using strategy objectives for network security analysis
play

Using Strategy Objectives for Network Security Analysis Elie - PowerPoint PPT Presentation

Dec 17, 2023 •121 likes •909 views

Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein Stanford University / LSV, Ens-Cachan Inscrypt 2009 Elie Bursztein Using Strategy Objectives for Network

  1. Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein Stanford University / LSV, Ens-Cachan Inscrypt 2009 Elie Bursztein Using Strategy Objectives for Network Security Analysis 1 / 48

  2. Network Security Game Strategy Automated Analysis Conclusion Introduction Work purpose Analyzing and anticipating computer networks attacks. Elie Bursztein Using Strategy Objectives for Network Security Analysis 2 / 48

  3. Network Security Game Strategy Automated Analysis Conclusion Network complexity: The Pentagon Case Huge network ◮ 15 000 LAN Networks ◮ 7 000 000 Computers Huge Security problems ◮ Flash Drive banned due to a virus spread (Nov 2008). ◮ 1500 computers taken (Jun 2007) Elie Bursztein Using Strategy Objectives for Network Security Analysis 3 / 48

  4. Network Security Game Strategy Automated Analysis Conclusion Attack Complexity Elie Bursztein Using Strategy Objectives for Network Security Analysis 4 / 48

  5. Network Security Game Strategy Automated Analysis Conclusion Some Epic Failures ◮ 2004 Bouygues Telecom: 2 servers downs → 3 200 000 cellphones down ◮ 2005 Japan Mitsubishi: 1 computer infected → 40 MB of confidential reports leaked on a P2P network ◮ 2007 Apple: 1 computer in the production line infected → 150 000 ipods infected by the trojan RavMonE.exe Elie Bursztein Using Strategy Objectives for Network Security Analysis 5 / 48

  6. Network Security Game Strategy Attacks Automated Analysis Conclusion Outline Network Security Attacks Game Strategy Automated Analysis Conclusion Elie Bursztein Using Strategy Objectives for Network Security Analysis 6 / 48

  7. Network Security Game Strategy Attacks Automated Analysis Conclusion Vulnerabilities ◮ A vulnerability is a software bug that can be exploited by attacker to gain privilege. ◮ An exploit is the piece of software that takes advantage of a software bug. ◮ A 0day exploit is an exploit for an undisclosed vulnerability. Elie Bursztein Using Strategy Objectives for Network Security Analysis 7 / 48

  8. Network Security Game Strategy Attacks Automated Analysis Conclusion Vulnerabilities as Step stones ◮ Large networks may suffer multiple vulnerabilities ◮ Patches and counter-measures need to be prioritized ◮ A minor vulnerability can turn into a major hole when used as a step-stone Elie Bursztein Using Strategy Objectives for Network Security Analysis 8 / 48

  9. Network Security Game Strategy Attacks Automated Analysis Conclusion Illustration of a Complex attack Exploit a bug in Firefox Stealth the web Install a trojan server password Stealth all user Upload a rogue page password Elie Bursztein Using Strategy Objectives for Network Security Analysis 9 / 48

  10. Network Security Game Strategy Attacks Automated Analysis Conclusion The Need for Automation Attack analysis can’t be done by hand: network and attack are just too complex and big for that. We need models and tools for this ! Elie Bursztein Using Strategy Objectives for Network Security Analysis 10 / 48

  11. Network Security Game Strategy Attacks Automated Analysis Conclusion Attack Graph Frameworks ◮ 1998: Use of model-checking for host security [RS98] ◮ 2000: Use of model-cheking for network [RA00] ◮ 2004: First complete framework that constructs the attack scenario [SW04] ◮ 2005: Mulval [Ou05] a framework based on Datalog. ◮ 2006: NetSpa [ALI06] a framework that scale up to 50 000 nodes. Elie Bursztein Using Strategy Objectives for Network Security Analysis 11 / 48

  12. Network Security Game Strategy Attacks Automated Analysis Conclusion Time is the Essence Network security is a race between Intruder and Administrator. Windows of vulnerability Exploit Patch Released Released Windows of Vulnerability Time Elie Bursztein Using Strategy Objectives for Network Security Analysis 12 / 48

  13. Network Security Game Strategy Attacks Automated Analysis Conclusion The Need for Time Without time meaningless actions are allowed in the model. ◮ Administrator can patch 1000 services instantly. ◮ Intruder can compromise 1000 services before the administrator have a chance to react. Without time concurrent actions can’t be modeled. Ex: Administrator may patch a service while Intruder tries to exploit it. Elie Bursztein Using Strategy Objectives for Network Security Analysis 13 / 48

  14. Network Security Game Strategy Attacks Automated Analysis Conclusion Time and Game Model Timed automaton game [AFHMS]. Property Property can be written in Timed Alternating-Time Temporal Logic [AHK06]. Elie Bursztein Using Strategy Objectives for Network Security Analysis 14 / 48

  15. Network Security Game Strategy Attacks Automated Analysis Conclusion Collateral Effects Dommage Dommage Email DNS Web collatéral collatéral DDOS Attack Internet Elie Bursztein Using Strategy Objectives for Network Security Analysis 15 / 48

  16. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Outline Network Security Game Structure Rules Strategy Automated Analysis Conclusion Elie Bursztein Using Strategy Objectives for Network Security Analysis 16 / 48

