network security modelling
play

Network Security Modelling Isabelle at i8 Cornelius Diekmann - PowerPoint PPT Presentation

Jan 13, 2023 •345 likes •1.13k views

Network Security Modelling Isabelle at i8 Cornelius Diekmann Lehrstuhl f ur Netzarchitekturen und Netzdienste Institut f ur Informatik Technische Universit at M unchen March 27, 2013 C. Diekmann (TU M unchen) Network Security

  1. Network Security Modelling Isabelle at i8 Cornelius Diekmann Lehrstuhl f¨ ur Netzarchitekturen und Netzdienste Institut f¨ ur Informatik Technische Universit¨ at M¨ unchen March 27, 2013 C. Diekmann (TU M¨ unchen) Network Security Modelling 1

  2. Agenda Motivation & Introduction 1 Related Work 2 3 Abstract Network Security Model Definition Concrete Network Models 4 5 Implementation Evaluation 6 7 Conclusion Slides: 64 C. Diekmann (TU M¨ unchen) Network Security Modelling 2

  3. Motivation & Introduction C. Diekmann (TU M¨ unchen) Motivation & Introduction 3

  4. Border Firewalls Problems Hard to administer Many corporate firewall misconfigured, even experienced admins make mistakes [Woo04, HAS06, YCM + 06] In reality: “no good high-complexity rule sets” [Woo04] Coarse grained: One compromised host in the intranet subverts everything Internet Backup internal Intranet Firewall Fileserver Workstation Workstation Workstation Workstation C. Diekmann (TU M¨ unchen) Motivation & Introduction Border Firewalls 4

  5. Border Firewalls Problems Hard to administer Many corporate firewall misconfigured, even experienced admins make mistakes [Woo04, HAS06, YCM + 06] In reality: “no good high-complexity rule sets” [Woo04] Coarse grained: One compromised host in the intranet subverts everything Internet Workstation Workstation Firewall Intranet Workstation Backup internal Workstation Fileserver C. Diekmann (TU M¨ unchen) Motivation & Introduction Border Firewalls 4

  6. Security Components – Bishop [Bis03] Requirements Policy Mechanisms Security Requirements Individual, scenario specific security needs e. g. Specified in requirements document e. g. Confidentiality of trade secrets in our database Security Policy How to achieve requirements e. g. Mechanism’s configuration e. g. Firewall rule set Security Mechanisms Enforce policy e. g. Firewall, VPN, ... C. Diekmann (TU M¨ unchen) Motivation & Introduction Security Components 5

  7. Our Goals Requirements Policy Mechanisms Verify network’s security requirements Method to construct secure network topology Feedback: Assess quality of security requirements Usability Focus on industrial environments Closed networks Known participants C. Diekmann (TU M¨ unchen) Motivation & Introduction Security Components 6

  8. Related Work C. Diekmann (TU M¨ unchen) Related Work 7

  9. Related Work Network Management [BJUN07, UNJB] No formal methods, low level Network Vulnerability Modelling [RA00] Model checker, barely usable, unrealistic assumption e. g. I know all available exploits Firewall analysis [Woo04, ASH04, PCG07, YCM + 06, GH05, HAS06, MGC12] Low level, discovers known errors Assumes almighty admin, axiomatic security policy available Information Flow Security Programming languages [Eck12, GM82, Rus92, BS09, ML97a, ML97b, VBC + 04, Den76, Den75, Fol91, Sut86, McL90, McC90, Man02] Taxonomy, security classes (lattices), composition of systems C. Diekmann (TU M¨ unchen) Related Work 8

  10. Related Work: Guttman and Herzog Rigorous Automated Network Security Management [GH05] Formal modeling method to check compliance of network to security goals (high level policy) “ For instance, a corporation may use outbound filtering to ensure that traffic with a database server cannot be misrouted outside its networks since much sensitive business information is carried in these packets ” [GH05, 2.2 Expressing security goals] n filtering routers: O ( n ) security goals O ( 1 ) security requirements: database’s confidentiality False positives may occur “[. . . ] give additional information reducing false positives. That is, the additional information will help reduce the cases in which we report that there may be violations, when in fact there is no counterexample [. . . ]” [GH05, 4.2 Deriving algorithms] C. Diekmann (TU M¨ unchen) Related Work 9

