probabilistic mission defense and assurance
play

Probabilistic Mission Defense and Assurance NATO STO IST-148 - PowerPoint PPT Presentation

Feb 01, 2023 •316 likes •605 views

INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek Ralf Mller Universitt zu Lbeck Institute of Information Systems

  1. INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek ∗ Ralf Möller ∗ ∗ Universität zu Lübeck Institute of Information Systems Ratzeburger Allee 160, 23562 Lübeck, Germany {motzek,moeller}@ifis.uni-luebeck.de October, 3 rd 2016 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  2. INSTITUTE OF INFORMATION SYSTEMS Summary: Defending and Assuring the Mission ▸ situation: mission is threatened . ▸ task: need to respond adequately. ▸ goal: assure mission success. ▸ constraint: without sacrificing mission for security. MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  3. INSTITUTE OF INFORMATION SYSTEMS Challenges ▸ understand how a threat affects a mission . ▸ understand countermeasures diminishing threats . ▸ understand the bad sides of countermeasures causing negative side-effects on the mission. MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  4. INSTITUTE OF INFORMATION SYSTEMS Current Approaches & Problems ▸ holistic approaches deliver intransparent ‘‘optimal’’ solution. exaggeratedly ‘‘Response XYZ is best with metric 4589.32’’. ▸ require unacquirable information , do not encompass unforeseeable events complex ACTs. manually intractable. automatic generation ⇔ single missing links. ▸ optimize cost, without considering negative side of countermeasures. shutdown of central control server is very cheap! MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  5. INSTITUTE OF INFORMATION SYSTEMS Our Approach & Outline ▸ paradigm shift. model the mission , not the attacker. ▸ model the good and the bad sides encompassing uncertainty . ▸ reduce problem to mathematically well-defined probabilistic inference problem . ▸ decouples assessments from generation of responses and from selection. ▸ delivers directly understandable and validated results. The probability that our mission becomes adversarially impacted is 58% ( ) . We can reduce this by 80% (to < ) . There exists a 30% probability of immediate conflict (< ) MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  6. INSTITUTE OF INFORMATION SYSTEMS Probabilistic Approach ▸ model problem from three different perspectives . ▸ collect potentially disagreeing information from multiple experts . ▸ make the model able to understand disagreements; do not enforce a bad compromise . MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  7. INSTITUTE OF INFORMATION SYSTEMS View 1: The Mission (or a company) A B C D ▸ dissect mission into smaller pieces . ✓ collected directly from business and mission experts . BF 1 BF 2 BF 3 BF 4 ▸ conditional probabilities are understandable and validatable ‘‘probability of mission failing, given BP 1 fails is 80%’’ BP 1 BP 2 ▸ frontend or backend? p ( + cm 1 ∣ + bp 1 ) = 0 . 8 → mission critical devices (ABCD) only scratch surface of infrastructure CM 1 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  8. INSTITUTE OF INFORMATION SYSTEMS View 2: The Infrastructure ▸ MCDs are only tip of the ice berg ▸ huge complex dependency structures ✓ automatically learnable ▸ same conditional probabilities as before! MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  9. INSTITUTE OF INFORMATION SYSTEMS View 3: The Impact ▸ something fails or is attacked . → probability of local impact . ▸ leads to global impact MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  10. INSTITUTE OF INFORMATION SYSTEMS View 3: The Impact ▸ something fails or is attacked . → probability of local impact . ▸ leads to global impact ▸ might even spread ... MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  11. INSTITUTE OF INFORMATION SYSTEMS View 3: The Impact ▸ something fails or is attacked . → probability of local impact . ▸ leads to global impact ▸ might even spread ... ▸ ...to