effective layering of defenses
play

Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo - PowerPoint PPT Presentation

May 21, 2023 •440 likes •630 views

ALDR: A New Metric for Measuring Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo Columbia University 12/6/2011 Layered Assurance Workshop 1 Motivation Buy security product X? Am I secure? 12/6/2011 Layered

  1. ALDR: A New Metric for Measuring Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo Columbia University 12/6/2011 Layered Assurance Workshop 1

  2. Motivation • Buy security product X? • Am I secure? 12/6/2011 Layered Assurance Workshop 2

  3. Current Answers • Compliance checklist • “Best Practices” • Evaluate class of products • Penetration testing • Defense in Depth • Can we do better? 12/6/2011 Layered Assurance Workshop 3

  4. Defense in Depth AV Logs IDS 12/6/2011 Layered Assurance Workshop 4

  5. Defense in Depth AV IDS Logs 12/6/2011 Layered Assurance Workshop 5

  6. Compare Different Layers • Compare apples to oranges • Measure detection of ‘Attacks’ • ‘Attacks’ – Source domain – Network traffic – Executable – And many more… 12/6/2011 Layered Assurance Workshop 6

  7. 12/6/2011 Layered Assurance Workshop 7

  8. All Layer Detection Rate (ALDR) • Test each security project • # attacks detected / total attacks • Total attacks detected by a set of products 12/6/2011 Layered Assurance Workshop 8

  9. ALDR: 0.875 (14/16) AV Logs IDS 12/6/2011 Layered Assurance Workshop 9

  10. ALDR – Key Attributes • Products tested individually • Expandable framework – Measure education benefit – Social engineering attacks – Any ‘attack’ representable • Evaluate products in context 12/6/2011 Layered Assurance Workshop 10

  11. Additional Metrics • False Positives • Redundancy – Good redundancy vs bad – Classify detection method 12/6/2011 Layered Assurance Workshop 11

  12. What Should I Buy? • Calculate increase in TP, FP, redundancy • Organization specific • Testing not organization specific! • Measure/Predict relative security change 12/6/2011 Layered Assurance Workshop 12

  13. Am I secure? • Given a set of products • Specific attack dataset • Measure how many attacks evade • Find product(s) to fix • Increase relative security 12/6/2011 Layered Assurance Workshop 13

  14. Challenges – Data Sets • How to link ‘attacks’ • Define ‘attacks’ • Future attacks differ? 12/6/2011 Layered Assurance Workshop 14

  15. Challenges • Not all attacks equal • Past predicts future? • Create a future data set? 12/6/2011 Layered Assurance Workshop 15

  16. Future Work - Experiments • Require data sets – Linked attacks – Ground truth • Drive-by downloads? • Historical data? 12/6/2011 Layered Assurance Workshop 16

  17. Conclusion • New metrics needed • Security products are not isolated • Many challenges, no show stoppers • Measure relative security 12/6/2011 Layered Assurance Workshop 17

  18. Questions? 12/6/2011 Layered Assurance Workshop 18

Recommend

ISO Layering ISO Layering ISO Layering Architecture ISO Layering Architecture Srinidhi

ISO Layering ISO Layering ISO Layering Architecture ISO Layering Architecture Srinidhi

ISO Layering ISO Layering ISO Layering Architecture ISO Layering Architecture Srinidhi Varadarajan ISO Layering Design ISO Layering Design Physical Layer Physical Layer z Functions: z A layer should be created where a different level of

251 views • 3 slides
ISO Layering Architecture ISO Layering Architecture Srinidhi Varadarajan ISO Layering ISO

ISO Layering Architecture ISO Layering Architecture Srinidhi Varadarajan ISO Layering ISO

ISO Layering Architecture ISO Layering Architecture Srinidhi Varadarajan ISO Layering ISO Layering ISO Layering Design ISO Layering Design z A layer should be created where a different level of abstraction is needed z Each layer should

565 views • 15 slides
Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD

Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD

Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD SKOWYRA, LEI XU, GUOFEI GU, VEER DEDHIA, THOMAS HOBSON, HAMED OHKRAVI, JAMES LANDRY Software Defined Networks Allows controller to modify network

766 views • 29 slides
CS 204: Layering Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Layering Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Layering Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring16/ 1 Overview How to read Q: How to design the History Internet from the Layering ground up? Inter-LAN (small)

904 views • 39 slides
Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Presenting a live 90 minute webinar with interactive Q&A Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and Contemporaneous Exchange Managing the Audit Process, Mitigating Regulatory Sanctions, and

893 views • 52 slides
CS 204: Layering Jiasi Chen MWF 12:10-1pm Humanities and Social Sciences 1403

CS 204: Layering Jiasi Chen MWF 12:10-1pm Humanities and Social Sciences 1403

CS 204: Layering Jiasi Chen MWF 12:10-1pm Humanities and Social Sciences 1403 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring17/ 1 Overview How to read Q: How to design the History Internet from the Layering ground up?