  17. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Dual layer structure The Upper-layer is the timed automaton game, the Lower-layer represents the network state. Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

  18. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Dual layer structure The Upper-layer is the timed automaton game, the Lower-layer represents the network state. Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

  19. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Lower-layer: the network state The lower layer is composed of ◮ The dependency graph ◮ A set of states (atomic proposition) Elie Bursztein Using Strategy Objectives for Network Security Analysis 18 / 48

  20. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  21. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  22. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data ◮ A way to administrate the service Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  23. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data ◮ A way to administrate the service Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  24. Network Security Game Structure Strategy Rules Automated Analysis Conclusion The Dependency graph SQL SSH HTTP HTTP2 Elie Bursztein Using Strategy Objectives for Network Security Analysis 20 / 48

  25. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Set of States SSH SQL HTTP1 HTTP2 Vulnerable ⊤ ⊥ ⊥ ⊥ Compromised ⊥ ⊥ ⊥ ⊥ Elie Bursztein Using Strategy Objectives for Network Security Analysis 21 / 48

  26. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. Rule syntax: Γ : Pre ϕ pre − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  27. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. Γ : Pre ϕ pre − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  28. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. ◮ p : The player that Γ : Pre ϕ pre executes the rule. − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  29. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. ◮ p : The player that Γ : Pre ϕ pre executes the rule. − → ∆ , p , a , c Effect ϕ eff ◮ a : Rule name. Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same hub `trusted LAN Internet Eavesdrop / block messages / insert messages / ... Typical attacker model security protocol analysis: Attacker

780 views • 63 slides
OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

GSM/3G security Implementing GSM protocols Security analysis Summary OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de SSTIC

1.16k views • 34 slides
Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza Vincent Berk George Cybenko Institute for Security Technology Studies Thayer School of Engineering Dartmouth College Hanover, NH FloCon 2006,

224 views • 21 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov

Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov

Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov relwy@bu.edu @ranielwy June 26, 2018 AcademyHealth Annual Research Meeting Thank You to Collaborators Bo Kim, PhD Dorothy Plumb, MA

776 views • 28 slides
Security Analysis of Network Protocols John Mitchell Reference:

Security Analysis of Network Protocols John Mitchell Reference:

CS259 Winter 2008 Security Analysis of Network Protocols John Mitchell Reference: http://www.stanford.edu/class/cs259/ Course organization Lectures Tues, Thurs for approx first six weeks of quarter Project presentations in 3

805 views • 42 slides
1 Description Mur Modeling Prior to 4-way handshake, we assume:

1 Description Mur Modeling Prior to 4-way handshake, we assume:

Scenario: 802.11 Analysis of 4-way handshake protocol in IEEE 802.11i Wired Network Changhua He Stanford University Security ! Mar. 04, 2004 An example of a 802.11 wireless local area network History of Security Concerns Terms

285 views • 3 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs

328 views • 19 slides
American Public Power Associations Cybersecurity Services Program APP A Western Regional

American Public Power Associations Cybersecurity Services Program APP A Western Regional

American Public Power Associations Cybersecurity Services Program APP A Western Regional Cyber Summit August 22, 2019 Anaheim, CA #PublicPower www.PublicPower.org Cyber & Physical Preparedness Help members develop

624 views • 17 slides
Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti

Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti

Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti Mike Rhoads and Ray Snowden, Westat IBUC 2010 Importance of IT Security p y Sample headlines Sample headlines Virginia (8/27/2010)

472 views • 20 slides
CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security Practice 1 Who Am I? Fengwei Zhang Assistant Professor of Computer Science Office: Maccabees Building, Room 14109.3 Emai: fengwei at

559 views • 19 slides
Things Gateway Ingest Transform Store Present and Act Upon Applications Stream Cloud

Things Gateway Ingest Transform Store Present and Act Upon Applications Stream Cloud

Things Gateway Ingest Transform Store Present and Act Upon Applications Stream Cloud Gateway Event Hubs Analytics Register Legacy IoT (custom protocols) Devices Storage Adapters Consume IP-capable devices Field Gateway

700 views • 37 slides
Programming the Internet of Things Why Devices Need APIs December 8, 2014 Greg Burns Chair of

Programming the Internet of Things Why Devices Need APIs December 8, 2014 Greg Burns Chair of

Programming the Internet of Things Why Devices Need APIs December 8, 2014 Greg Burns Chair of Technical Steering Committee AllSeen Alliance 2 December 2014 AllSeen Alliance 1 Mobile The largest technology platform ~3.3 billion unique

485 views • 24 slides
Game De sign Base d on Mic r o-T r ansac tions in Online Game s F e b. 22, 2008 Gyuhwan Oh

Game De sign Base d on Mic r o-T r ansac tions in Online Game s F e b. 22, 2008 Gyuhwan Oh

Game De sign Base d on Mic r o-T r ansac tions in Online Game s F e b. 22, 2008 Gyuhwan Oh (dr ghoh@ajou.ac .kr ) Ajou Unive r sity (assistant pr ofe ssor ), Ne xon Inc (te c hnic al advisor ) T aiyoung Ryu (tr yu@usc .e du )

435 views • 30 slides
Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please

Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please

Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please take notes? Why Discovery & Monetisation? Discovery Discovery Existing Efgorus Schema.org: https://schema.org/VideoGame Properuies: actor,

160 views • 13 slides

More recommend