dependent nodes... MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  12. INSTITUTE OF INFORMATION SYSTEMS View 3: The Impact ▸ something fails or is attacked . → probability of local impact . ▸ leads to global impact ▸ might even spread ... ▸ ...to dependent nodes... ▸ ...to dependent nodes... MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  13. INSTITUTE OF INFORMATION SYSTEMS View 3: The Impact ▸ something fails or is attacked . → probability of local impact . ▸ leads to global impact ▸ might even spread ... ▸ ...to dependent nodes... ▸ ...to dependent nodes... ▸ until everything is impacted. ▸ how to assess? MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  14. INSTITUTE OF INFORMATION SYSTEMS Problems of ‘‘Spreading’’ Algorithms ▸ various novel ‘‘spreading’’-algorithms exist. ▸ novelly designed, hand-crafted. ✗ unclear behavior. ✗ sense for parameters missing. ✗ no clear definition for interpreting results. → only deeply trained experts can parametrize models and understand results. MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  15. INSTITUTE OF INFORMATION SYSTEMS Problems of ‘‘Spreading’’ Algorithms ▸ various novel ‘‘spreading’’-algorithms exist. ▸ novelly designed, hand-crafted. ✗ unclear behavior. ✗ sense for parameters missing. ✗ no clear definition for interpreting results. → only deeply trained experts can parametrize models and understand results. ✓ reduce to mathematical problem! MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  16. INSTITUTE OF INFORMATION SYSTEMS Mission Impact Assessment is a Probabilistic Graphical Model A B C D BF 1 BF 2 BF 3 BF 4 BP 1 BP 2 p ( + cm 1 ∣ + bp 1 ) = 0 . 8 CM 1 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  17. INSTITUTE OF INFORMATION SYSTEMS Mission Impact Assessment as a Probabilistic Inference Problem ▸ probabilistic inference projects local impacts globally on the mission. ✓ well-defined mathematical problem. A B C D BF 3 BF 4 BF 1 BF 2 ✓ validate the model , not the algorithm. BP 1 BP 2 ✓ parameters define their own semantic . p ( + cm 1 ∣ + bp 1 ) = 0 . 8 ✓ results are directly understandable by everyone. CM 1 → model adversarial threats , countermeasures positive & negative intuitively and locally . MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  18. INSTITUTE OF INFORMATION SYSTEMS Modeling Defense and Threats Locally: direct impact example vuln X None Patch ▸ vulnerability creates probability of adverserial impact 1 1 varying over time : short-, mid-, long-term ▸ shutdown suffocates AI , but nothing works . 1 2 3 1 2 3 ▸ patching causes prob. of conflict: operational impact Shutdown Isolate short: installation conflict, mid: reboot required, 1 1 long: vulnerability removed . ▸ isolate : no local ‘‘positive’’ effect. negative=shutdown. 1 2 3 1 2 3 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  19. INSTITUTE OF INFORMATION SYSTEMS Modeling Defense and Threats: transitive-effects example vuln X A ▸ node A depends on affected node X. impact ‘‘ spreads ’’. Transitive AI 1 → transitive adverserial impact (not modeled, assessed automatically ) 1 2 3 ▸ isolate X for short- and mid-term blocks adverserial impact for X (assessed automatically) Isolating from AI 1 ▸ but blocks required information flow towards A → operational impact on A 1 2 3 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  20. INSTITUTE OF INFORMATION SYSTEMS Probabilistic Inference ▸ local impact models create impact time-profiles . ✓ considers adversarial and self-inflicted impact on the mission. ▸ probabilistic inference projects local impacts to the global mission impact ✓ directly understandable , interpretable and reportable. ▸ no novel spreading-algorithms, well defined mathematical problem ✓ models can be validated directly. no holistic validation required. mission 1 A B C D None Patch 1 1 BF 1 BF 2 BF 3 BF 4 1 2 3 1 2 3 1 2 3 BP 1 BP 2 + + + = Shutdown Isolate p ( + cm 1 ∣ + bp 1 ) = 0 . 8 1 1 defense CM 1 1 1 2 3 1 2 3 1 2 3 MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