678 views • 39 slides
CS 3640: Introduction to Networks and Their Applications Fall 2018, Lecture 2: More layering and

CS 3640: Introduction to Networks and Their Applications Fall 2018, Lecture 2: More layering and

CS 3640: Introduction to Networks and Their Applications Fall 2018, Lecture 2: More layering and the end-to-end principle. Instructor: Rishab Nithyanand Teaching Assistant: Md. Kowsar Hossain 1 Today in class 1. 2. 3. Some Layering and

621 views • 35 slides
Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 Outline Last time: low-level plumbing Today: top-down architecting of the Internet Goals Layering Protocols The end-to-end

946 views • 58 slides
PWE3 Protocol Layering PWE3 IETF-52 December 12, 2001 Stewart Bryant <stbryant@cisco.com>

PWE3 Protocol Layering PWE3 IETF-52 December 12, 2001 Stewart Bryant <stbryant@cisco.com>

PWE3 Protocol Layering PWE3 IETF-52 December 12, 2001 Stewart Bryant <stbryant@cisco.com> Lloyd Wood <lwood@cisco.com> 1 Layering issues Current PWE3 approach is piecemeal with each payload design team proposing a point

507 views • 11 slides
CS425/EE673 Summary Lecture Bhaskaran Raman Kameswari Chebrolu Indian Institute of Technology,

CS425/EE673 Summary Lecture Bhaskaran Raman Kameswari Chebrolu Indian Institute of Technology,

CS425/EE673 Summary Lecture Bhaskaran Raman Kameswari Chebrolu Indian Institute of Technology, Kanpur Network Layering What is layering? Purpose of layering Inter-layer communication Encapsulation End-to-end versus

672 views • 20 slides
2. Applications and Layered Architectures Protocols, Services & Layering OSI Reference

2. Applications and Layered Architectures Protocols, Services & Layering OSI Reference

2. Applications and Layered Architectures Protocols, Services & Layering OSI Reference Model How the Layers Work Together SYSC5201 1 Network Architectures, Layers and Services A quick overview of: Layering, Services and Protocols

1.34k views • 27 slides
Giving an Effective Academic Presentation Scholars are often called upon to present their research

Giving an Effective Academic Presentation Scholars are often called upon to present their research

Giving an Effective Academic Presentation Scholars are often called upon to present their research to the academic community; at conferences during qualifying exams and thesis defenses, in job talks and invited lectures, discussing your research

715 views • 3 slides
[N ETWORKING ] Encapsulation and Layering Packets grow with headers and trailers As they trickle

[N ETWORKING ] Encapsulation and Layering Packets grow with headers and trailers As they trickle

CS455: Introduction to Distributed Systems [Spring 2020] Dept. Of Computer Science , Colorado State University CS 455: I NTRODUCTION T O D ISTRIBUTED S YSTEMS [N ETWORKING ] Encapsulation and Layering Packets grow with headers and trailers As

660 views • 31 slides
Network Layering CS 118 Computer Network Fundamentals Peter Reiher Lecture 8 CS 118 Page 1

Network Layering CS 118 Computer Network Fundamentals Peter Reiher Lecture 8 CS 118 Page 1

Network Layering CS 118 Computer Network Fundamentals Peter Reiher Lecture 8 CS 118 Page 1 Winter 2016 Outline What is a layer? Goals of layering Internet and the One Ring Lecture 8 CS 118 Page 2 Winter 2016 What is a layer?

1.18k views • 68 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.49k views • 117 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.23k views • 95 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools & techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Trap/interrupt architecture 1. Architectural hints 2. Relations with software and its layering

Trap/interrupt architecture 1. Architectural hints 2. Relations with software and its layering

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Trap/interrupt architecture 1. Architectural hints 2. Relations with software and its layering 3. Bindind to the Linux

797 views • 53 slides
Supporting Communities & Livelihoods in Kenyas Arid Lands Layering Programming of

Supporting Communities & Livelihoods in Kenyas Arid Lands Layering Programming of

PARTNERSHIP FOR RESILIENCE AND ECONOMIC GROWTH Supporting Communities & Livelihoods in Kenyas Arid Lands Layering Programming of multiple humanitarian and development assistance in targeted geographic areas, in layers. Integration

833 views • 34 slides
3D Printing 3D Printing is a method whereby 3 dimensional objects are created in a layering

3D Printing 3D Printing is a method whereby 3 dimensional objects are created in a layering

3D Printing 3D Printing is a method whereby 3 dimensional objects are created in a layering process. There are both commercial and Hobbyist versions of the tools needed. 1 15 May 2019 Limited only by your imagination 2 15 May 2019 What do

375 views • 25 slides
Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of

Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of

Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of Ecuador Elizabeth Long Assistant Director, I 4 University of California, Davis I4 Index Insurance Innovation Initiative Technical Committee Meeting

462 views • 12 slides
Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of

Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of

Public-Private Partnerships for Agricultural Risk Management through Risk Layering: The Case of Ecuador Michael Carter Steve Boucher Elizabeth Long University of California, Davis I4 Index Insurance Innovation Initiative

533 views • 14 slides
On Evolvability, Architecture, Tussle, Layering and Signalling Mark Handley UCL Change Huge

On Evolvability, Architecture, Tussle, Layering and Signalling Mark Handley UCL Change Huge

On Evolvability, Architecture, Tussle, Layering and Signalling Mark Handley UCL Change Huge innovation email WWW phone... in applications SMTP HTTP RTP... TCP UDP Ossification of the core IP protocols ethernet PPP CSMA

497 views • 13 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks & other vulnerabilities Overflow defenses Everything youve always wanted to know about

2.41k views • 197 slides

More recommend