simulation based optimization of information security
play

Simulation-based optimization of information security controls: An - PowerPoint PPT Presentation

Nov 21, 2023 •126 likes •1.01k views

Simulation-based optimization of information security controls: An adversary-centric approach Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer December 9, 2013; Washington, DC Funded by the Austrian

  1. Simulation-based optimization of information security controls: An adversary-centric approach Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strauß, Christian Stummer December 9, 2013; Washington, DC Funded by the Austrian Science Fund under project number P 23122-N23

  2. Simulation-based optimization of information security controls: An adversary-centric approach Agenda Introduction Introduction Framework Knowledge base Framework Attack patterns Simulation Knowledge base Optimization Attack patterns Decision support Example Simulation Experimental setup Optimization Results Conclusions Decision support Appendix Example Experimental setup Results Conclusions Appendix 46

  3. Simulation-based optimization of information security controls: An adversary-centric approach Major security management challenges Introduction 3 Framework ◮ Growing complexity of information systems Knowledge base Attack patterns ◮ Malicious threats and targeted attacks Simulation Optimization ◮ Increasingly sophisticated attacks that exploit Decision support ◮ software vulnerabilities Example Experimental setup ◮ network vulnerabilities Results ◮ social vulnerabilities Conclusions ◮ insider knowledge and access Appendix ◮ etc. ◮ Heterogeneous adversaries hacktivists, script kiddies, insiders, advanced persistent threats . . . → Best way to cope with such risks? 46

  4. Simulation-based optimization of information security controls: An adversary-centric approach Core ideas Introduction 4 Security is. . . Framework Knowledge base ◮ not the result of any particular technical measure Attack patterns Simulation ◮ a system property that emerges from interactions Optimization Decision support ◮ not an absolute concept, but involves tradeoffs Example Experimental setup ◮ meaningless without a specific threat model Results Conclusions Appendix “Best” solution is highly context-dependent, e.g., ◮ system characteristics ◮ threat landscape ◮ available resources ◮ decision-makers’ risk preferences 46

  5. Simulation-based optimization of information security controls: An adversary-centric approach Problem definition Introduction 5 Framework Objective: choose an “optimal” set of security controls Knowledge base Attack patterns Simulation Approach: Optimization Decision support 1. Model Example Experimental setup a) abstract causal interdependencies Results b) the information system and its context Conclusions c) adversaries and their behavior Appendix 2. Apply sets of security controls and simulate attacks 3. Optimize control sets w.r.t. multiple objectives 4. Support decision-maker in the selection of a control set 46

  6. Simulation-based optimization of information security controls: An adversary-centric approach Overview Introduction Framework 6 Knowledge base Attack Scenario Attack patterns Simulation Optimization Attacker Attacker Decision support model objectives Example Experimental setup Knowledge base Results Conclusions Appendix Successful attacks Implementation cost Implementation time Detected attacks Successful attack actions Running cost Attack and Control Attack Pattern Abstract Attack Model Linking Attack Graph Simulation Engine System Model 1 1 1 0 0 0 0 1 0 0 1 1 Metaheuristic optimization 46

  7. Simulation-based optimization of information security controls: An adversary-centric approach Knowledge base Introduction Framework 7 Knowledge base Attack Scenario Attack patterns Simulation Optimization Attacker Attacker Decision support model objectives Example Experimental setup Knowledge base Results Conclusions Appendix Successful attacks Implementation cost Implementation time Detected attacks Successful attack actions Running cost Attack and Control Attack Pattern Abstract Attack Model Linking Attack Graph Simulation Engine System Model 1 1 1 0 0 0 0 1 0 0 1 1 Metaheuristic optimization 46

  8. Simulation-based optimization of information security controls: An adversary-centric approach Knowledge base Introduction Framework 8 Knowledge base Attack patterns Simulation Optimization Decision support Example Experimental setup Results Conclusions Appendix ◮ Captures abstract attack knowledge ◮ Actions linked through pre- and post-conditions to form graph 46

  9. Atomic attack actions Condition properties Pre-Conditions Post-Conditions

  10. Simulation-based optimization of information security controls: An adversary-centric approach Attack patterns Introduction Framework Knowledge base 10 Attack patterns Simulation Optimization Decision support Example Experimental setup Knowledge base Results Conclusions Appendix Attack and Control Attack Pattern Model Linking System Model 46

  11. Simulation-based optimization of information security controls: An adversary-centric approach Attack pattern linking Introduction Framework Knowledge base 11 Attack patterns Simulation Optimization Decision support Example Experimental setup Results Conclusions Appendix 46

  12. Simulation-based optimization of information security controls: An adversary-centric approach Attack pattern linking Introduction Framework Knowledge base 11 Attack patterns Simulation Optimization Decision support Example Experimental setup Results + Conclusions Appendix 46