  11. The famous Bell LaPadula Model C. Diekmann (TU M¨ unchen) Related Work Bell LaPadula 10

  12. Bell LaPadula Model Confidentiality and privacy security requirements Each subject is assigned a security clearance unclassified < confidential < secret < topsecret Total function sc : subject ⇒ security clearance Rules receiver r , sender s 1 no-read-up: sc r ≥ sc s 2 no-write-down: sc s ≤ sc r sc s ≤ sc r Network: directed graph G blp G sc ≡ ∀ ( s , r ) ∈ edges G . sc s ≤ sc r Default configuration: Everything is unclassified C. Diekmann (TU M¨ unchen) Related Work Bell LaPadula 11

  13. Bell LaPadula Example Host1 Host2 unclassified unclassified Host1 Host2 unclassified classified Host1 Host2 classified unclassified C. Diekmann (TU M¨ unchen) Related Work Bell LaPadula 12

  14. Encoding Security Requirements Abstract Network Security Model Definition C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition 13

  15. Abstract Network Security Model Definition Encodes some type of security requirement Network Security Model – locale 1 Secure default configuration value ⊥ 2 Function eval model semantic validity of the network 3 Function verify globals syntactic checks 4 target focus Offending host of offending flow. Sender or receiver. Bool Signatures: ⊥ : ’a ( G : graph , nP : vertices ⇒ ‘a , gP : ‘b ) : Bool eval model ( G : graph , nP : vertices ⇒ ‘a , gP : ‘b ) : Bool verify globals C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition 14

  16. Abstract Network Model Definition Checking a model: Input G Configuration 1 Verify that the supplied graph G is syntactically valid. 2 Optional: verify that the supplied configuration only mentions nodes of G. 3 Generate nP : Map all nodes configured by the supplied configuration to their configuration value, map the rest to ⊥ . 4 Call verify globals . 5 Call eval model . C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition 15

  17. Security Prerequisites What is ⊥ ? C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition 16

  18. Secure by default ⊥ is secure default parameter ⊥ can be securely inserted as configuration of all unconfigured nodes Administrator can use model without configuring all nodes Fahrplan towards secure ⊥ 1 Offending flows Valid model → Empty set Invalid model → Minimal set of flows to remove to render model valid Can be ambiguous: set of sets 2 target focus taxonomy 3 Security prerequisites for a secure default parameter Next slide C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 17

  19. Taxonomy Host1 Host2 ? classified unclassified − → offending host Offending flow Model target focus Bell LaPadula Receiver Bell LaPadula + trust Receiver Dependability Sender DomainHierarchy Sender NonInterference Receiver SecurityGateway Sender SecurityGatewayExtended Sender Sink Receiver Subnets Sender SubnetsInGW Sender Receiver → information flow security model Sender → access control model C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 18

  20. Secure Default Parameter Preliminary Considerations Secure with regard to the available information Replace configuration with ⊥ Replacement ≡ forgot to configure A default configuration must never solve an existing security violation Assigning unknown hosts a default configuration does not impose security risks C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 19

  21. Host1 Host2 top secret secret Host1 Host2 top secret unclassified Secure Default Parameter Case model invalid ( eval model = False ) Some security violation exists Host1 Host2 classified unclassified C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 20

  22. Host1 Host2 top secret secret Host1 Host2 top secret unclassified Secure Default Parameter Case model invalid ( eval model = False ) Some security violation exists Host1 Host2 classified unclassified Offending flows → offending host ( target focus ) C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 20

  23. Secure Default Parameter Case model invalid ( eval model = False ) Some security violation exists Host1 Host2 classified unclassified Offending flows → offending host ( target focus ) Considering only validity and offending flows Host1 Host2 top secret secret Host1 Host2 top secret unclassified Replacing offending host’s configuration by ⊥ : removes no information Must never render model valid! C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 20

  24. ⊥ conclusion ⊥ is secure under the given information, if 1 For all networks 2 In all invalid configurations 3 Replacing the configuration of an offending host with ⊥ does not render the model valid. C. Diekmann (TU M¨ unchen) Abstract Network Security Model Definition Secure by Default 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic

Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic

MK East Local Stakeholder Group Briefing Note 29/01/19 Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic modelling undertaken and Summary of Network Performance in the 2031 Reference Case and the

727 views • 48 slides
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion

583 views • 7 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
SEARCH FOR (EVIDENCE FOR) SEARCH FOR (EVIDENCE FOR) EXTRA DIMENSIONS @ LHC EXTRA DIMENSIONS @

SEARCH FOR (EVIDENCE FOR) SEARCH FOR (EVIDENCE FOR) EXTRA DIMENSIONS @ LHC EXTRA DIMENSIONS @

SEARCH FOR (EVIDENCE FOR) SEARCH FOR (EVIDENCE FOR) EXTRA DIMENSIONS @ LHC EXTRA DIMENSIONS @ LHC HEP Mad-07, Antananarivo HEP Mad 07, Antananarivo September 2007 Erez Etzion, Tel Aviv University, Israel OUTLINE OUTLINE History of

687 views • 46 slides
Log-Scaling rainfall data: effects on GPD Bayesian goodness of fit. M.I. Ortego J.J. Egozcue

Log-Scaling rainfall data: effects on GPD Bayesian goodness of fit. M.I. Ortego J.J. Egozcue

Motivation Model Estimation Model Checking Conclussions Log-Scaling rainfall data: effects on GPD Bayesian goodness of fit. M.I. Ortego J.J. Egozcue Departament de Matemtica Aplicada III E.T.S. Enginyeria Camins Canals Ports Barcelona

613 views • 25 slides
Y Behavioral Interven.on Research Using tDCS Promoting useful Plasticity

Y Behavioral Interven.on Research Using tDCS Promoting useful Plasticity

Patient Adaptive Y Behavioral Interven.on Research Using tDCS Promoting useful Plasticity P Intervention plasticity in motor cortex O Dylan J. Edwards PhD Maladaptive Patient + The Burke Medical Research

323 views • 7 slides
Use of a Levy Distribution for Modeling Best Case Execution Time Variation Jonathan Beard, Roger

Use of a Levy Distribution for Modeling Best Case Execution Time Variation Jonathan Beard, Roger

Use of a Levy Distribution for Modeling Best Case Execution Time Variation Jonathan Beard, Roger Chamberlain SBS Stream Based Supercomputing Lab http://sbs.wustl.edu Work also supported by: 1 Outline Motivation Stream Processing

582 views • 36 slides
Multi-dimensional Indexing GIS applications (maps): GIS applications (maps): Urban

Multi-dimensional Indexing GIS applications (maps): GIS applications (maps): Urban

Advanced Data Structures NTUA 2007 NTUA 2007 R-trees and Grid File Multi-dimensional Indexing GIS applications (maps): GIS applications (maps): Urban planning, route optimization, fire or pollution monitoring, utility networks, etc.

817 views • 66 slides
5. Spatial databases Characteristics: The scene of spatial data is a geometric space , with

5. Spatial databases Characteristics: The scene of spatial data is a geometric space , with

5. Spatial databases Characteristics: The scene of spatial data is a geometric space , with some dimensionality (usually 2 or 3). The shape and location are essential components of information Dimension values are most often numeric,

765 views • 32 slides
Tasks of Adolescence Emotional Control Physical Confidence Cognitive

Tasks of Adolescence Emotional Control Physical Confidence Cognitive

5/18/16 Julie Metzger, RN Tasks of Adolescence Emotional Control Physical Confidence Cognitive Competence Social Community 1 5/18/16 A Middle Schooler I could use a little more help on being afraid of

385 views • 20 slides
A Statistical Investigation of Long Memory in Language and Music Alexander Greaves-Tunnell and

A Statistical Investigation of Long Memory in Language and Music Alexander Greaves-Tunnell and

A Statistical Investigation of Long Memory in Language and Music Alexander Greaves-Tunnell and Zaid Harchaoui ICML 2019 Problem How do we define long-range dependence ? Problem How do we define long-range dependence ? How can it be

725 views • 14 slides

More recommend