approaches and modeling techniques to determine system
play

APPROACHES AND MODELING TECHNIQUES TO DETERMINE SYSTEM - PowerPoint PPT Presentation

Jul 01, 2023 •128 likes •435 views

APPROACHES AND MODELING TECHNIQUES TO DETERMINE SYSTEM EFFECTIVENESS AGAINST INSIDER COLLUSION Mark Snell, Sandia National Laboratories Carol Scharmer, Sandia National Laboratories Philip Gibbs, Oak Ridge National Laboratory Sandia National

  1. APPROACHES AND MODELING TECHNIQUES TO DETERMINE SYSTEM EFFECTIVENESS AGAINST INSIDER COLLUSION Mark Snell, Sandia National Laboratories Carol Scharmer, Sandia National Laboratories Philip Gibbs, Oak Ridge National Laboratory Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc. for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE -NA0003525 SAND2017-12162 C U.S. DEPARTMENT OF ENERGY 1 Defense Nuclear Nonproliferation

  2. Topics • Introduction – Background/history – Evaluation methods that could be used • Potential New Techniques – Descriptions – Examples U.S. DEPARTMENT OF ENERGY Defense Nuclear Nonproliferation 2

  3. Background • Historical evaluation approaches – For collusion: Modeled “super” insider • Limits to historical approaches – Limited evaluation of preventive measures • Focused on people with hand-on – “Super” insider scenarios may lead to excessive protective measures – Prior technology limits U.S. DEPARTMENT OF ENERGY 3 Defense Nuclear Nonproliferation

  4. Potential New Techniques • Adapting accepted evaluation methods to insider – PFMEA-based [Process Failure Modes Effects Analysis] – Structured Assessment Approach (SAA) U.S. DEPARTMENT OF ENERGY 4 Defense Nuclear Nonproliferation

  5. Process/Procedures Matrix Method • Based on PFMEA process – Failure Modes Effects Analysis - FMEA – FMEA is a design tool used to systematically analyze postulated component failures and identify the resultant effects on system operations. – PFMEA (Process FMEA) is analysis of manufacturing and assembly processes • Instead of identifying process failure modes – Identify potential insider actions that could facilitate a malicious act https://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis U.S. DEPARTMENT OF ENERGY 5 Defense Nuclear Nonproliferation

  6. Process/Procedures Matrix Method • Result is a detailed database – Can be sorted into selectable data sets for analysis • Analysis can be simple or complex – Can examine a single preventive/protective measure – Can model multi faceted issues, such as collusion. U.S. DEPARTMENT OF ENERGY 6 Defense Nuclear Nonproliferation

  7. Process/Procedures Matrix Method • Advantages – Implemented during design – supports Security by Design – Comprehensively documents the interface between operations and security • Defines security procedures – Documentation for Security Plan – Maintain for future use/reference – Results may be used to: • Design an insider mitigation program or • Identify improvements to an existing program • Analyze risks and impacts of changes U.S. DEPARTMENT OF ENERGY 7 Defense Nuclear Nonproliferation

  8. Process/Procedures Matrix Method • Developing the database – Requires team that have detailed knowledge of operational and cross-cutting procedures – Based on facility operations – existing procedures – May immediately identify gaps in protection against insider (or outsider) U.S. DEPARTMENT OF ENERGY 8 Defense Nuclear Nonproliferation

  9. Process/Procedures Matrix Method • 5 step process – Correspond to the first five steps of the PFMEA process U.S. DEPARTMENT OF ENERGY 9 Defense Nuclear Nonproliferation

  10. Process/Procedures Matrix Method • PFMEA process – Failure Modes Effects Analysis - FMEA – FMEA is a design tool used to systematically analyze postulated component failures and identify the resultant effects on system operations. – PFMEA (Process) is analysis of manufacturing and assembly processes – Requires team that have detailed knowledge of operational and cross-cutting procedures – U.S. DEPARTMENT OF ENERGY 10 Defense Nuclear Nonproliferation

  11. Cross-Cutting Procedures • Importance of identifying Cross-cutting Procedures – Cross-cutting procedures are the same or similar processes that apply to multiple operations. – Specific to security these would encompass procedures that implement preventive and protective measures. For example, access control measures include : • Two-person rule • Segregation • Compartmentalization – Cross-cutting procedures should be consistently applied U.S. DEPARTMENT OF ENERGY 11 Defense Nuclear Nonproliferation

