software Security Engineer sad Sphynx Technology Solutions AG (CH,CY) Email: smyrlis@sphynx.ch 1st Graduate Students Conference Computer Science Department October 25th, 2019 PhD Candidate School of Mathematics, Computer Science and Engineering City, University of London (UK) Email: Michail.Smyrlis.2@city.ac.uk
About me 2019 - Present 2016-2019 2017-2019 Se Senio ior So Software Se Secu curit ity Engin ineer, Software Security Engineer PhD Student, Sphynx Technology Solutions AG (CH) Empelor GmbH City, University of London PhD Candidate, (CH) (UK) City, University of London (UK) 2012-2016 2016- 2019 2018 - 2019 UG Student, Research Assistant, Teaching Assistant, Computer Science CeNACS , City, University of London Department, City, University of London (CH) University of Crete (UK) (GR)
Sphynx Technology Solutions AG – Empelor GmbH – City, University of London Healthcare/Big Data • The Toreador Project (H) • Big Data Supporting Public Hearing Health Policies (EVOTION) (H) Cyber Security • CYBER Security InSURancE — A Framework for Liability Based Trust Involvement (CyberSURE) (M) • Cyber Security Incident Handling, Warning and Response System for the in projects European Critical Infrastructures (CYBERSANE) (H) • Cyber security 4.0: protecting the Industrial Internet of Things (C4IIoT) (H) Cyber Range • A Cyber Security Platform for Virtualised 5G cyber range services (SPIDER) (H) • Cyber Security Threats and Threat Actors Training - Assurance Driven, Multi Layer, End-to-End Simulation and Training (THREAT-ARREST) (H) Marie Skłodowska -Curie (M) – Horizon 2020 (H)
A continuous security assurance driven approach to cyber ris isk estim imatio ion and im implications to cyber in insurance. Supervisor: Prof. George Spanoudakis
Aim Motivation Current Landscape Overview Objectives Approach Monitoring, Testing and Hybrid Assessment Beneficiaries
Aim
Develop a continuous security assurance driven approach supporting the dynamic estimation of security and privacy risks for cyber systems and services based on security assurance models for such systems.
Motivation
Security assurance is important – contributes to confidence • Uncovered threats/vulnerabilities • Direct and indirect impact of violations • Reputational Risk • Financial risks which can lead to cyber insurance – risk transfer due to reputational risks Continuous assurance • New threats and vulnerabilities detection • New security countermeasures • The assessment of different security controls
Current Landscape
How the problem is resolved in the industry ? How the problem is resolved in academia ? Current state of certification and risk assessment/management approaches.
In Industry ✓ Nessus / OpenVAS ✓ OWASP ZAP ✓ Wireshark ✓ OWASP Dependency Check / SpotBugs ✓ ISO (ISO/IEC 27002:2013) / CSA (CCM) / NIST (NIST 800:30) ✓ OCTAVE Allegro (qualitative risk management approach) ✓ CORAS (quantitative risk management approach)
Standalone security testing tools Outdated standards/guidelines Static certification Limitations Labour-intensive inspection and offline testing of cyber systems at distinct time points (e.g. annually) No continuity of security assurance
A model-driven approach to execute monitoring/testing and hybrid certification (CUMULUS) Information Security Risk Analysis Method (ISRAM) Annual Loss Estimation (NeSSoS) Checklists based on security standards (ISO) Cost-benefit Analysis (SAEM) Academia
Outdated checklists Human oriented input Limitations No continuity of security certification No automation
Objectives
Develop a Cyber Security Assurance Model to drive the generation of cyber risk estimation with implications to cyber insurance. Develop generic processes for automating the creation and management of security assurance and risk management policies for cyber systems, based on dynamic cyber systems certification, audit and risk assessment of security and privacy for such systems. Develop a novel platform supporting the creation, monitoring, testing and adaptation of hybrid forms of risk assessment.
Approach
The proposed approach is based on the creation of an innovative framework of integrated tools enabling: The creation of the cyber security assurance model and its specification language. The latter includes meaningful information that will be used for the baseline risk assessment.
The baseline risk assessment of the system including both static and automated vulnerability and threat analysis. Risk assessment methodologies and tools and vulnerability assessment tools that will support the former and specification of high-level models of threat agents, threats and vulnerabilities that may pose different types of risks to cyber system assets will be used. The continuous monitoring , testing and hybrid certification of security and privacy properties included in the assurance model. The dynamic calculation of cyber system exposure of assets of cyber systems to risk. This probabilistic calculation will be based on continuous analysis of the evidence provided by the baseline risk assessment.
The Security Assurance Model The threats corresponding The system’s software, The security properties to these assets and the hardware ,physical assets, sequence of events that that must be maintained data and processes. leads to the manifestation for each asset of these threats The vulnerabilities that The security controls that compromise the security mitigate the exploitation of properties the vulnerabilities.
Security Assurance Model (UML)
Monitoring, Testing and Hybrid Assessment
What can be monitored? • Threats (indicators of attacks) • Correctness of operation of existing security controls Monitoring Why do we have to monitor a system/asset? • Maintain the confidentiality, integrity, availability, non- repudiation etc.
Security Property : Integrity:data-alteration-detection Monitoring formulae (Expressed in an abstract syntax of Event Calculus) Integrity – Monitoring Rule Body Happens(read(_id,_sender,_receiver,_appId,_appName,_hashValue), _t2, [_t2, _t2]) Monitoring example Head holdsAt(read,keepWriteValue(_appId,_appName,_hashValue), t2) Integrity – Monitoring Assumption Body Happens(write(_id,_sender,_receiver,_appId,_appName,_hashValue), _t1, [_t1, _t1]) Head Initiate(write,keepWriteValue(_appId,_appName,_hashValue), t1)
Types of Testing • Dynamic (e.g. Penetration testing) • Static (e.g. Static code analysis) Testing What can be tested? • Cyber Systems • Source code
Combination of testing and monitoring. Why do we need hybrid assessment? • Conflict identification and resolution • Conflicts between different testing tools • Conflicts between monitoring and testing results Hybrid • Limitations on monitoring and testing techniques • Gaps in time periods • Not all components were monitored Independent vs dependent mode models • Primary form of assessment (monitoring or testing) triggers the other (subordinate) form in order to confirm and/or complete the evidence required for the assessment.
Security Property: Integrity:data-alteration-detection Hybrid formulae (Expressed in an abstract syntax of Event Calculus) Hybrid Integrity – Hybrid Rule example Body Happens(e(_e1,_sc,_TOC,REQ,_fileWrite(_id,_sender,_receiver,_appId,_ap (Monitoring) pName,_hashValue),_TOC), _t1, [_t1, _t1]) ^ Happens(e(_e2,_TOC,_RC,RES,_fileWrite(_id,_sender,_receiver,_appId,_ap pName,_hashValueU),_TOC, _t2, [_t1, _t1+x]) ^ (_hashValueU !=NIL) Head Happens(e(_e3,_CA,_RC, EXC ,testRole(_id,_sender,_receiver,_appId,_appNa (Testing) me,_hashValueT),_TOC, _t3, [_t2, _t2+y]) ^ (_hashValueT !=NIL)
High-Level Architecture
Beneficiaries
Multiple domains • Insurance • Healthcare Different types of end-users • Low-Privilege end user (e.g., Clinicians) • High-Privilege end user (e.g., CEO) • Insurers • System Administrator • Security Expert • Security Auditors
“ Failure is an option here. If things are not failing, you are not E.Musk innovating enough.”
Recommend
More recommend