  13. Simulation-based optimization of information security controls: An adversary-centric approach Attack pattern linking Introduction Framework Knowledge base 11 Attack patterns Simulation Optimization Decision support Example Experimental setup Results + Conclusions Appendix 46

  14. Simulation-based optimization of information security controls: An adversary-centric approach Attack pattern linking Introduction Framework Knowledge base 11 Attack patterns Simulation Optimization Decision support Example Experimental setup Results Conclusions Appendix 46

  15. Simulation-based optimization of information security controls: An adversary-centric approach Attack pattern linking Introduction Framework Knowledge base 11 Attack patterns Simulation Optimization Decision support Example Experimental setup Results Conclusions Appendix 46

  16. Simulation-based optimization of information security controls: An adversary-centric approach CAPEC [?] Introduction ◮ Publicly available list of common attack patterns Framework ◮ 413 patterns described in varying levels of detail Knowledge base 12 ◮ Not fully formalized (textual descriptions) Attack patterns Simulation Optimization Decision support Transformation: Example Experimental setup 1. Generic CAPEC pattern → more specific actions Results e.g., “134 Email Injection” → emailKeylogger , emailBackdoor Conclusions 2. Single CAPEC pattern → sequential atomic actions Appendix e.g., “49 Brute Forcing" → bruteForce , accessHost , accessData 3. Add additional actions e.g., accessData, accessHost 4. Formalize ◮ preconditions ◮ postconditions ◮ impact 46

  17. Simulation-based optimization of information security controls: An adversary-centric approach CAPEC example: Brute Force (1) Introduction Brute Force Attack Pattern ID: 112 ( Standard Attack Pattern Completeness: Typical Severity: High Status: Draft Framework Complete ) Description Knowledge base Summary 13 Attack patterns In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that Simulation will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. Optimization The key factor in this attack is the attacker's ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and Decision support the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an Example attacker is unable to reduce the size of this field using available clues or cryptoanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic Experimental setup machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the Results time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks. Attack Execution Flow Conclusions Appendix 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A simulation-optimization approach for information security risk management Elmar Kiesling,

A simulation-optimization approach for information security risk management Elmar Kiesling,

A simulation-optimization approach for information security risk management Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer International Conference on Operations Research September 4, 2013; Rotterdam

1.12k views • 81 slides
to Simulation Optimization to Simulation, Optimization, and back Biology Physics

to Simulation Optimization to Simulation, Optimization, and back Biology Physics

EDA among Sci & Eng fields EDA among Sci & Eng fields CS CS EDA EDA EE EE From Computability to Simulation Optimization to Simulation, Optimization, and back Biology Physics Igor Markov University of Michigan

299 views • 4 slides
Some Topics in Optimization for Simulation Michael Fu University of Maryland The ACNW

Some Topics in Optimization for Simulation Michael Fu University of Maryland The ACNW

Some Topics in Optimization for Simulation Michael Fu University of Maryland The ACNW OPTIMIZATION TUTORIALS June 13, 2005 Tres Tapas A Soft Overview: Optimization for Simulation (JOC & Annals OR papers) A Little Tutorial:

1.01k views • 54 slides
Sequential Process Calculus and Machine Models for Simulation-based Security Ralf K usters

Sequential Process Calculus and Machine Models for Simulation-based Security Ralf K usters

Sequential Process Calculus and Machine Models for Simulation-based Security Ralf K usters University of Kiel Joint work with Anupam Datta, John Mitchell, and Ajith Ramanathan University of Kiel Ralf K usters Simulation-based Security

577 views • 43 slides
NUMERICAL SIMULATION OF SELF-STRUCTURING ANTENNAS BASED ON A GENETIC ALGORITHM OPTIMIZATION SCHEME

NUMERICAL SIMULATION OF SELF-STRUCTURING ANTENNAS BASED ON A GENETIC ALGORITHM OPTIMIZATION SCHEME

NUMERICAL SIMULATION OF SELF-STRUCTURING ANTENNAS BASED ON A GENETIC ALGORITHM OPTIMIZATION SCHEME J.E. Ross * E.J. Rothwell, C.M. Coleman L.L. Nagy John Ross & Associates ECE Dept. Delphi Automotive Systems 350 W 800 N, Suite 317

681 views • 32 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
Simulation based Optimization Methods for High dimensional Urban Mobility Problems Carolina

Simulation based Optimization Methods for High dimensional Urban Mobility Problems Carolina

Simulation based Optimization Methods for High dimensional Urban Mobility Problems Carolina Osorio Work partially supported by the US NSF Awards 1351512 and 1334304 Workshop on Control for Networked Transportation Systems Carolina Osorio