  12. Step 1 • Organize the facility operations by process/procedure Processing Facility Processing Packaging Processes Processes Rod Waste Quality Pelleting Others Packaging Shipping Others Assembly Handing Assurance Package Rod Prep Assay Blending Prep Pellet Batch & Rod Labeling Counting Milling Verification Package Loading Pressing Loading Sealing U.S. DEPARTMENT OF ENERGY 12 Defense Nuclear Nonproliferation

  13. Step 2 • Document each process/procedure step-by-step • Characterize the step: review and identify – Who performs the step – Where the step is performed – Equipment needed for the step – Containment • This step is iterative for all facility processes and procedures U.S. DEPARTMENT OF ENERGY 13 Defense Nuclear Nonproliferation

  14. Procedure Steps • Process Prep: U.S. DEPARTMENT OF ENERGY 14 Defense Nuclear Nonproliferation

  15. Procedure Steps, cont. • Weighing and Blending • Transferring U.S. DEPARTMENT OF ENERGY 15 Defense Nuclear Nonproliferation

  16. Step 2 • Document each process/procedure step-by-step • Characterize the step: review and identify – Who performs the step – Where the step is performed – Equipment needed for the step – Containment • This step is iterative for all facility processes and procedures U.S. DEPARTMENT OF ENERGY 16 Defense Nuclear Nonproliferation

  17. Characterize  Process Preparation: U.S. DEPARTMENT OF ENERGY 17 Defense Nuclear Nonproliferation

  18. Step 2 • Document each process/procedure step-by-step • Characterize the step: review and identify – Who performs the step – Where the step is performed – Equipment needed for the step – Containment • This step is iterative for all facility processes and procedures U.S. DEPARTMENT OF ENERGY 18 Defense Nuclear Nonproliferation

  19. Step 3 • Identify all cross-cutting processes and procedures – For the process as a whole – For each step in the procedure – For example: • Implementation of security measures – Preventive and protective measures against the insider • Implementation of safety measures • Interface with external entities • Work authorization • Access control / Badging • Don’t forget to review steps in the cross -cutting procedures also – The cross cutting procedures are facility procedures, too U.S. DEPARTMENT OF ENERGY 19 Defense Nuclear Nonproliferation

  20. Step 3 • Cross Cutting Procedures Processing Facility Access Control Badging Processing Compartmentalization Processes Plan of the Day Rod Waste Pelleting Others Assembly Handing Work Authorization Rod Prep Blending Pellet Batch & NMAC Material Tracking Counting Milling Loading Pressing Two Person Rule Sealing U.S. DEPARTMENT OF ENERGY 20 Defense Nuclear Nonproliferation

  21. Database for One Procedure U.S. DEPARTMENT OF ENERGY 21 Defense Nuclear Nonproliferation

  22. Step 3 Result • Database of protective measures identified – or not • May identify gaps – Empty fields may identify missing procedures – Procedures that are inconsistently or ineffectively applied across operational processes U.S. DEPARTMENT OF ENERGY 22 Defense Nuclear Nonproliferation

  23. Step 4 • Identify the insider actions or steps that could be taken at each step in the procedure – Include actions for insider collusion Note: this data is intentionally adversary and scenario independent U.S. DEPARTMENT OF ENERGY 23 Defense Nuclear Nonproliferation

  24. U.S. DEPARTMENT OF ENERGY 24 Defense Nuclear Nonproliferation

  25. Step 5 • Analyze the information • Define scope of analysis for single or multiple “facets of interest.” For example, examine: – Individual processes to determine robustness of security – Similar groups of processes to determine consistent application of cross-cutting procedures • Example, material movement procedures or two person rule – Cross-cutting procedures with respect to the Security Plan objectives • Results of analyses can also provide input for other analysis methods U.S. DEPARTMENT OF ENERGY 25 Defense Nuclear Nonproliferation

  26. Examples of Structured Assessment Approach (SAA) Models Represents a process for taking a measurement, comparing it against an earlier measurement and, if the two agree, entering it into an accounting system U.S. DEPARTMENT OF ENERGY 26 Defense Nuclear Nonproliferation

  27. Examples of Structured Assessment Approach (SAA) Models (Continued) Represents a process where 1. A person exiting the Batching Area is swept by a guard with a radiation detector 2. The guard then determines whether to open the door by releasing the lock to let him/her exit U.S. DEPARTMENT OF ENERGY 27 Defense Nuclear Nonproliferation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Use Case Modeling Techniques From Universal Modeling Language (UML) R. Kuehl/J. Scott Hawker p.

