designing stack agnostic modern secure architectures
play

Designing stack agnostic, modern, secure architectures Eugene - PowerPoint PPT Presentation

Aug 19, 2022 •242 likes •1.43k views

Designing stack agnostic, modern, secure architectures Eugene Pilyankevich, Chief Technical Officer, Cossack Labs #whoami / Speaker intro Infosec since mid-90s. Designed, supervised development of banking data processing, risk

  1. What is security architecture? Combination of security decisions, which makes actual system’s risks manageable.

  2. What is security architecture? Combination of security decisions, which makes actual system’s risks manageable in a chosen manner, efficiently.

  3. What is security architecture? Combination of security decisions, which makes actual system’s risks manageable in a chosen manner, efficiently, while maintaining all other quality attributes of a system on acceptable level.

  4. How to design the security architecture? Understand and manage the risks • Understand and manage attack surface • Balance tradeoffs •

  5. Before we do these three things, security effort is just re-painting this door in fancy colors.

  6. Security architecture 101: Intro Understanding risks 👊

  7. Building secure architecture is similar to building scalable and resilient architecture. It’s the set of risks that is different, but the approach is the same – you design against the chosen valid risks for you.

  8. You? NASA US Navy https://ivychapel.ink/posts/two-types-of-engineering-for-resiliency/

  9. Risk should be: Measured Managed

  10. Risk should be: Quantitatively Measured Managed Adequately

  11. Appetite/governance Identification Monitoring Acceptance Assessment Mitigation Treatment

  12. Risk management Questions: What is more important to protect and how? Why? • Should we spend more on this or on that? • Valuable approaches: OWASP RAF COBIT 5 • • FAIR OCTAVA • • NIST RMF •

  13. Problem probability Risks ~ Probable damage

  14. Remember: One in a million is next Tuesday. https://blogs.msdn.microsoft.com/larryosterman/2004/03/30/one-in-a-million-is-next-tuesday/

  15. Security architecture 101: Intro Understanding risks Understanding attack surface 👊

  16. Understanding attack surface 👼 👼 Your sensitive Bad people Bad people assets

  17. Understanding attack surface Attack surface

  18. Understanding attack surface Attack Surface is every possible way attacker can induce chosen type of loss to your system.

  19. Attack surface is your friend Instead of “ protecting every system ”, you can to focus on protecting the attack surface .

  20. Understanding attack surface Attackers look for assets. • Defenders protect boxes. •

  21. Understanding attack surface Attackers look for assets. Attackers think in graphs. • • Defenders protect boxes. Defenders think in lists. • •

  22. Understanding attack surface Prioritized by damage L Attackers look for assets. Attackers think in graphs. • • Defenders protect boxes. Defenders think in lists. • • Not prioritized by risk L

  23. Note: An unfair asymmetry • To win against attacker , you need to ensure that every vector on attack surface is protected. • Attacker to win against you , needs to find one (in worst case several) unprotected attack vectors.

  24. Managing attack surface • Assessing attack surface. • Minimizing attack surface. • Controlling attack surface. • Monitoring attack surface. • Drills .

  25. Security architecture 101: Intro Understanding risks Attack surface Balancing tradeoffs 👊

  27. Balancing tradeoffs Cost Risk impact

  28. Balancing tradeoffs Cost Risk impact Usability

  29. Balancing tradeoffs Cost Usability Risk impact Maintainability

  30. Balancing tradeoffs Cost Usability Maintainability Risk impact Flexibility

  31. Balancing tradeoffs • This is not A vs B relationship: security + usability.

  32. Balancing tradeoffs • This is not A vs B relationship: security + usability. Pick your battles – you can’t have all NFRs in a perfect shape. •

  33. Balancing tradeoffs • This is not A vs B relationship: security + usability. Pick your battles – you can’t have all NFRs in a perfect shape. • • Seek solutions that have: Both acceptable risk impact and acceptable baseline qualities for all NFRs.

  34. Designing for security: understanding and overcoming limitations

  35. In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra, New York Yankees, catcher, coach and manager

  36. Attack surface is always too big.

  37. Attack surface is always too big. • Real attack surface is always just crazy big. • Variety of technologies, tools and assets is crazy big. The only thing that is not crazy big? • • Staff and security budget.

