pareto optimal situaton analysis for selection of
play

Pareto-Optimal Situaton Analysis for Selection of Security Measures - PowerPoint PPT Presentation

Sep 04, 2022 •186 likes •430 views

Pareto-Optimal Situaton Analysis for Selection of Security Measures Andres Ojamaa Joint work with Jri Kivimaa and Enn Tyugu Institute of Cybernetics at TUT CS Theory Days, Feb 1 2009, Kriku Outline Introduction Background and

  1. Pareto-Optimal Situaton Analysis for Selection of Security Measures Andres Ojamaa Joint work with Jüri Kivimaa and Enn Tyugu Institute of Cybernetics at TUT CS Theory Days, Feb 1 2009, Kääriku

  2. Outline Introduction Background and Motivation Graded Security Model Security Goals Parameters and Functions Optimizing Security Measures Discrete Dynamic Programming Graded Security Expert System Example Visual Specification Example of Results 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 2

  3. Security Situation Management ◮ The aim is to provide the best possible security of a system with given amount of resources. ◮ At the same time at least the standard requirements should be satisfied, if possible. ◮ Solutions are usually needed yesterday. Therefore detailed risk analysis is not a good option. ◮ The goal is achieved by coarse-grained analysis of security situation and optimisation of resource usage. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 3

  4. Security Awareness Simulation Games ◮ CyberCIEGE — video game and tool to teach network security concepts (2005) ◮ CyberProtect — DISA-produced game that includes hacker attacks and budget constraints (1999) 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 4

  5. Situation Description: Security Goals Security class is determined by security levels, associated with security goals: ◮ confidentiality (C), ◮ integrity (I), ◮ availability (A), ◮ non-repudiation (N). e.g. C2 I1 A1 N2 The model can be extended by adding security goals. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 5

  6. Situation Description: Parameters of the Model ◮ Available resources — r ◮ Integral measure of security — S ◮ Security measures groups — g 1 , g 2 , . . . , g n ◮ Security levels of measures groups — l 1 , l 2 , . . . , l n ◮ Security confidences granted by measures groups — q 1 , q 2 , . . . , q n ◮ Relative importance of measures groups: weights — a 1 , a 2 , . . . , a n , where � n i = 1 a i = 1 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 6

  7. Abstract Security Profile An abstract security profile p is an assignment of security levels to each group of security measures: p = ( l 1 , l 2 , . . . , l n ) 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 7

  8. Cost Function The cost function h gives the costs h ( l , g ) required for implementing security measures of a group g for a level l . The costs of implementing a given abstract security profile: n � costs ( p ) = h ( l i , g i ) i = 1 Goal 1: Keep the value of costs ( p ) as low as possible. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 8

  9. Levels Requirement Function Function s produces a required security level s ( c , g ) for a group g when the security class is c . The requirements may be prescribed by security standards such as BSI, NISPOM or ISKE. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 9

  10. Integrated Security Metrics The overall security of a system is described by means of an integrated security metrics (integral security confidence) S . n � S = a i q i i = 1 Goal 2: Increase security confidence of a system. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 10

  11. Dependencies 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 11

  12. Conventional Graded Security Solution S l S * 5, 7 3 1, 2, 3, 6, 8, 9 2 1 0 4 r r * 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 12

  13. Pareto-Optimality Curve security Pareto Optimality Tradeoff Curve r min r max resources 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 13

  14. Pareto-Optimal Security Solutions S l 4 3 2 1 1 0 r r r 1 2 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 14

  15. Dynamic Programming Building optimal solutions gradually, for 1 , 2 , . . . , n security measures groups enables us to use discrete dynamic programming, and to reduce considerably the search. The fitness function S defined on intervals from j to k as k � S ( j , k ) = a i q i i = j is additive on the intervals, because from the definition of the function S we have S ( 1 , n ) = S ( 1 , k ) + S ( k , n ) . 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 15

  16. Discrete Dynamic Programming 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 16

  17. Complexity Compared 1.2e+09 Exhaustive search Dynamic programming 1e+09 Number of search steps 8e+08 6e+08 4e+08 2e+08 0 1 2 3 4 5 6 7 8 9 10 Number of security measures groups 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 17

