Risk Assessment in Layered Solutions Commercial Solutions for - - PowerPoint PPT Presentation

Risk Assessment in Layered Solutions

Commercial Solutions for Classified (CSfC) - Risk Analysis

Christopher Martinez1, Robert Haverkos2

1Purdue University, Marti606@Purdue.edu, 2Purdue University, RHaverko@Purdue.edu

Slide 1

Presentation Index

• Detailed Problem Description
• Problem Statement
• Approach
• Results and Conclusion
• Future Directions

Slide 2

Detailed Problem Description

The Original Abstract

• Provided by the National Security Agency (NSA)
• Supported the core belief that the risk associated with the use of any security

solution is always greater than zero.

• Desired a model that:
• Would measure risk.*
• Would allow sharing of risk with stakeholders.*
• Would outline “the right way to combine risk assessments for each layer into a

risk assessment for the overall solution”.

• Would “incorporate new risks that have relatively little significance to each

individual system, but which impact the overall two-layer solution”. *In a “two independent layer” situation.

Slide 3

Problem Statement

To develop a meaningful method of combining risk assessments for individual security Mechanisms in a risk assessment for the

• verall Layered Solution.
• Mechanisms:

– Devices (hardware or software) used to provide security to an information system.

• Layered Solution:

– The combination of Mechanisms in a security solution.

Slide 4

Approach

• 1. Define The Environment of a Layered Solution
• 2. Define The Interactions of a Layered Solution

Slide 5

Approach - The Traditional Security Solution

Security Requirement(s) Security Measure(s)

Slide 6

Approach - The Layered Solution

Slide 7

Approach - Mechanisms and Attributes of Layered Solutions

Slide 8

Note: Software Security Mechanism(s)

Approach - The Environment of a Layered Solution (Overview)

Slide 9

Approach – Risk Assessment in Layered Solutions

• Function and Class-based Approach
• Promotes modularity and “ease of use”.
• Allows for scalability of risk assessment in Layered Solutions.
• Model consists of three fundamental Objects:
• The Layered Solution Object
• The Mechanism Object
• The Security Critical Attribute Object

Slide 10

Approach - The Layered Solution Object

Slide 11 The identifies what sort of Mechanism the Layered Solution is using. is the specific example of the class. contains a list of all the Mechanisms that make up the Layered Solution. contains any special rules that may need to be applied to this specific implementation is what contains the risk score generated by the model.

Approach - The Layered Solution Object

Slide 12

Approach - The Mechanism Object

Slide 13 The identifies what sort of Mechanism the Layered Solution is using. is the specific example of the class. contains a list of the Security Critical Attributes of the Mechanism. contains any special rules that may need to be applied to this specific implementation. is what contains the risk score of the Mechanism. defines the type of interactions the Mechanism can have with other Mechanisms.

Approach - The Mechanism Object

Slide 14

Approach - The Security Critical Attribute (SCA) Object

Slide 15 The identifies the Security Critical Attribute in the Mechanism. is the specific example of the Security Critical Attribute. is the first field representing interaction between different SCA’s. functions same as the compromise field. It contains a list

• f SCAs that can be preempted by

this layer.

• risk assessments by Subject-

matter Expert (SME) in order to define this value is an alternative way

• f defining the interaction from the
• ther direction.

lists the modifications or specific changes.

Approach - The Security Critical Attribute (SCA) Object

Slide 16

Approach – Interaction of Risk at The Mechanism Level

• Represent Security Critical Attributes (and interactions) in a graph.

– Solid Arrows indicate “Can Compromise” link. – Dotted Arrow indicates a “Preempt” link.

Slide 17

Mechanism

Code

Manufacturer

O.S. Machine National Origin

Administrator Configuration

Policy

Approach – Interaction of Risk at The Mechanism Level

• Cyclic Mechanism Interaction

Slide 18

Mechanism

Code

Manufacturer

O.S. Machine National Origin

Malicious Administrator Configuration

Policy

Approach – Interaction of Risk at The Mechanism Level

• Associating Security Critical Attribute Risk Value(s)

Slide 19

Mechanism Risk : ____

Code

Manufacturer

O.S. Machine National Origin

Administrator Configuration

Policy

.4% .1% .3% .4% .5% .2% .2% .3%

Weakest Link

Approach – Resolving Risk at The Mechanism Level

• The compromise relations resolve to set the risk field for the Mechanism.

Slide 20

Mechanism Risk

Code

Manufacturer

O.S. Machine

National Origin

Administrator Configuration

Policy

.4% .5% .3% .5% .5% .5% .5% .5%

.5%

Results and Conclusion

Slide 21

• Example of a meaningful method to combining risk

assessments for individual security Mechanisms in a risk assessment for the overall Layered Solution.  Function and Class-based Approach

• Promotes modularity and “ease of use”.
• Allows for scalability of risk assessment in Layered Solutions.
• Applicable to Layered Solutions in any Information System

Future Directions

Slide 22

Birthday Paradox

• The Birthday Paradox (or Birthday Problem) concerns the probability that,

in a set of n randomly chosen people, some pair of them will have the same birthday.

• It is feasible to believe this phenomenon could also exist in cascading

vulnerabilities amongst the Mechanisms presented in our model.

Evaluation of Risk

• It is possible to represent the risk analysis assumptions as more than

simple percentages. In theory, Bayesian scores can be utilized for the assessment of risk at The Security Critical Attribute Object proportion of

• ur model.

Questions? Comments?

Slide 23 (Final)