  38. Attack surface is always too big. Example : two power grid monitoring efforts. • Humongous limitations, mad scale, bad legacy. … security?

  39. Attack surface is always too big. Example : optimizing SIEM coverage. • Need more signals, got less eyes. Review risk model and decrease the scope (for real).

  40. Prioritize! You can’t fix everything.

  41. Prioritize! You can’t fix everything. Choose your battles.

  42. Is it secure? 1. Ultimate “secure”. 2. Nothing is “provably secure” Trust levels in absolute terms. 3. Raising the bar, raising cost 4. Controlling attack flow.

  43. Sometimes requirements conflict with each other!

  44. Conflicts arise when each problem / risk has separate solution / control. Conflicts disappear when solutions in system address root causes of problems and risks. https://ivychapel.ink/posts/on-avoiding-band-aid-security/

  45. Example : optimizing SIEM coverage. • Data leakage through audit logs.

  46. Example : optimizing SIEM coverage. • Data leakage through audit logs. PCI logging requirements vs GDPR requirements.

  47. Example : optimizing SIEM coverage. • Data leakage through audit logs. PCI logging requirements vs GDPR requirements. Logs are data as well.

  48. Example : optimizing SIEM coverage. • Data leakage through audit logs. PCI logging requirements vs GDPR requirements. Logs are data as well. Should we protect them?

  49. No requirements = infinite rabbit hole.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Designing a Modern Swift Network Stack Philly CocoaHeads January 10, 2019 Hello My Client

Designing a Modern Swift Network Stack Philly CocoaHeads January 10, 2019 Hello My Client

Designing a Modern Swift Network Stack Philly CocoaHeads January 10, 2019 Hello My Client Story Core Data Company API App APIClient + MapModelManager 2000 lines each Problems Cumbersome to Add and Refactor Code Lack of

932 views • 69 slides
Modern VoIP in Modern Infrastructures Designing and implementing VoIP architectures in the cloud

Modern VoIP in Modern Infrastructures Designing and implementing VoIP architectures in the cloud

Modern VoIP in Modern Infrastructures Designing and implementing VoIP architectures in the cloud and container era Federico Cabiddu - RTC Architect @ Libon Giacomo Vacca - RTC Architect @ Nexmo About us Giacomo Vacca Federico Cabiddu VoIP

708 views • 27 slides
Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim

Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim Kobeissi Goals of todays class. A look into some secure network systems: WireGuard: a modern VPN. A critical look at ProtonMail,

1.15k views • 71 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of Technology for some of these slides sws1 1 1 Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have

733 views • 48 slides
Virtio-Vsock - Configuration-Agnostic Guest/Host Communication Johannes Wiesbck Friday 19 th

Virtio-Vsock - Configuration-Agnostic Guest/Host Communication Johannes Wiesbck Friday 19 th

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Virtio-Vsock - Configuration-Agnostic Guest/Host Communication Johannes Wiesbck Friday 19 th July, 2019 Chair of Network Architectures and

268 views • 22 slides
Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology for some of these slides Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have already seen how code

671 views • 47 slides
Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas Bogk 23c3 27. December 2006 Overview Common software vulnerabilities Dylan Architecture of IP-Stack CVE sorted by bug class Software

447 views • 44 slides
Introduction Modern DRAM Memory Architectures Sam Miller Memory subsystem is a bottleneck

Introduction Modern DRAM Memory Architectures Sam Miller Memory subsystem is a bottleneck

Introduction Modern DRAM Memory Architectures Sam Miller Memory subsystem is a bottleneck Tam Chantem Memory stall time will become dominant Jon Lucas New architectures & accessing techniques proposed to combat these issues

422 views • 4 slides
The Scalable Parallel Random Number Generators (SPRNG) Library and Modern Computer Architectures

The Scalable Parallel Random Number Generators (SPRNG) Library and Modern Computer Architectures

SPRNG and Modern Architectures The Scalable Parallel Random Number Generators (SPRNG) Library and Modern Computer Architectures Prof. Michael Mascagni Department of Computer Science Department of Mathematics Department of Scientific Computing