  18. Graded Security Expert System Knowledge modules Optimizer GUI Vi Visual composer 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 18

  19. Visual Specification File Edit View Package Scheme Options Help optimization S E BF DP SC1 SC2 100% User training Encryption DDP Optimizer Cost Confidence Cost Confidence Context: Banking 0 0 0 0 Resources: 4 30 2 60 min max 8 60 4 80 12 65 7 95 1 70 Antivirus software s s Segmentation C2I1A1M2 SecClass: Redundancy y Backup levels Firewall Access control Intrusion detection 471, 10 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 19

  20. Knowledge Modules as Decision Tables 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 20

  21. Example of Results 6 85 80 75 5 70 65 60 4 55 Confidence Level index 50 45 3 40 35 30 2 25 20 15 1 10 5 0 0 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 Costs Confidence Redundancy User training 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 21

  22. Future Work ◮ Combine the optimization package with risk analysis tools (e.g. attack trees)? ◮ Improve the visual language and the user interface ◮ Collect and accumulate expert knowledge and real data ◮ Experiments with real data ◮ Implement dependant measure groups ◮ Analyze sensitivity of results wrt inaccurate input data 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 22

  23. Summary A CoCoViLa package was developed to help the IT manager/security expert answer the following questions quickly: ◮ How much resources are needed to achieve the required level of information security? ◮ What is the best way to spend the IT security budget? 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 23

  24. References ◮ CoCoViLa — Compiler Compiler for Visual Languages, http://www.cs.ioc.ee/~cocovila ◮ CyberCIEGE — http://cisr.nps.edu/cyberciege/ ◮ CyberProtect — http://iase.disa.mil/eta/online-catalog.html ◮ E. Tyugu. Algorithms and Architectures of Artificial Intelligence. IOS Press, 2007. ◮ A. Ojamaa, E. Tyugu, J. Kivimaa. Pareto-optimal situation analysis for selection of security measures. In: MILCOM 08: Assuring Mission Success: Unclassified Proceedings, November 17-19 San Diego, 2008, 7 p. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of

Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of

Backwards Analysis Gerth Stlting Brodal Pre-talent track activity in Algorithms, Department of Computer Science, Aarhus University, February 19, 2019 Pareto optimal / non-dominated points / skyline No points Pareto optimal Dominated points

256 views • 25 slides
Asset Pricing Chapter VIII. Arrow-Debreu Pricing June 22, 2006 Asset Pricing 8.1 Setting: An

Asset Pricing Chapter VIII. Arrow-Debreu Pricing June 22, 2006 Asset Pricing 8.1 Setting: An

8.1 Setting: An Arrow Debreu Economy 8.2 Competitive Equilibrium and Pareto Optimality Illustrated 8.3 Pareto Optimality and risk Sharing 8.4 Implementing Pareto Optimal Allocations: On the Possibility of Market failure 8.5 Arrow-Debreu pricing:

655 views • 19 slides
Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B.

Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B.

Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B. Bittner, M. Bozzano, A. Cimatti, M. Gario, A. Griggio October 23, 2014 Motivations Parameters: variables with constant value, only partially

799 views • 33 slides
Pareto-Optimal Allocation of Indivisible Goods with Connectivity Constraints Ayumi Igarashi

Pareto-Optimal Allocation of Indivisible Goods with Connectivity Constraints Ayumi Igarashi

Pareto-Optimal Allocation of Indivisible Goods with Connectivity Constraints Ayumi Igarashi and Dominik Peters University of Kyushu University of Oxford AI , Stockholm, 2018-07-14 1 Allocation of a Graph

292 views • 11 slides
Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V. Satya Srinivas 1 , A.D. Sarma 2 and A. Supraja Reddy 2 1 Geethanj ali College of Engineering and Technology, Cheeryal (V), Telangana 501301 India 2

466 views • 35 slides
Neural Network Ensembles For Image Identification Using Pareto-optimal Features 2014 IEEE World

Neural Network Ensembles For Image Identification Using Pareto-optimal Features 2014 IEEE World

Neural Network Ensembles For Image Identification Using Pareto-optimal Features 2014 IEEE World Congress on Computational Intelligence July 6-11 2014 Beijing, China IEEE Congress on Evolutionary Computation Wissam A. Albukhanajer, Yaochu Jin and

