dynamic graphical models for security and safety joint
play

Dynamic graphical models for security and safety joint modeling July - PowerPoint PPT Presentation

Feb 01, 2024 •44 likes •784 views

Dynamic graphical models for security and safety joint modeling July 12 th 2015 GraMSec Workshop, Verona Marc Bouissou 1,2 Siwar Kriaa 1,2 Ludovic Pitre-Cambacds 1 1 EDF R&D, 2 cole Centrale Paris Context: pervasive computing Rail

  1. Dynamic graphical models for security and safety joint modeling July 12 th 2015 GraMSec Workshop, Verona Marc Bouissou 1,2 Siwar Kriaa 1,2 Ludovic Piètre-Cambacédès 1 1 EDF R&D, 2 École Centrale Paris

  2. Context: pervasive computing Rail transportation Aerospace Automobiles Medical Energy 2 - Marc Bouissou – GraMSec 2015

  3. Outline Introduction Safety/security convergence Why Petri nets, SAN and BDMP Petri nets and SAN Formalism description Use case: security of a metro station BDMP Formalism description Use case: a pipeline Conclusion 1

  4. Introduction Safety: Security: accidents, failures Cyber-attacks Industrial systems are more and more complex and interconnected Safety and security domains historically separated Industrial systems targeted by cyber-attacks Large consequences on the system’s environment Their requirements converge for complex systems

  5. Terminology Safety and security (SEMA referential) [1] � � Malevolent Security ? (Security M-A) S-E & M-A � � Accidental Safety ? (Safety M-A) S-E & M-A Sys. � Env. Env. � Sys. Sys. � Sys. (Safety S-E) (Security S-E) Safety in (cyber) Security this talk in this talk [1] L. Pietre-Cambacedes and C. Chaudet, "The SEMA referential framework: Avoiding ambiguities in the terms “security” and “safety”," International Journal of Critical Infrastructure Protection, Vol. 3 Issue 2, pp. 55-66, July 2010.

  6. Safety and security Similarities Differences Protection aim Random vs intelligent Risk = fundamental notion Stability vs evolution Not "additive" Access to information Importance of human factors Vocabulary Synergy between the two communities: possible & desirable

  7. Interdependences Safety Security Interdependences Antagonism Conditional dependence Mutual reinforcement Independence Stakes Correct risk evaluation Cost optimization 7 - Marc Bouissou – GraMSec 2015

  8. Dynamic graphical models to study such interdependencies We need a holistic approach Single model describing both safety and security aspects State of the art [2] identified the following dynamic graphical formalisms: Stochastic Petri nets and SANs BDMP Dynamic Bayesian nets All of them can be simulated and have a probabilistic basis Formalisms too specific of one domain have been discarded (e.g. Mobius/ADVISE) [2] A Survey of Approaches Combining Safety and Security for Industrial Control Systems Siwar Kriaa, Ludovic Pietre-Cambacedes, Marc Bouissou, and Yoran Halgand 8 - Marc Bouissou – GraMSec 2015

  9. SPN & SAN Stochastic Petri Nets and Stochastic Activity networks

  10. Stochastic Petri nets Standard SPN must be used in a bottom-up manner Patterns can ease the model construction The resulting model is flat and lacks structure Assessing methods: Markovian Petri net => all Markov analysis methods Non Markovian => Monte Carlo simulation Reminder: "ingredients" of GSPN inhibitor arcs Tokens Transitions Weighed (instantaneous or with random delay) arcs Places 10 - Marc Bouissou – GraMSec 2015

  11. Example taken from [3] Connecting Model A to Model B Well suited for describing a sequence Attack pattern (single phase) Faulty sensor Single phase intervention [3] Flammini et al. A Petri Net Pattern-Oriented Approach for the Design of Physical Protection Systems. Safecomp 2014 11 - Marc Bouissou – GraMSec 2015