Use Case Modeling Techniques From Universal Modeling Language (UML) R. Kuehl/J. Scott Hawker p.

Use Case Modeling Techniques From Universal Modeling Language (UML) R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Use Cases Interaction between a user and a system A complete and meaningful use Focus on value how

800 views • 54 slides
Statistical Modeling Approaches for Statistical Modeling Approaches for Information Retrieval

Statistical Modeling Approaches for Statistical Modeling Approaches for Information Retrieval

Statistical Modeling Approaches for Statistical Modeling Approaches for Information Retrieval Information Retrieval 1. HMM/N-gram-based 2. Topical Mixture Model (TMM) 2. Latent Semantic Indexing (LSI) 3. Probabilistic Latent Semantic Analysis

1.14k views • 68 slides
Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in

Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in

XML Concepts and Techniques Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in IT Contracts and Governance XML Concepts and Techniques XML Modeling and Storage Summary and Directions Munindar P.

987 views • 55 slides
Advanced Caching Techniques Approaches to improving memory system performance eliminate

Advanced Caching Techniques Approaches to improving memory system performance eliminate

Advanced Caching Techniques Approaches to improving memory system performance eliminate memory operations decrease the number of misses decrease the miss penalty decrease the cache/memory access times hide memory

441 views • 21 slides
Modeling and high-throughput approaches in developmental patterning approaches in developmental

Modeling and high-throughput approaches in developmental patterning approaches in developmental

Modeling and high-throughput approaches in developmental patterning approaches in developmental patterning Marcos Nahmad BNMC Seminar Series March 11, 2011 During embryonic pattern formation C ll Cells acquire information about their

882 views • 70 slides
Mechanism Design 4/27/18 Game-Theoretic Modeling Determine what actions agents could take.

Mechanism Design 4/27/18 Game-Theoretic Modeling Determine what actions agents could take.

Mechanism Design 4/27/18 Game-Theoretic Modeling Determine what actions agents could take. Determine the agents incentives: Assign a utility for each agent to every outcome. Compute Nash equilibria to predict how agents will

244 views • 13 slides
Use of electrochemical techniques to determine the effect of Sigma ()-phase precipitation on a

Use of electrochemical techniques to determine the effect of Sigma ()-phase precipitation on a

Use of electrochemical techniques to determine the effect of Sigma ()-phase precipitation on a 25-wt%Cr Super Duplex Stainless Steel. Monika Nss *, , Mariano Iannuzzi *, , and Roy Johnsen * * Norwegian University of Science and

747 views • 46 slides
Belief network inference Four main approaches to determine posterior distributions in belief

Belief network inference Four main approaches to determine posterior distributions in belief

Belief network inference Four main approaches to determine posterior distributions in belief networks: Variable Elimination: exploit the structure of the network to eliminate (sum out) the non-observed, non-query variables one at a time.

330 views • 29 slides
Techniques to determine big sagebrush subspecies in seed lots and why its important BRYCE

Techniques to determine big sagebrush subspecies in seed lots and why its important BRYCE

Techniques to determine big sagebrush subspecies in seed lots and why its important BRYCE RICHARDSON USDA FOREST SERVICE, RMRS, PROVO, UTAH Outline o Does determining big sagebrush subspecies matter o Seed weight findings o Analysis of BLMs

205 views • 19 slides
Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in

Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in

Architecture in IT Outline Challenges of Electronic Business Specification Approaches Commitments Architecture in IT Contracts and Governance XML Concepts and Techniques XML Modeling and Storage Summary and Directions Munindar P. Singh

893 views • 58 slides
Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

570 views • 40 slides
Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

534 views • 27 slides
Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

565 views • 20 slides
Participatory GIS techniques to determine the value of vulnerable open spaces in Portsmouth

Participatory GIS techniques to determine the value of vulnerable open spaces in Portsmouth