635 views • 21 slides
Exact Pareto-Optimal Coordination of Two Translating Polygonal Robots on an Acyclic Roadmap

Exact Pareto-Optimal Coordination of Two Translating Polygonal Robots on an Acyclic Roadmap

Exact Pareto-Optimal Coordination of Two Translating Polygonal Robots on an Acyclic Roadmap Hamidreza Chitsaz, Jason M. OKane and Steven M. LaValle { chitsaz, jokane, lavalle } @cs.uiuc.edu. ICRA 2004. Chitsaz, OKane and LaValle p.1/17

519 views • 21 slides
Analysis of Competing Risks in the Pareto Model for Progressive Censoring with binomial removals

Analysis of Competing Risks in the Pareto Model for Progressive Censoring with binomial removals

Introduction The Models Assumptions Likelihood function Bootstrap confidence intervals Bayesian Analysis Numerical example Analysis of Competing Risks in the Pareto Model for Progressive Censoring with binomial removals Reza Hashemi and

763 views • 55 slides
Pareto Optimal Streaming Unsupervised Ensemble Learning Soumya Basu University of Texas at

Pareto Optimal Streaming Unsupervised Ensemble Learning Soumya Basu University of Texas at

Pareto Optimal Streaming Unsupervised Ensemble Learning Soumya Basu University of Texas at Austin Steven Gutstein (ARL), Brent Lance (ARL), and Sanjay Shakkottai (UT Austin) Poster # 178 Streaming Unsupervised Ensemble Learning Po Poster #178

508 views • 3 slides
Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

1. Motivation 2. Gateway Selection Game 3. Equilibrium Selection Learning 4. Evaluation 5. Conclusions Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang Song, Starsky H.Y. Wong, and Kang-Won Lee

901 views • 51 slides
Continuous Improvement Toolkit Pareto Analysis Continuous Improvement Toolkit . www.citoolkit.com

Continuous Improvement Toolkit Pareto Analysis Continuous Improvement Toolkit . www.citoolkit.com

Continuous Improvement Toolkit Pareto Analysis Continuous Improvement Toolkit . www.citoolkit.com The Continuous Improvement Map Managing Deciding & Selecting Planning & Project Management* Risk PDPC Decision Balance Sheet

396 views • 12 slides
2017 Pareto Conference Bart Heijermans CEO Recent DeepOcean presentations at Pareto Conference

2017 Pareto Conference Bart Heijermans CEO Recent DeepOcean presentations at Pareto Conference

2017 Pareto Conference Bart Heijermans CEO Recent DeepOcean presentations at Pareto Conference 2014 2016 Navigating through crowded Weathering the prolonged oil water downturn W e cannot solve our problems with the same thinking we

357 views • 18 slides
Optimal Inference After Model Selection Will Fithian Joint work with Dennis Sun & Jonathan

Optimal Inference After Model Selection Will Fithian Joint work with Dennis Sun & Jonathan

Optimal Inference After Model Selection Will Fithian Joint work with Dennis Sun & Jonathan Taylor December 11, 2015 Outline 1 Introduction 2 Inference After Selection 3 Linear Regression 4 Other Examples Two Stages Two stages of a

824 views • 69 slides
Pattern Selection for Optimal Classical Planning with Saturated Cost Partitioning Jendrik Seipp

Pattern Selection for Optimal Classical Planning with Saturated Cost Partitioning Jendrik Seipp

Pattern Selection for Optimal Classical Planning with Saturated Cost Partitioning Jendrik Seipp August 14, 2019 University of Basel, Switzerland Setting optimal classical planning pattern databases 1/14 A search + admissible

449 views • 24 slides
Optimal Shot Selection Strategies for the NBA MARK FICHMAN & JOHN OBRIEN Tepper School of

Optimal Shot Selection Strategies for the NBA MARK FICHMAN & JOHN OBRIEN Tepper School of

Optimal Shot Selection Strategies for the NBA MARK FICHMAN & JOHN OBRIEN Tepper School of Business, Carnegie Mellon University MathSport International Conference June, 2017, Padua (Italy) Basketball is Changing The NBAs most

