Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Pareto-Optimal Situaton Analysis for Selection of Security Measures Andres Ojamaa Joint work with Jüri Kivimaa and Enn Tyugu Institute of Cybernetics at TUT CS Theory Days, Feb 1 2009, Kääriku Outline Introduction Background and Motivation Graded Security Model Security Goals Parameters and Functions Optimizing Security Measures Discrete Dynamic Programming Graded Security Expert System Example Visual Specification Example of Results 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 2 Security Situation Management I The aim is to provide the best possible security of a system with given amount of resources. I At the same time at least the standard requirements should be satisfied, if possible. I Solutions are usually needed yesterday. Therefore detailed risk analysis is not a good option. I The goal is achieved by coarse-grained analysis of security situation and optimisation of resource usage. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 3 Security Awareness Simulation Games I CyberCIEGE — video game and tool to teach network security concepts (2005) I CyberProtect — DISA-produced game that includes hacker attacks and budget constraints (1999) 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 4 Situation Description: Security Goals Security class is determined by security levels, associated with security goals: I confidentiality (C), I integrity (I), I availability (A), I non-repudiation (N). e.g. C2 I1 A1 N2 The model can be extended by adding security goals. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 5 Situation Description: Parameters of the Model I Available resources — r I Integral measure of security — S I Security measures groups — g1 , g2 , . . . , gn I Security levels of measures groups — l1 , l2 , . . . , ln I Security confidences granted by measures groups — q1 , q2 , . . . , qn I 01.02.2009 Relative importance of measures groups: weights — P a1 , a2 , . . . , an , where ni=1 ai = 1 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 6 Abstract Security Profile An abstract security profile p is an assignment of security levels to each group of security measures: p = (l1 , l2 , . . . , ln ) 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 7 Cost Function The cost function h gives the costs h(l, g) required for implementing security measures of a group g for a level l. The costs of implementing a given abstract security profile: costs(p) = n X h(li , gi ) i=1 Goal 1: Keep the value of costs(p) as low as possible. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 8 Levels Requirement Function Function s produces a required security level s(c, g) for a group g when the security class is c. The requirements may be prescribed by security standards such as BSI, NISPOM or ISKE. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 9 Integrated Security Metrics The overall security of a system is described by means of an integrated security metrics (integral security confidence) S. S= n X ai qi i=1 Goal 2: Increase security confidence of a system. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 10 Dependencies 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 11 Conventional Graded Security Solution S l S* 5, 7 3 1, 2, 3, 6, 8, 9 2 4 1 0 r* 01.02.2009 A. Ojamaa r Pareto-Optimal Situaton Analysis for Selection of Security Measures 12 Pareto-Optimality Curve security Pareto Optimality Tradeoff Curve rmin 01.02.2009 A. Ojamaa rmax resources Pareto-Optimal Situaton Analysis for Selection of Security Measures 13 Pareto-Optimal Security Solutions S l 4 3 2 1 1 0 r1 01.02.2009 A. Ojamaa r2 r Pareto-Optimal Situaton Analysis for Selection of Security Measures 14 Dynamic Programming Building optimal solutions gradually, for 1, 2, . . . , n security measures groups enables us to use discrete dynamic programming, and to reduce considerably the search. The fitness function S defined on intervals from j to k as S(j, k ) = k X ai qi i=j is additive on the intervals, because from the definition of the function S we have S(1, n) = S(1, k ) + S(k , n). 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 15 Discrete Dynamic Programming 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 16 Complexity Compared Number of search steps 1.2e+09 Exhaustive search Dynamic programming 1e+09 8e+08 6e+08 4e+08 2e+08 0 1 2 3 4 5 6 7 8 9 10 Number of security measures groups 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 17 Graded Security Expert System Knowledge modules Optimizer GUI Vi Visual composer 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 18 Visual Specification File Edit View Package Scheme Options Help optimization S E 100% SC1 SC2 BF DP User training Encryption DDP Optimizer Cost 0 4 8 12 Cost 0 2 4 7 Context: Banking Confidence 0 30 60 65 Confidence 0 60 80 95 Antivirus software Segmentation Resources: min 1 max 70 s SecClass: C2I1A1M2 s Redundancy y Backup levels Firewall Access control Intrusion detection 471, 10 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 19 Knowledge Modules as Decision Tables 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 20 85 80 75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 0 6 5 4 3 2 1 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 0 Costs Confidence 01.02.2009 A. Ojamaa Redundancy User training Pareto-Optimal Situaton Analysis for Selection of Security Measures 21 Level index Confidence Example of Results Future Work I Combine the optimization package with risk analysis tools (e.g. attack trees)? I Improve the visual language and the user interface I Collect and accumulate expert knowledge and real data I Experiments with real data I Implement dependant measure groups I Analyze sensitivity of results wrt inaccurate input data 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 22 Summary A CoCoViLa package was developed to help the IT manager/security expert answer the following questions quickly: I How much resources are needed to achieve the required level of information security? I 01.02.2009 What is the best way to spend the IT security budget? A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 23 References I CoCoViLa — Compiler Compiler for Visual Languages, http://www.cs.ioc.ee/~cocovila I CyberCIEGE — http://cisr.nps.edu/cyberciege/ I CyberProtect — http://iase.disa.mil/eta/online-catalog.html I E. Tyugu. Algorithms and Architectures of Artificial Intelligence. IOS Press, 2007. I A. Ojamaa, E. Tyugu, J. Kivimaa. Pareto-optimal situation analysis for selection of security measures. In: MILCOM 08: Assuring Mission Success: Unclassified Proceedings, November 17-19 San Diego, 2008, 7 p. 01.02.2009 A. Ojamaa Pareto-Optimal Situaton Analysis for Selection of Security Measures 24