SlideShare a Scribd company logo

VIKING cluster meeting 1

Download as PPTX, PDF
F
fcleary
Technology
1 of 19
Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
SCADA/Industrial Control system security
The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
[Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
[Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
The tool http://www.kth.se/ees/omskolan/organisation/avdelningar/ics/research/eat
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
Collaboration/usage – VIKING’s “EA models for security analysis” Theory/Modeling language: ,[object Object]

Recommended

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 

Recommended

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
LogicMindtech Nologies
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
Vijay Karan
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
Shakas Technologies
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
Anton Chuvakin
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
LogicMindtech Nologies
 
22
2222
22
Technology_solution
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEEMEMTECHSTUDENTPROJECTS
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
JPINFOTECH JAYAPRAKASH
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
Hassan Rizwan
 
Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
bauml
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
Andrea Giuliano
 

More Related Content

What's hot

SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 

What's hot (20)

Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
Ch01
Ch01Ch01
Ch01
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
 
22
2222
22
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
 

Viewers also liked

Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
Louzel Linejan
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
Jay-R Diacamos
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
songoten77
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
Jester Paquera
 

Viewers also liked (14)

Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
 
Coherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architectureCoherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architecture
 
Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3
 
Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
 
Benefit Of Computer
Benefit Of ComputerBenefit Of Computer
Benefit Of Computer
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
 
Validity and Reliability
Validity and ReliabilityValidity and Reliability
Validity and Reliability
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnaires
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
 
Precision attachments
Precision attachmentsPrecision attachments
Precision attachments
 
multimedia element
multimedia elementmultimedia element
multimedia element
 
Benefits Of Computer Software
Benefits Of Computer SoftwareBenefits Of Computer Software
Benefits Of Computer Software
 

Similar to VIKING cluster meeting 1

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
maribethy2y
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
IJEACS
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
UltraUploader
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
Konstantinos Demertzis
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
Alan Quayle
 

Similar to VIKING cluster meeting 1 (20)

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
 
Presentation copy
Presentation copyPresentation copy
Presentation copy
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
 
F0341026029
F0341026029F0341026029
F0341026029
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
 

More from fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
fcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 

More from fcleary (20)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Syssec
SyssecSyssec
Syssec
 
Nessos
NessosNessos
Nessos
 
Tdl
TdlTdl
Tdl
 

Recently uploaded

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 

VIKING cluster meeting 1

  • 1. Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
  • 3. The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
  • 4. Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
  • 5. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 6. This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
  • 7. We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
  • 8. Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
  • 9. [Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
  • 10. [Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
  • 11. Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
  • 12. Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
  • 13. What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
  • 14. Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
  • 15. Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
  • 17. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 18. Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
  • 19.
  • 20. Find ways to simplify it
  • 22. Combine with some other modeling language
  • 23.
  • 24. Develop support for automated data collection