Participatory GIS techniques to determine the value of vulnerable open spaces in Portsmouth Hlne Draux 1 1 Cities Institute, London Metropolitan University, 277-281 Holloway Road, London N7 8HN Tel.+33 20 7133 4678 Fax +33 20 7133 4678

328 views • 6 slides
Modeling approaches for switching converters by Giorgio Spiazzi University of Padova ITALY

Modeling approaches for switching converters by Giorgio Spiazzi University of Padova ITALY

Modeling approaches for switching converters by Giorgio Spiazzi University of Padova ITALY Dept. of Information Engineering DEI Modeling approaches for switching converters 1/72 Summary of the presentation PWM converters PWM

898 views • 72 slides
Lessons learned Techniques Limitations of formal specifications Cost of technical staff

Lessons learned Techniques Limitations of formal specifications Cost of technical staff

CRIM Lessons learned Techniques Limitations of formal specifications Cost of technical staff training Ease of communication between different system stakeholders by using object- oriented modeling techniques and OMT as notational

302 views • 9 slides
EBS - IT 17 th March 2016 Conference call details: UK Numbers Tel: 0808 238 9819 or Tel: 0207 950

EBS - IT 17 th March 2016 Conference call details: UK Numbers Tel: 0808 238 9819 or Tel: 0207 950

EBS - IT 17 th March 2016 Conference call details: UK Numbers Tel: 0808 238 9819 or Tel: 0207 950 1251 Participant code: 4834 7876 https://meet.nationalgrid.com/antonio.delcastillozas/TYN7W1VT Agenda 1. Introduction 2. Previous meeting

700 views • 31 slides
What lies beneath For Adviser Use Only not approved for use with clients Important information

What lies beneath For Adviser Use Only not approved for use with clients Important information

What lies beneath For Adviser Use Only not approved for use with clients Important information This presentation is for adviser use only, and contains some forward thinking statements which should not be taken as fact. Information given is

374 views • 24 slides
State aid control in the Western Balkans: Would a different institutional design improve the

State aid control in the Western Balkans: Would a different institutional design improve the

State aid control in the Western Balkans: Would a different institutional design improve the enforcement record? Prof. Dr. Duan V. Popovi University of Belgrade, Faculty of Law dusan.popovic@ius.bg.ac.rs Introduction SAA requirements:

378 views • 12 slides
Captive Trends 1 st June 2013 1 Content What is a Captive Captive Structure

Captive Trends 1 st June 2013 1 Content What is a Captive Captive Structure

Captive Trends 1 st June 2013 1 Content What is a Captive Captive Structure Advantages Capitalisation and tax Domiciles Trends Contact 2 Captive Definition A Captive is an insurance company that primarily

706 views • 12 slides
A Review of Predictive Control Techniques for Matrix Converters - Part I marcoriv@utalca.cl M.

A Review of Predictive Control Techniques for Matrix Converters - Part I marcoriv@utalca.cl M.

A Review of Predictive Control Techniques for Matrix Converters - Part I marcoriv@utalca.cl M. Rivera , P. Wheeler, A. Olloqui February 17, 2016 A Review of Predictive Control Techniques for Matrix Converters - Part I Outline Outline 1

765 views • 31 slides
18/08/2015 1 Guidelines draw support from- (a) Juvenile Justice (Care and Protection of

18/08/2015 1 Guidelines draw support from- (a) Juvenile Justice (Care and Protection of

Central ntral Ad Adoption ption Resou ourc rce Au Autho hority rity Ministry nistry of Women en and Chil hild d Deve velopmen lopment t 18/08/2015 1 Guidelines draw support from- (a) Juvenile Justice (Care and Protection of

493 views • 27 slides
SERBIA QUALITY WORKS Jelena Akovic Senior Legal Advisor

SERBIA QUALITY WORKS Jelena Akovic Senior Legal Advisor

Serbia Investment and Export Promotion Agency SERBIA QUALITY WORKS Jelena Akovic Senior Legal Advisor

405 views • 26 slides
FY18 Budget Recommendation Presented to the Joint Appropriations Committee January 26, 2017

FY18 Budget Recommendation Presented to the Joint Appropriations Committee January 26, 2017

Mission: To advocate for and provide the pathway for all veterans and their families to receive the benefits due to them FY18 Budget Recommendation Presented to the Joint Appropriations Committee January 26, 2017 Department of Veterans

242 views • 20 slides

More recommend