  21. INSTITUTE OF INFORMATION SYSTEMS Probabilistic Inference ▸ assessment for the current situation , benefits of our response and its negative side effects . no response respond 1 1 1 2 3 1 2 3 ▸ probability of impact on the mission over the time. ✓ based on acquirable and automatically learnable data . ✓ accept disagreeing information sources and directly reflect expertise . ✓ captures unforeseen events and uncertainty ‘‘what all could happen’’ through transitive impacts . MOTZEK ET AL. PROBABILISTIC MISSION DEFENSE AND ASSURANCE, NATO IST-148

Recommend

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY Elements of

662 views • 49 slides
THREE LINES OF DEFENSE &amp; ASSURANCE MAPPING IIA Ottawa April 8, 2015 Sharon M. Messerschmidt,

THREE LINES OF DEFENSE &amp; ASSURANCE MAPPING IIA Ottawa April 8, 2015 Sharon M. Messerschmidt,

THREE LINES OF DEFENSE &amp; ASSURANCE MAPPING IIA Ottawa April 8, 2015 Sharon M. Messerschmidt, CPA, CMA, CIA Outline 2 This presentation will bring together: Three Lines of Defense: A tool for dialogue and understanding

1.3k views • 32 slides
FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&amp;L and

FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&amp;L and

FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&amp;L and Defense Agencies Training Session Rosie Heraud / Freddie Anderson Office of the Under Secretary of Defense Acquisition, Technology and Logistics

1.41k views • 91 slides
Natural Language Semantics using Probabilistic Logic Islam Beltagy Doctoral Dissertation Defense

Natural Language Semantics using Probabilistic Logic Islam Beltagy Doctoral Dissertation Defense

Natural Language Semantics using Probabilistic Logic Islam Beltagy Doctoral Dissertation Defense Supervising Professors: Raymond J. Mooney, Katrin Erk Who is the first president of the United States ? George Washington George

1.2k views • 82 slides
Must Assurance be Indefeasible? John Rushby Computer Science Laboratory SRI International Menlo

Must Assurance be Indefeasible? John Rushby Computer Science Laboratory SRI International Menlo

Must Assurance be Indefeasible? John Rushby Computer Science Laboratory SRI International Menlo Park, CA Indefeasible Assurance John Rushby, SRI 1 Overview Probabilistic justification for assurance of conventional systems Justified

640 views • 31 slides
Evaluating Commercial Contributions to Space Domain Mission Assurance J A M E S D O G G E T T

Evaluating Commercial Contributions to Space Domain Mission Assurance J A M E S D O G G E T T

Evaluating Commercial Contributions to Space Domain Mission Assurance J A M E S D O G G E T T H A W K E Y E 3 6 0 S P A C E S Y M P O S I U M , T E C H T R A C K S E S S I O N 8 A P R I L 8 , 2 0 1 9 BLUF Space Mission Assurance

855 views • 17 slides
MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

Luanna Cambas, P.E. LADOTD District 02 Lab Engineer Jason Davis, P.E. LADOTD Field Quality Assurance Administrator MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why needed? Sampling &amp;

1.01k views • 63 slides
Designing a Cross Model Quality Assurance System: Mission Impossible? 1 Introductions 2

Designing a Cross Model Quality Assurance System: Mission Impossible? 1 Introductions 2

Designing a Cross Model Quality Assurance System: Mission Impossible? 1 Introductions 2 Jennifer Torres Julia Heany Cynthia Zagar Tiffany Kostelec Study Principal MHVQAS Lead Home Visiting Coordinator Investigator HFA Reviewer Unit

573 views • 40 slides
20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and

20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and

DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER 20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and Values DLIFLC Overview and Profile Current Focus and Way Ahead Worldwide Presence 2

746 views • 29 slides
Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of captured and coded data Quality assurance of downstream processes (including data security and integrity) Quality assurance of population counts,

129 views • 12 slides
yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help? FISSEA Mark Loepker Defense-wide Information Assurance Program Office of the DoD Chief Information Officer Office of the Secretary of Defense

