[PPT] - Pareto-Optimal Situaton Analysis for Selection of Security Measures PowerPoint Presentation

SLIDE 1

Pareto-Optimal Situaton Analysis for Selection of Security Measures

Andres Ojamaa

Joint work with Jüri Kivimaa and Enn Tyugu

Institute of Cybernetics at TUT

CS Theory Days, Feb 1 2009, Kääriku

SLIDE 2

Outline

Introduction Background and Motivation Graded Security Model Security Goals Parameters and Functions Optimizing Security Measures Discrete Dynamic Programming Graded Security Expert System Example Visual Specification Example of Results

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 2

SLIDE 3

Security Situation Management

◮ The aim is to provide the best possible security of a system

with given amount of resources.

◮ At the same time at least the standard requirements

should be satisfied, if possible.

◮ Solutions are usually needed yesterday. Therefore detailed

risk analysis is not a good option.

◮ The goal is achieved by coarse-grained analysis of security

situation and optimisation of resource usage.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 3

SLIDE 4

Security Awareness Simulation Games

◮ CyberCIEGE — video game and tool to teach network

security concepts (2005)

◮ CyberProtect — DISA-produced game that includes

hacker attacks and budget constraints (1999)

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 4

SLIDE 5

Situation Description: Security Goals

Security class is determined by security levels, associated with security goals:

◮ confidentiality (C), ◮ integrity (I), ◮ availability (A), ◮ non-repudiation (N).

e.g. C2 I1 A1 N2 The model can be extended by adding security goals.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 5

SLIDE 6

Situation Description: Parameters of the Model

◮ Available resources — r ◮ Integral measure of security — S ◮ Security measures groups — g1, g2, . . . , gn ◮ Security levels of measures groups — l1, l2, . . . , ln ◮ Security confidences granted by measures groups —

q1, q2, . . . , qn

◮ Relative importance of measures groups: weights —

a1, a2, . . . , an, where n

i=1 ai = 1

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 6

SLIDE 7

Abstract Security Profile

An abstract security profile p is an assignment of security levels to each group of security measures: p = (l1, l2, . . . , ln)

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 7

SLIDE 8

Cost Function

The cost function h gives the costs h(l, g) required for implementing security measures of a group g for a level l. The costs of implementing a given abstract security profile: costs(p) =

n

i=1

h(li, gi) Goal 1: Keep the value of costs(p) as low as possible.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 8

SLIDE 9

Levels Requirement Function

Function s produces a required security level s(c, g) for a group g when the security class is c. The requirements may be prescribed by security standards such as BSI, NISPOM or ISKE.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 9

SLIDE 10

Integrated Security Metrics

The overall security of a system is described by means of an integrated security metrics (integral security confidence) S. S =

n

i=1

aiqi Goal 2: Increase security confidence of a system.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 10

SLIDE 11

Dependencies

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 11

SLIDE 12

Conventional Graded Security Solution

S l r

1 2 3 S* r* 1, 2, 3, 6, 8, 9 4 5, 7

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 12

SLIDE 13

Pareto-Optimality Curve

resources security

Pareto Optimality Tradeoff Curve rmin rmax

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 13

SLIDE 14

Pareto-Optimal Security Solutions

S l r

1 2 3 1 4 r

1

r

2

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 14

SLIDE 15

Dynamic Programming

Building optimal solutions gradually, for 1, 2, . . . , n security measures groups enables us to use discrete dynamic programming, and to reduce considerably the search. The fitness function S defined on intervals from j to k as S(j, k) =

k

i=j

aiqi is additive on the intervals, because from the definition of the function S we have S(1, n) = S(1, k) + S(k, n).

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 15

SLIDE 16

Discrete Dynamic Programming

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 16

SLIDE 17

Complexity Compared

2e+08 4e+08 6e+08 8e+08 1e+09 1.2e+09 1 2 3 4 5 6 7 8 9 10 Number of search steps Number of security measures groups Exhaustive search Dynamic programming

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 17

SLIDE 18

Graded Security Expert System

Vi

GUI Optimizer Visual composer Knowledge modules

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 18

SLIDE 19

Visual Specification

Help Options Scheme Package View Edit File

ptimization

100% 471, 10 Cost Confidence 4 8 12 30 60 65 User training Redundancy Access control Antivirus software Backup Segmentation Cost Confidence 2 4 7 60 80 95 Encryption Firewall Intrusion detection DDP Optimizer Context: Resources: min max 1 70 Banking

y levels

s

SecClass:

s

C2I1A1M2 S E

BF DP

SC1 SC2 01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 19

SLIDE 20

Knowledge Modules as Decision Tables

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 20

SLIDE 21

Example of Results

Confidence Redundancy User training

5 10 15 20 25 30 35 40 45 50 55 60 65 70

Costs

5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85

Confidence

1 2 3 4 5 6

Level index

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 21

SLIDE 22

Future Work

◮ Combine the optimization package with risk analysis tools

(e.g. attack trees)?

◮ Improve the visual language and the user interface ◮ Collect and accumulate expert knowledge and real data ◮ Experiments with real data ◮ Implement dependant measure groups ◮ Analyze sensitivity of results wrt inaccurate input data

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 22

SLIDE 23

Summary

A CoCoViLa package was developed to help the IT manager/security expert answer the following questions quickly:

◮ How much resources are needed to achieve the required

level of information security?

◮ What is the best way to spend the IT security budget?

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 23

SLIDE 24

References

◮ CoCoViLa — Compiler Compiler for Visual Languages,

http://www.cs.ioc.ee/~cocovila

◮ CyberCIEGE — http://cisr.nps.edu/cyberciege/ ◮ CyberProtect —

http://iase.disa.mil/eta/online-catalog.html

◮ E. Tyugu. Algorithms and Architectures of Artificial Intelligence. IOS

Press, 2007.

◮ A. Ojamaa, E. Tyugu, J. Kivimaa. Pareto-optimal situation analysis for

selection of security measures. In: MILCOM 08: Assuring Mission Success: Unclassified Proceedings, November 17-19 San Diego, 2008, 7 p.

01.02.2009

A. Ojamaa

Pareto-Optimal Situaton Analysis for Selection of Security Measures 24