  12. Assembling patterns Security of a Metro station [3] 12 - Marc Bouissou – GraMSec 2015

  13. Stochastic Petri nets pros and cons Theoretically, unlimited modeling power (Turing machine) Not suited for representing structure functions (nor instantaneous far reaching interactions) Spaghetti plate syndrome => validation is very hard C A B 5 objects 16 objects 13 - Marc Bouissou – GraMSec 2015

  14. Stochastic Activity Networks [4] SAN are strongly linked to the tool Möbius (formerly UltraSAN) Enable a hierarchical decomposition of the model Atomic model: see next slide [4] W. H. Sanders and J. F. Meyer, "Stochastic Activity Networks: Formal Definitions and Concepts" Lecture Notes in Computer Science no. 2090, pp. 315-343. Berlin: Springer, 2001. 14 - Marc Bouissou – GraMSec 2015

  15. SAN atomic model = Stochastic Petri net + following extensions Activities (= transitions) can have several outputs (probabilistically chosen) Input gates: contain the definition of a Boolean function of the input places marking that defines the enabling of the activity, and the modification of the input places marking when the transition fires Output gates: contain a set of actions to perform on output places when the transition fires Input and output gates are defined using C++ syntax => the graph can "hide" a lot of information Output gate Places Input gate Transition with two output cases 15 - Marc Bouissou – GraMSec 2015

  16. Communication between submodels Shared places (not apparent on the GUI) Shared variables 16 - Marc Bouissou – GraMSec 2015

  17. SAN pros and cons Can solve the problem of structure function representation (but not graphically) Instantaneous far reaching interactions? Maybe, with very complicated input and output gate functions In a "normal" use Lots of small spaghetti plates with sauce => validation is still very hard Sauce can be hot chili! (input and output functions, shared variables are hidden) 17 - Marc Bouissou – GraMSec 2015

  18. BDMP Boolean logic Driven Markov Processes

  19. BDMP CV Since 2002, Interest proven in reliability and safety engineering � Dynamic � Readable � Tractable Invented and used at EDF (NPP safety, � substations, data centers reliability,…) Complete theory and software framework � ⇒ Adapted to attack and defense modeling [5] [5] L. Pietre-Cambacedes, M. Bouissou, Attack and defense dynamic modeling with BDMP. MMM-ACNS 2010, St Petersbourg, September 2010.

  20. BDMP can be used to model any kind of system… Repairable or not Multiphase Multistate …

  21. Tools associated to BDMP formalism KB3 * * And Petri nets! Download: http://sourceforge.net/projects/visualfigaro/

  22. An example of BDMP in security: attack of a remote access server

  23. RAS attack BDMP – Step 0 (attack just started)

  24. RAS attack BDMP – Step 1

  25. RAS attack BDMP – Step 2

  26. RAS attack BDMP – Attacker’s objective reached

  27. An important mechanism of BDMP: filtering of relevant events If one of these leaves is realized, it makes the other one irrelevant and thus inhibited

  28. The same LoggedIntoTheRAS LoggedIntoTheRAS example as a it_4 it_4 Petri Net RAS_access_granted RAS_access_granted it_2 it_2 it_3 it_3 SuccessWardialing SuccessWardialing VulnerabilityFoundAndExploited VulnerabilityFoundAndExploited A5 A5 it_1 it_1 PotentialWardialing PotentialWardialing AuthenticationWithPassword AuthenticationWithPassword SuccessFindVuln SuccessFindVuln SuccessExploitVuln SuccessExploitVuln A3 A3 Inhibitor arcs A1 A1 A2 A2 A4 A4 needed to represent the top level trigger ! PotentialBruteforce PotentialBruteforce PotentialSocialEng PotentialSocialEng PotentialFindVuln PotentialFindVuln PotentialExploitVuln PotentialExploitVuln Inhibitor arcs needed for irrelevant event filtering 28 - Marc Bouissou – GraMSec 2015

