a simulation driven approach for assessing risks of
play

A Simulation-Driven Approach for Assessing Risks of Complex Systems - PowerPoint PPT Presentation

Mar 13, 2023 •302 likes •601 views

Complex Systems A Simulation-Based Approach Current Prototype Conclusions A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio Telmon 1 Daniele Sgandurra 2 1 Dipartimento di Informatica, Universit` a

  1. Complex Systems A Simulation-Based Approach Current Prototype Conclusions A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio Telmon 1 Daniele Sgandurra 2 1 Dipartimento di Informatica, Universit` a di Pisa, Italy 2 Istituto di Informatica e Telematica, CNR, Pisa, Italy 13th European Workshop on Dependable Computing 11 May 2011 1/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  2. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Outline Complex Systems 1 A Simulation-Based Approach 2 Current Prototype 3 Conclusions 4 2/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  3. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Complexity of Attacks In the past: direct attacks: e.g., ping-of-death. Nowadays: complex attacks or attack plans: multi-steps attacks: modem+router+firewall+IDS+server+virtualization layer. Example: VMware Guest to Host escape requires 18 steps ( BHUSA09 , Cloudburst ); 12 steps to defeat Vista Data Execution Prevention. Advanced persistent threat (APT): “a group with both the capability and the intent to persistently and effectively target a specific entity”. 3/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  4. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Current Approaches to Model Complex Attacks Need to consider all the possible states ( ` a la model checking): a vulnerability has not been discovered; 1 a vulnerability has been discovered; 2 a vulnerability has been discovered but is unknown; 3 the vulnerability is known; 4 the vulnerability is known and a threat can exploit it; 5 ... 6 Markov chain-based approaches: need to consider all the transitions, which depend upon: strategies of the threats; correlations among vulnerabilities. State explosion. High complexity. 4/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  5. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Analytical Models Existing analytical models cannot predict distributions, because of: systemic factors: vulnerabilities; relations among components. complex threat models: knowledge; expertise in implementation of attacks; risk aversion. 5/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  6. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Suggested Approach Computation of probabilities that attack plans are discovered, successfully implemented, and their impacts. Risk management-based approach: average of impacts and distribution probability of attacks; not interested in worst-case values only. 6/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  7. Complex Systems A Simulation-Based Approach Current Prototype Conclusions A Simulation-Based Approach To model alternative implementations of a system. To model and anticipate the evolution of complex systems: and to compute average impact of attacks. To avoid flaw of averages when using correlated functions. To evaluate the impact of a vulnerability that may be discovered in the future. 7/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  8. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Attack Graph Formal framework to describe attack plans. Our definition: AttGr ( S , ag ), of a threat agent ag , with respect to a system S , is a direct acyclic graph that describes all the attack plans ag can implement to achieve one of its goals: each node n corresponds to a set of rights, r ( n ), of ag on S ; 1 there is an arc from n 1 to n 2 labelled by at for any at where: 2 r ( n 1 ) ⊇ pre ( at ), r ( n 2 ) = r ( n 1 ) ∪ post ( at ), ∃ x ∈ post ( at ) such that x / ∈ r ( n 1 ). ag owns all the resources in res ( at ) for each attack at labelling 3 an arc of AttGr ( S , ag ); final nodes are the goals of the attackers. 4 8/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  9. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Attack Graph: Example A Test Network A planner-based approach to generate and analyze minimal attack graph 9/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  10. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Attack Graph: Example An Attack Graph A planner-based approach to generate and analyze minimal attack graph 10/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  11. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Acquisition of Rights (1) Our contribution: a state is a set of rights. A right is a pair < component , attribute > : property on an component; relation among components. Elementary attack: < component , preconditions ( A ) , postconditions ( a ) > . Advantages: easier construction of the system; easier to discover equivalent attack plans; partial knowledge of the system by the attacker; several attack strategies can be exploited in parallels. Assumption: monotonicity of rights acquisition. 11/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  12. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Acquisition of Rights (2) The arc from n 1 to n 2 models the acquisition of rights when ag owns all the rights in r ( n 1 ) and it successfully implements at . The acquisition of rights through a plan, i.e. a sequence of elementary attacks, is modelled by a path of the graph. The set of rights of ag increases anytime an attack at is successful because post ( at ) � = ∅ , so that for any arc from n 1 to n 2 : r ( n 1 ) ⊂ r ( n 2 ) 12/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  13. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Attack Graph: Example An Attack Graph With Rights (r=rule: precondition → postcondition) 13/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  14. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Risk Assessment through a Simulator Simulation of the evolution of attack plans of distinct agents: detailed exploration of the space of attack plans. Multiple simulations return statistics on the influence of distinct sources of non-determinism in the choice/implementation of a plan: the probability of discovering system vulnerabilities; available information on these vulnerabilities; the success probability of the agent’s plans; the choice among alternative attacks in a plan. 14/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  15. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Input of the Simulator Input of the simulator: a set of threat agents, each described in terms of: 1 available resources; goals; a strategy to select attacks. a set of vulnerabilities, each associated with a probability 2 distribution of being discovered; a set of elementary attacks and, for any attack: 3 the resources it requires; the vulnerabilities that enable the attack; the success probability. 15/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  16. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Dynamic Vulnerabilities Vulnerabilities can be discovered or patched during the simulation: an arc is removed; an arc is added; the success probability of an attack is increased/decreased. Hard to model with most of the current approaches. Attack graph is updated accordingly. 16/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  17. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Look-Ahead Degree of the Agent Mimics the discovery of attack plans by the agent. Useful to model advanced persistent threats. Example: a goal node is 2 steps far: if look-ahead is 0: random choice among the possible attacks; if look-ahead is 2: choose the attack whose goal is 1 step far; if look-ahead is 1: choose the attack whose destination node has more rights, or with a greater probability of success: draws are resolved according to the threat model. 17/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