349 views • 19 slides
Joint Optimal Power Allocation and Relay Selection with Spatial Diversity in Wireless Relay

Joint Optimal Power Allocation and Relay Selection with Spatial Diversity in Wireless Relay

Joint Optimal Power Allocation and Relay Selection with Spatial Diversity in Wireless Relay Networks Md Habibul Islam 1 , Zbigniew Dziong 1 , Kazem Sohraby 2 , Mahmoud F Daneshmand 3 , and Rittwik Jana 4 1 Ecole de Technologie Sup erieure

81 views • 5 slides
Quality Enhancement Continually taking deliberate steps to bring about improvement in the

Quality Enhancement Continually taking deliberate steps to bring about improvement in the

Quality Enhancement Continually taking deliberate steps to bring about improvement in the effectiveness of the learning experiences of students ELIR Handbook (3rd Ed.) Positive Restlessness Quality Culture shared values, beliefs,

802 views • 25 slides
V0G 7/21/2016 IASE 2C: Handling Objections V0G 2016 IASE3 1 V0G 2016 IASE3 2 Teaching

V0G 7/21/2016 IASE 2C: Handling Objections V0G 2016 IASE3 1 V0G 2016 IASE3 2 Teaching

V0G 7/21/2016 IASE 2C: Handling Objections V0G 2016 IASE3 1 V0G 2016 IASE3 2 Teaching Social Statistics: More on Confounding C: Inference & Significance Study Design Milo Schield, Augsburg College Study design can eliminate (at

341 views • 32 slides
Na#onal Associa#on of Ordnance Contractors (NAOC) Ryan Steigerwalt,

Na#onal Associa#on of Ordnance Contractors (NAOC) Ryan Steigerwalt,

Na#onal Associa#on of Ordnance Contractors (NAOC) Ryan Steigerwalt, P.G. President Military Muni6ons Support Services Webinar Series Characteriza*on 25 July 2013

226 views • 11 slides
Job Description August 2017 Position: Operations Coordinator Reports to: ACAPS Head of Programme

Job Description August 2017 Position: Operations Coordinator Reports to: ACAPS Head of Programme

Job Description August 2017 Position: Operations Coordinator Reports to: ACAPS Head of Programme Supervision of: Operations unit including ACAPS field deployees and field project team leaders, core roster members, roster manager Duty Station:

249 views • 4 slides
A b o u t g r a v i t a t i o n a l w a v e d e t e c t o r s A b

A b o u t g r a v i t a t i o n a l w a v e d e t e c t o r s A b

A b o u t g r a v i t a t i o n a l w a v e d e t e c t o r s A b o u t g r a v i t a t i o n a l w a v e d e t e c t o r s L o c R o l l a n d L a b o r a t o i r

458 views • 34 slides
Who Am I? Topic 1 Course Introduction Lecturer in CS department since 2000 Undergrad

Who Am I? Topic 1 Course Introduction Lecturer in CS department since 2000 Undergrad

Who Am I? Topic 1 Course Introduction Lecturer in CS department since 2000 Undergrad Stanford MSCS RPI Undergrad Stanford, MSCS RPI Chapman : I didn't expect a kind of Spanish Inquisition. US Navy for 8 years, submarines Cardinal

460 views • 6 slides
Sector Project Agricultural Trade and Value Chains GIZ Guest Lecture Strengthening Farmer

Sector Project Agricultural Trade and Value Chains GIZ Guest Lecture Strengthening Farmer

Sector Project Agricultural Trade and Value Chains GIZ Guest Lecture Strengthening Farmer Based Organizations (FBOs) September 19, 2017, 12 14h Bonn Agenda 1. Welcome (Gerd Fleischer, Heike Hffler) 2. GIZ Approaches in

308 views • 16 slides
Making fiscal policy more stabilising in the next upturn: Challenges and Policy Options

Making fiscal policy more stabilising in the next upturn: Challenges and Policy Options

Making fiscal policy more stabilising in the next upturn: Challenges and Policy Options Challenges and Policy Options Anne-Marie Brook New Zealand Treasury y Presentation to Macroeconomics Imbalances Forum, Wellington 24 June 2011 24 June

386 views • 25 slides

More recommend