  29. Principles of sequences exploration in a locally defined Markov chain (Figseq) System model (BDMP or simulation model): - events that may occur and Target : set of system states consequences on system Truncating criteria : probability, Process Model transitions number, ... Parameters Mission time Initial state System state Sequence : succession of events Event : - failure, repair, - any change of the system state Stop on target Absorbing state Stop on truncating criteria

  30. Quantification (1/2) – Time-domain analysis Taking advantage of the BDMP framework Efficient sequence exploration with trimming Probability to reach the objective in a given time Overall mean time to the attack success 0.55 Probability of each explored sequence 1.07 x 10 5 s Ordered list of sequences Cf. hereunder Sequences Probability in Average duration Contribution mission time after init. Attack steps 4.878x10 3 [Wardialing, Bruteforce] 0.2717 0.4877 9.7561x10 3 [Wardialing, Find_vuln, Bruteforce] 0.1272 0.2329 9.7561 x10 3 [Wardialing, Find_vuln, Exploit _ vuln] 0.1272 0.2329 4.8780 x10 3 [Wardialing, Social_eng.] 0.0136 0.0249 9.7561 x10 3 [Wardialing, Find_vuln, Social_eng.] 0.0064 0.0116 30

  31. Quantification (2/2) – Time-independent Classical values attributed to attack tree leaves Fixed probabilities � (dynamically) covered by stochastic processes Monetary cost � scenario cost, average attack cost Boolean indicators (specific requirements, properties) Need of internal knowledge, internal support Need of specific tool, piece of information � Characterization of selected scenarios Minimum attacker skills (Generalization) Continuous, Boolean, Discrete attributes All computable thanks to the Attack tree structure 31

  32. An example in safety: system to be modeled GRID CB_up_2 CB_up_1 diesel generator transfo2 transfo1 CB_dw_1 CB_dw_2 CB_dies line_2 line_1

  33. The BDMP in KB3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Sampling fs om Graphical Models Yitong Yin Nanjing University Joint work with W

Dynamic Sampling fs om Graphical Models Yitong Yin Nanjing University Joint work with W

Dynamic Sampling fs om Graphical Models Yitong Yin Nanjing University Joint work with W eiming Feng ( Nanjing ) Nisheeth Vishnoi ( EPFL ) Graphical Model instance of graphical model: I = ( V, E, [ q ] , ) V : variables v E 2

936 views • 55 slides
Transforming Graphical System Models to Graphical Attack Models ! Joint work with Marieta

Transforming Graphical System Models to Graphical Attack Models ! Joint work with Marieta

From Graphical System Models... ... to Graphical Attack Models ... ... to Risk Assessment Transforming Graphical System Models to Graphical Attack Models ! Joint work with Marieta Georgieva Ivanova, ! ! Ren e Rydhof Hansen, and Florian

650 views • 27 slides
Graphical models Review P [( x y z ) ( y u ) ( z w ) ( z

Graphical models Review P [( x y z ) ( y u ) ( z w ) ( z

Graphical models Review P [( x y z ) ( y u ) ( z w ) ( z u v )] Dynamic programming on graphs ! variable elimination example ! Graphical model = graph + model ! e.g., Bayes net: DAG + CPTs !

469 views • 33 slides
Probabilistic reasoning with graphical security models Barbara Kordy Clermont-Ferrand, January

Probabilistic reasoning with graphical security models Barbara Kordy Clermont-Ferrand, January

Probabilistic reasoning with graphical security models Barbara Kordy Clermont-Ferrand, January 7, 2016 Digital Confidence seminar Joint work Prof. Dr. Marc Pouly Lucerne University of Applied Sciences and Arts Dr. Patrick Schweitzer

903 views • 54 slides
Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg

Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg

Outline Dynamic Models Gaussian Linear Models Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg Unification Summary HMMs HMM in short is a Bayes Net satisfies Markov property

286 views • 9 slides
Learning Discrete Graphical Models with Neural Networks Andrey Lokhov joint work with Abhijith