435 views • 27 slides
Contributions to the verification and control of timed and probabilistic models Nathalie Bertrand

Contributions to the verification and control of timed and probabilistic models Nathalie Bertrand

Contributions to the verification and control of timed and probabilistic models Nathalie Bertrand Inria Rennes Habilitation defense - November 16th 2015 November 16th 2015 Habilitation Defense Formal verification of software systems

957 views • 60 slides
TEXAS SMART DEFENSE DATA PORTAL smart defense Public Policy Research Institute Evid

TEXAS SMART DEFENSE DATA PORTAL smart defense Public Policy Research Institute Evid

TEXAS SMART DEFENSE DATA PORTAL smart defense Public Policy Research Institute Evid vidence-Based Ju Justic ice What We Do Who We Are Thirteen-member governing board administratively attached to the Office of Court Our Mission

674 views • 30 slides
Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Software Assurance Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security Bad (buggy, insecure software) comes not from discrete, unpredictable,

561 views • 18 slides
SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance Lab Centrally manage browsers &amp; mobile devices (physical/emulated), and allow your team to remotely access them from anywhere at anytime Run

534 views • 17 slides
Small Mission Radiation Hardness Assurance (RHA) Michael J. Campola NASA Goddard Space Flight

Small Mission Radiation Hardness Assurance (RHA) Michael J. Campola NASA Goddard Space Flight

Small Mission Radiation Hardness Assurance (RHA) Michael J. Campola NASA Goddard Space Flight Center (GSFC) NASA Electronic Parts and Packaging (NEPP) Program Acronyms RDM Radiation Design Margin COTS Commercial Off The Shelf RHA

764 views • 24 slides
The mission of the Texas Indigent Defense Commission is to provide financial and technical support

The mission of the Texas Indigent Defense Commission is to provide financial and technical support

W ALLE ALLER C OUNTY OUNTY S I NDI ENT D EFE SE S YSTEM NDIGENT EFENSE YSTEM F EBRU EBRUARY 10, 10, 2016 2016 www.tidc.texas.gov 512 463 6994 1 The mission of the Texas Indigent Defense Commission is to provide financial and

347 views • 22 slides
SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access hundreds of browsers &amp; mobile devices (physical/emulated) Hosted in Experitest data centers, from anywhere at anytime Run your tests across

288 views • 18 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides
Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic

Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic

Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic Reasoning: The Jungle Story Multiple Random Selection Rules: Dice New Constructs Causal Probability Observations and Intentions Dynamic Range

1.08k views • 73 slides
Challenges of Implementing Fair Defense Act Requirements &amp; Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements &amp; Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements &amp; Indigent Defense Grant Opportunities Effective Post-Arrest and Indigent Defense Practices Longview, TX August 10, 2018 Scott Ehlers, Special Counsel T exas Indigent Defense

676 views • 30 slides
Desk-ercise Moderated By: Jill Micklow Wellness Consultant Assurance Agenda About Assurance

Desk-ercise Moderated By: Jill Micklow Wellness Consultant Assurance Agenda About Assurance

Desk-ercise Moderated By: Jill Micklow Wellness Consultant Assurance Agenda About Assurance Speaker Presentation Q&amp;A Session Key Phrase About Assurance Retail insurance and risk management brokerage Independence

331 views • 32 slides
Fair Defense Law A Primer for Texas County Officials Updated February 2017 www.tidc.texas.gov Our

Fair Defense Law A Primer for Texas County Officials Updated February 2017 www.tidc.texas.gov Our

Fair Defense Law A Primer for Texas County Officials Updated February 2017 www.tidc.texas.gov Our Mission The Texas Indigent Defense Commission provides financial and technical support to counties to develop and maintain quality, cost effective

278 views • 27 slides
CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software. Probabilistic Programming Probabilistic programming is a tool for statistical modeling. OR A probabilistic programming language is a plain old

688 views • 41 slides

More recommend