373 views • 19 slides
Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility

Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility

Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR ENAC

864 views • 32 slides
Optimization and Simulation Constrained optimization Michel Bierlaire Transport and Mobility

Optimization and Simulation Constrained optimization Michel Bierlaire Transport and Mobility

Optimization and Simulation Constrained optimization Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR ENAC

1.02k views • 72 slides
Optimization and Simulation Optimization Michel Bierlaire Transport and Mobility Laboratory

Optimization and Simulation Optimization Michel Bierlaire Transport and Mobility Laboratory

Optimization and Simulation Optimization Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR ENAC EPFL)

1.37k views • 108 slides
Optimization and Simulation Constrained optimization Michel Bierlaire michel.bierlaire@epfl.ch

Optimization and Simulation Constrained optimization Michel Bierlaire michel.bierlaire@epfl.ch

Optimization and Simulation Constrained optimization Michel Bierlaire michel.bierlaire@epfl.ch Transport and Mobility Laboratory Optimization and Simulation p. 1/51 The problem Generic problem: x R n f ( x ) min subject to [ h : R n

721 views • 51 slides
Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the Security Mind: Making the Tough Decisions , Prentice-Hall, 2003, ISBN: 0-13-111829-3] Why? Why concentrate on Information Security (or IT Security) when

152 views • 11 slides
Optimization and Simulation Multi-objective optimization Michel Bierlaire Transport and Mobility

Optimization and Simulation Multi-objective optimization Michel Bierlaire Transport and Mobility

Optimization and Simulation Multi-objective optimization Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR

528 views • 22 slides
Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices

Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices

Mathematical Simulation and Optimization of Semiconductor Devices Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices Maike Lorenz Philipp Monreal Aleksandra Rakic Sapna Sharma Instructor:

884 views • 53 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
On line Power Optimization of Data Flow Multi-Core Architecture based on Vdd-Hopping for Local

On line Power Optimization of Data Flow Multi-Core Architecture based on Vdd-Hopping for Local

PATMOS 2010, Grenoble, France 20th Int. Workshop on Power And Timing Modeling, Optimization and Simulation On line Power Optimization of Data Flow Multi-Core Architecture based on Vdd-Hopping for Local DVFS Pascal Vivet 1 , Edith Beigne 1 , Hugo

749 views • 22 slides
Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes (UMA vs NUMA) 3. x86

1.18k views • 114 slides
Paging Basic method Hardware support TLB Memory Protection Hierarchical Page

Paging Basic method Hardware support TLB Memory Protection Hierarchical Page

BS1 WS19/20 topic-based slides Paging Basic method Hardware support TLB Memory Protection Hierarchical Page Tables Hashed Page Tables Inverted Page Tables Shared Pages Virtual Address space under different

964 views • 75 slides
RAC 10g on Linux Marta Jakubowska-Sobczak, OpenLab fellow Database and Application Services RAC

RAC 10g on Linux Marta Jakubowska-Sobczak, OpenLab fellow Database and Application Services RAC

RAC 10g on Linux Marta Jakubowska-Sobczak, OpenLab fellow Database and Application Services RAC overview RAC a cluster database with a shared cache and a shared storage architecture Setup example Interconnect infrastructure

1.41k views • 29 slides
UNDERSTANDING SYSTEMD THE MODERN LINUX SERVICE MANAGER GARRET ARCORACI, ROCHESTER INST . OF

UNDERSTANDING SYSTEMD THE MODERN LINUX SERVICE MANAGER GARRET ARCORACI, ROCHESTER INST . OF

UNDERSTANDING SYSTEMD THE MODERN LINUX SERVICE MANAGER GARRET ARCORACI, ROCHESTER INST . OF TECHNOLOGY INTRODUCTION ME AND SYSTEMD WHERE DOES SYSTEMD FIT http://www.uefj.org/ IN THE BEGINNING TRADITIONAL BIOS UEFI WHERE IS THE

355 views • 18 slides
CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm There is insufficient space in Iribe Virtually no student group space No TA space Extra space is going to non-CS UMIACS

1.29k views • 110 slides
Facultat d'Informtica de Barcelona Univ. Politcnica de Catalunya Administraci de Sistemes

Facultat d'Informtica de Barcelona Univ. Politcnica de Catalunya Administraci de Sistemes

Facultat d'Informtica de Barcelona Univ. Politcnica de Catalunya Administraci de Sistemes Operatius System monitoring

657 views • 27 slides
Order Statistics We often want to compute a median of a list of values. (It gives a more accurate

Order Statistics We often want to compute a median of a list of values. (It gives a more accurate

Order Statistics We often want to compute a median of a list of values. (It gives a more accurate picture than the average sometimes.) More generally, what element has position k in the sorted list? (For example, for percentiles or trimmed means.)

380 views • 13 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides

More recommend