Learning Discrete Graphical Models with Neural Networks Andrey Lokhov joint work with Abhijith

Slide 1 Learning Discrete Graphical Models with Neural Networks Andrey Lokhov joint work with Abhijith Jayakumar, Sidhant Misra, Marc Vuffray UNCLASSIFIED Managed by Triad National Security, LLC for the U.S. Department of Energys NNSA

407 views • 15 slides
A road map to more complex dynamic models discrete discrete continuous Y Y Y discrete

A road map to more complex dynamic models discrete discrete continuous Y Y Y discrete

School of Computer Science State Space Models Probabilistic Graphical Models (10- Probabilistic Graphical Models (10 -708) 708) Lecture 13, part II Nov 5th, 2007 Receptor A Receptor A Receptor B Receptor B X 1 X 1 X 1 X 2 X 2 X 2 Eric

360 views • 21 slides
A road map to more complex dynamic models Y Y Y discrete discrete continuous A A A X X

A road map to more complex dynamic models Y Y Y discrete discrete continuous A A A X X

School of Computer Science State Space Models Probabilistic Graphical Models (10- Probabilistic Graphical Models (10 -708) 708) Lecture 13, Oct 31, 2007 Receptor A Receptor A X 1 X 1 X 1 Receptor B Receptor B X 2 X 2 X 2 Eric Xing Eric

221 views • 21 slides
Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on

Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on

Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on Previously on Probabilistic Graphical Models Probabilistic Graphical Models Probability distribution and density functions Random variable

1.39k views • 104 slides
Undirected Graphical Models Aaron Courville, Universit de Montral 2 (UNDIRECTED) GRAPHICAL

Undirected Graphical Models Aaron Courville, Universit de Montral 2 (UNDIRECTED) GRAPHICAL

Undirected Graphical Models Aaron Courville, Universit de Montral 2 (UNDIRECTED) GRAPHICAL MODELS Overview : Directed versus undirected graphical models Conditional independence Energy function formalism Maximum likelihood

1.06k views • 61 slides
Random Networks, Graphical Models and Exchangeability Alessandro Rinaldo Carnegie Mellon

Random Networks, Graphical Models and Exchangeability Alessandro Rinaldo Carnegie Mellon

Exchangeability A finite deFinetti theorem Bidirected graphical models Random Networks, Graphical Models and Exchangeability Alessandro Rinaldo Carnegie Mellon University joint work with Steffen Lauritzen and Kayvan Sadeghi October 4, 2015

647 views • 37 slides
Probabilistic Graphical Models Probabilistic Graphical Models Undirected Models Fall 2019

Probabilistic Graphical Models Probabilistic Graphical Models Undirected Models Fall 2019

Probabilistic Graphical Models Probabilistic Graphical Models Undirected Models Fall 2019 Siamak Ravanbakhsh Learning objectives Learning objectives Markov networks: how it represents a prob. dist. independence assumptions

941 views • 57 slides
Directed Graphical Models: Bayesian Networks Probabilistic Graphical Models Sharif University of

Directed Graphical Models: Bayesian Networks Probabilistic Graphical Models Sharif University of

Directed Graphical Models: Bayesian Networks Probabilistic Graphical Models Sharif University of Technology Soleymani Spring 2018 Basics Multivariate distributions with large number of variables Independency assumptions are useful

503 views • 36 slides
Graphical Models Independence & Factorization Including structure Complexity of

Graphical Models Independence & Factorization Including structure Complexity of

Graphical Models slides adopted from Sandro Schnborn 1 Graphical Models Independence & Factorization Including structure Complexity of multivariate problems Independence assumptions Graphical Models Graphs to depict

385 views • 23 slides
Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and

Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and

GraMSec 2014 Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and University of Oslo Grenoble, April 12, 2014 Technology for a better society 1 This talk aims to provide A classification of