1.42k views • 94 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
Towards Transport-Agnostic Middleware Martin Sstrik sustrik@250bpm.com www.250bpm.com

Towards Transport-Agnostic Middleware Martin Sstrik sustrik@250bpm.com www.250bpm.com

Towards Transport-Agnostic Middleware Martin Sstrik sustrik@250bpm.com www.250bpm.com Messaging Middleware A layer in the network stack to manage communication between more than two endpoints. ZeroMQ/nanomsg 1 minute overview As a

563 views • 23 slides
y g sws1 1 Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna

y g sws1 1 Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna

Security bug of the week (in iOS and OS X) y g sws1 1 Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of Technology for some of these slides sws1 2 2 Attacking the stack g We have seen how the

850 views • 47 slides
PVTOL: Designing Portability, Productivity and Performance for Multicore Architectures Hahn Kim,

PVTOL: Designing Portability, Productivity and Performance for Multicore Architectures Hahn Kim,

PVTOL: Designing Portability, Productivity and Performance for Multicore Architectures Hahn Kim, Nadya Bliss, Jim Daly, Karen Eng, Jeremiah Gale, James Geraci, Ryan Haney, Jeremy Kepner, Sanjeev Mohindra, Sharon Sacco, Eddie Rutledge HPEC 2008

547 views • 32 slides
Server agnostic DNS augmentation By Tom Carpay Supervisors: Willem Toorop & Luuk Hendriks 1

Server agnostic DNS augmentation By Tom Carpay Supervisors: Willem Toorop & Luuk Hendriks 1

Server agnostic DNS augmentation By Tom Carpay Supervisors: Willem Toorop & Luuk Hendriks 1 Intro No DNS handling available low in the network stack, which is desirable for high volume authoritative servers Focus on DNS service

491 views • 12 slides
A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney Overview What is Cloud Computing?

774 views • 56 slides
PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A return-oriented programming (ROP) attack takes advantage of buffer overflow vulnerabilities in executables to gain control of the program. Stack

395 views • 11 slides
Q4 2016 OPERATIONS REPORT February 14, 2017 NYSE: DVN devonenergy.com IR Contacts Table of

Q4 2016 OPERATIONS REPORT February 14, 2017 NYSE: DVN devonenergy.com IR Contacts Table of

Q4 2016 OPERATIONS REPORT February 14, 2017 NYSE: DVN devonenergy.com IR Contacts Table of Contents Email: Key Takeaways ................ 2 investor.relations@dvn.com Results Overview

386 views • 23 slides
Overview Ideas explored Particle bunching (G4SmartTrackStack) Hard-coded stepping manager

Overview Ideas explored Particle bunching (G4SmartTrackStack) Hard-coded stepping manager

Overview Ideas explored Particle bunching (G4SmartTrackStack) Hard-coded stepping manager (G4SteppingManager) Caching of cross-sections calculations in hadronic processes (G4CrossSectionDataStore) Reducing branch mispredictions in Value()

334 views • 17 slides
FOURTH-QUARTER AND FULL-YEAR 2017 RESULTS F e b . 2 6 , 2 0 1 8 FORWARD-LOOKING STATEMENTS

FOURTH-QUARTER AND FULL-YEAR 2017 RESULTS F e b . 2 6 , 2 0 1 8 FORWARD-LOOKING STATEMENTS

FOURTH-QUARTER AND FULL-YEAR 2017 RESULTS F e b . 2 6 , 2 0 1 8 FORWARD-LOOKING STATEMENTS Statements contained in this presentation that include company expectations or predictions should be considered forward-looking statements that are

282 views • 16 slides
Sec Securing Micros oser ervice e Inter eraction ons in in

Sec Securing Micros oser ervice e Inter eraction ons in in

Sec Securing Micros oser ervice e Inter eraction ons in in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co-Founders @ Banyan

862 views • 34 slides
Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com

Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com

Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com Basics Windows Process Memory Page 2 How functions use the stack Page 3 (CALL pushes EIP)

736 views • 32 slides
Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware

AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware

SECURITY IN MICROSOFT AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware EARLY 2000s MID 2000s NOW Infrastructure Has Changed Buying Hardware Infrastructure As Code EARLY 2000s MID

677 views • 40 slides

More recommend