  18. Complex Systems A Simulation-Based Approach Current Prototype Conclusions Countermeasures Need to evaluate the effectiveness of alternative set of countermeasures. Useful to evaluate alternative system evolutions. We model countermeasures as arc removals. Currently, the simulator returns a set of static countermeasures = arcs to be removed taking into account: cost of each countermeasure; total investment in countermeasure selection; number of attack plans that share an arc or an attack. 18/29 Fabrizio Baiardi, Claudio Telmon, Daniele Sgandurra Universit` a di Pisa, IIT-CNR

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online

R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online

R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online Communities Joanna Asia Biega Krishna P . Gummadi, Ida Mele, Dragan Milchevski, Christos Tryfonopoulos, Gerhard Weikum SIGIR 2016 APPROACHING

824 views • 50 slides
A Student-driven Approach to Assessing and Utilizing Assistive Technology to Improve Course

A Student-driven Approach to Assessing and Utilizing Assistive Technology to Improve Course

A Student-driven Approach to Assessing and Utilizing Assistive Technology to Improve Course Accessibility, Classroom Inclusivity, and Student Engagement Craig Levins, Director of Accessibility Resources, SUNY Oneonta Jenny Bagby, Coordinator of

426 views • 26 slides
An overview of a simulation approach to assessing environmental risk of sound exposure to marine

An overview of a simulation approach to assessing environmental risk of sound exposure to marine

An overview of a simulation approach to assessing environmental risk of sound exposure to marine mammals. Dr. C. Donovan [C. Harris, L. Marshall, L. Milazzo, R. Williams &amp; J. Harwood] Centre for Research into Ecological and Environmental

433 views • 27 slides
A novel approach to assessing the risks from smokeless tobacco: looking at the evidence Carl V.

A novel approach to assessing the risks from smokeless tobacco: looking at the evidence Carl V.

A novel approach to assessing the risks from smokeless tobacco: looking at the evidence Carl V. Phillips MPP PhD carl.v.phillips@ualberta.ca Associate Professor, UA School of Public Health Director, Alberta Smokeless Tobacco Education &amp;

659 views • 51 slides
Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value simulation used for analog circuits Differential equations should be solved Very slow, too much accuracy for digital circuits Event Driven

207 views • 9 slides
Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

EVENT%DRIVEN%SIMULATION Verilog%simulation%uses%Event%Driven%model%of% computation Basic%knowledge%of%Event%Driven%simulation%can%help% in%writing%and%Debugging%Verilog%descriptions

243 views • 20 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (10/2/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (10/2/07) I E S R C E O V U

Programmable Logic Devices Simulation and TestBenches CMPE 415 Event-Driven Simulation Simulation is used to verify the design. CAD tools incorporate logic-level simulation to reduce simulation com- plexity and time. In Verilog, signals are

275 views • 16 slides
A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael

A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael

A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael Health System Chris Karam, President/CEO Jennifer Wright, Organizational Effectiveness Manager Tracy Lawrence Collin Raye Ross Perot Bill Clinton 42

360 views • 6 slides
SnakeSIM : a Snake Robot Simulation Framework for Perception-Driven Obstacle-Aided Locomotion