852 views • 51 slides
Probabilistic Graphical Models Probabilistic Graphical Models Variable elimination Siamak

Probabilistic Graphical Models Probabilistic Graphical Models Variable elimination Siamak

Probabilistic Graphical Models Probabilistic Graphical Models Variable elimination Siamak Ravanbakhsh Fall 2019 Learning objective Learning objective an intuition for inference in graphical models why is it difficult? exact inference by

1.49k views • 62 slides
Engineering Culture Secret Sauce of Great Software Great Software process model Great

Engineering Culture Secret Sauce of Great Software Great Software process model Great

Engineering Culture Secret Sauce of Great Software Great Software process model Great Software language framework technology Great Software tools Great Software trends Great Software 4 Great Software Overlooked Deep impact

993 views • 53 slides
The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are

The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are

The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are concerned about security these days - - People arent sure about the security impact of the cloud - Scared people are good customers - Lots of

588 views • 41 slides
M-SRBT Minuteman Linear Rail Assembly Preassembled Shaft, Rail, and Matched Centerline1. LM76SL

M-SRBT Minuteman Linear Rail Assembly Preassembled Shaft, Rail, and Matched Centerline1. LM76SL

M-SRBT Minuteman Linear Rail Assembly Preassembled Shaft, Rail, and Matched Centerline1. LM76SL Linear Bearing(s) PART NUMBER DIMENSIONS LINEAR GUIDE BAR E T F T SERIES SIZE LENGTH SST A B C D BEARING DIAMETER M - SRB ? - 08 -

325 views • 18 slides
Worship: A Matter of Life and Death Worship: A Matter of Life and Death Worship: A Matter of

Worship: A Matter of Life and Death Worship: A Matter of Life and Death Worship: A Matter of

Worship: A Matter of Life and Death Worship: A Matter of Life and Death Worship: A Matter of Life and Death Worship: A Matter of Life and Death 1 Come, let us Come, let us Come, let us Come, let us sing for joy to the LORD; let us shout

680 views • 30 slides
Pondering and Patrolling Perimeter Defenses Bill Cheswick ches@lumeta.com http://www.lumeta.com

Pondering and Patrolling Perimeter Defenses Bill Cheswick ches@lumeta.com http://www.lumeta.com

Pondering and Patrolling Perimeter Defenses Bill Cheswick ches@lumeta.com http://www.lumeta.com 16 June 2005 Pondering Perimeters: DOE 1 of 105 Brief personal history Started at Bell Labs in December 1987 Immediately took over

1.21k views • 105 slides
MA111: Contemporary mathematics Turn the entrance quiz in as usual on an 3x5 index card. The

MA111: Contemporary mathematics Turn the entrance quiz in as usual on an 3x5 index card. The

MA111: Contemporary mathematics Turn the entrance quiz in as usual on an 3x5 index card. The question is on the worksheet: How long does this take? Name Duration Need to finish these first M: Make the pasta 34 minutes (P) Put out the pots

245 views • 3 slides
Qserv: parallel, distributed SQL query service for the LSST sky catalog Daniel L. Wang SLAC

Qserv: parallel, distributed SQL query service for the LSST sky catalog Daniel L. Wang SLAC

Qserv: parallel, distributed SQL query service for the LSST sky catalog Daniel L. Wang SLAC National Accelerator Laboratory, Menlo Park, CA, USA 27 January 2015 D.L.Wang (SLAC) 27 January 2015 1 / 27 Outline Background 1 Qserv Overview 2

547 views • 27 slides
Community Engagement = More Hands to Save More Lives Alison Faris Erika Leckington City of

Community Engagement = More Hands to Save More Lives Alison Faris Erika Leckington City of

2/24/2011 Community Engagement = More Hands to Save More Lives Alison Faris Erika Leckington City of Tallahassee employee & Director, Tallahassee Leon Community Proud member of the TLCASC Animal Service Center Communications Team A Successful

286 views • 14 slides

More recommend