SnakeSIM : a Snake Robot Simulation Framework for Perception-Driven Obstacle-Aided Locomotion

Introduction SnakeSIM Control approach Conclusion References SnakeSIM : a Snake Robot Simulation Framework for Perception-Driven Obstacle-Aided Locomotion Filippo Sanfilippo 1 , yvind Stavdahl 1 and P ack 1 al Liljeb 1Dept. of

466 views • 18 slides
Assessing the risks associated with the dispersion of novel genes/alleles into the environment

Assessing the risks associated with the dispersion of novel genes/alleles into the environment

1 Assessing the risks associated with the dispersion of novel genes/alleles into the environment Nathalie Isabel et al. NASEM, Washington DC 5 April 2018 2 Outline 1. Background 2. Research framework 3. Studied System: Main Results

402 views • 38 slides
Assessing Extreme Weather Risks on New Jerseys Transporta:on Network

Assessing Extreme Weather Risks on New Jerseys Transporta:on Network

Addressing Resiliency Dave Kuhn The New Jersey DOT Experience Launching Enterprise Risk Management in Your Agency NCHRP 20-14 (105) Assessing Extreme Weather Risks on New Jerseys Transporta:on Network Study

271 views • 16 slides
The Role of Simulation in Assessing Extrapolation Assumptions Marc R. Gastonguay, Ph.D. CEO,

The Role of Simulation in Assessing Extrapolation Assumptions Marc R. Gastonguay, Ph.D. CEO,

Quantitative Assessment of Assumptions to Support Extrapolation of Efficacy in Pediatrics: FDA-U Maryland CERSI Cosponsored Workshop. FDA White Oak Campus. June 1, 2016 The Role of Simulation in Assessing Extrapolation Assumptions Marc R.

531 views • 30 slides
Trace-driven Simulation of Multithreaded Applications Alejandro Rico, Alejandro Duran, Felipe

Trace-driven Simulation of Multithreaded Applications Alejandro Rico, Alejandro Duran, Felipe

Trace-driven Simulation of Multithreaded Applications Alejandro Rico, Alejandro Duran, Felipe Cabarcas Yoav Etsion, Alex Ramirez and Mateo Valero Multithreaded applications and trace-driven simulation Most computer architecture research

599 views • 25 slides
A National Web Conference on Assessing Safety Risks Associated With EHRs Presented by: David

A National Web Conference on Assessing Safety Risks Associated With EHRs Presented by: David

A National Web Conference on Assessing Safety Risks Associated With EHRs Presented by: David Classen, M.D., M.S. Jason Adelman, M.D., M.S. Moderated By: Edwin Lomotan, M.D. Agency for Healthcare Research and Quality August 29, 2016 1

1.33k views • 110 slides
Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA presented at Hazardous Materials Training Seminar Houston, TX Aug 21 to 23, 2018 DISCLAIMER All references to companies, their names, addresses and

499 views • 24 slides
Risk Analysis 1 Assessing Risk The potential consequences of not assessing and managing

Risk Analysis 1 Assessing Risk The potential consequences of not assessing and managing

11/29/2012 Risk Analysis 1 Assessing Risk The potential consequences of not assessing and managing risks can include the following: Failure to attain expected benefits from the project, Inaccurate project cost estimates,

278 views • 17 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis &amp; Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Outline Basics of network security Network Security Definitions CS 239 Sample

Outline Basics of network security Network Security Definitions CS 239 Sample

Outline Basics of network security Network Security Definitions CS 239 Sample attacks Computer Software Defense mechanisms March 1, 2004 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004 Some

535 views • 8 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 8 Denial of Service DD2395 Sonja Buchegger 1 Course Admin l WANTED: Student representatives for the

1.29k views • 37 slides
Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz` Capability Model (Xia, et al.) External Meta External ECA Model Model Capability sub-model Attack Mitigation Network Security

258 views • 15 slides
Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell

Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell

3/28/19 Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell at me if I dont notice?) Profs Peter Steenkiste &amp; Justine Sherry &amp; (Guest Lecturer) Sannan Slides almost entirely copied from

288 views • 18 slides
CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses,

1.2k views • 59 slides
Goals for Today Learning Objective: Understand why secure systems fail Announcements,

Goals for Today Learning Objective: Understand why secure systems fail Announcements,

Goals for Today Learning Objective: Understand why secure systems fail Announcements, etc: MP3 is now available for download on Compass! DUE APRIL 15th (5 days from now) MP2.5 enrollment now closed! MP4 Release Date

297 views • 19 slides

More recommend