Risk Assessment in Layered Solutions Commercial Solutions for - PowerPoint PPT Presentation

Risk Assessment in Layered Solutions Commercial Solutions for Classified (CSfC) - Risk Analysis Christopher Martinez 1 , Robert Haverkos 2 1 Purdue University, Marti606@Purdue.edu, 2 Purdue University, RHaverko@Purdue.edu Slide 1

Presentation Index • Detailed Problem Description • Problem Statement • Approach • Results and Conclusion • Future Directions Slide 2

Detailed Problem Description The Original Abstract - Provided by the National Security Agency (NSA) - Supported the core belief that the risk associated with the use of any security solution is always greater than zero. - Desired a model that: - Would measure risk.* - Would allow sharing of risk with stakeholders.* - Would outline “the right way to combine risk assessments for each layer into a risk assessment for the overall solution”. - Would “incorporate new risks that have relatively little significance to each individual system, but which impact the overall two-layer solution”. *In a “two independent layer” situation. Slide 3

Problem Statement To develop a meaningful method of combining risk assessments for individual security Mechanisms in a risk assessment for the overall Layered Solution.  Mechanisms: – Devices (hardware or software) used to provide security to an information system.  Layered Solution: – The combination of Mechanisms in a security solution. Slide 4

Approach 1. Define The Environment of a Layered Solution 2. Define The Interactions of a Layered Solution Slide 5

Approach - The Traditional Security Solution Security Requirement(s) Security Measure(s) Slide 6

Approach - The Layered Solution Slide 7

Approach - Mechanisms and Attributes of Layered Solutions Note: Software Security Mechanism(s) Slide 8

Approach - The Environment of a Layered Solution (Overview) Slide 9

Approach – Risk Assessment in Layered Solutions - Function and Class-based Approach - Promotes modularity and “ease of use”. - Allows for scalability of risk assessment in Layered Solutions. - Model consists of three fundamental Objects : - The Layered Solution Object - The Mechanism Object - The Security Critical Attribute Object Slide 10

Approach - The Layered Solution Object The identifies what sort of Mechanism the Layered Solution is using. is the specific contains a list of all example of the class. the Mechanisms that make up the Layered Solution. contains any special rules that may need to be applied to this specific implementation is what contains the risk score generated by the model. Slide 11

Approach - The Layered Solution Object Slide 12

Approach - The Mechanism Object The identifies what sort of Mechanism the Layered Solution is using. is the specific contains a list of the example of the class. Security Critical Attributes of the Mechanism. defines the type of interactions the Mechanism can have with other Mechanisms. contains any special rules that may need to be applied to this specific implementation. is what contains the risk score of the Mechanism. Slide 13

Approach - The Mechanism Object Slide 14

Approach - The Security Critical Attribute (SCA) Object The identifies the Security Critical Attribute in the Mechanism. is the first field is the specific example of representing interaction between the Security Critical Attribute. different SCA’s. is an alternative way of defining the interaction from the other direction. functions same as the compromise field. It contains a list of SCAs that can be preempted by this layer. lists the modifications or specific changes. - risk assessments by Subject- matter Expert (SME) in order to define this value Slide 15

Approach - The Security Critical Attribute (SCA) Object Slide 16

Approach – Interaction of Risk at The Mechanism Level • Represent Security Critical Attributes (and interactions) in a graph. – Solid Arrows indicate “Can Compromise ” link. – Dotted Arrow indicates a “Preempt” link. Mechanism Policy Manufacturer Code Machine O.S. National Origin Administrator Configuration Slide 17

Approach – Interaction of Risk at The Mechanism Level • Cyclic Mechanism Interaction Mechanism Policy Manufacturer Code Machine O.S. National Origin Malicious Configuration Administrator Slide 18

Approach – Interaction of Risk at The Mechanism Level • Associating Security Critical Attribute Risk Value(s) Mechanism Risk : ____ Policy Manufacturer Code .3% .4% .1% Machine .2% O.S. National .4% Origin .3% Configuration Administrator .5% .2% Weakest Link Slide 19

Approach – Resolving Risk at The Mechanism Level • The compromise relations resolve to set the risk field for the Mechanism . Mechanism Risk .5% Policy Manufacturer Code .5% .4% .5% Machine .5% O.S. National .5% Origin .3% Administrator Configuration .5% .5% Slide 20

Results and Conclusion  Example of a meaningful method to combining risk assessments for individual security Mechanisms in a risk assessment for the overall Layered Solution.  Function and Class-based Approach • Promotes modularity and “ease of use”. • Allows for scalability of risk assessment in Layered Solutions.  Applicable to Layered Solutions in any Information System Slide 21

Future Directions Birthday Paradox  The Birthday Paradox (or Birthday Problem) concerns the probability that, in a set of n randomly chosen people, some pair of them will have the same birthday.  It is feasible to believe this phenomenon could also exist in cascading vulnerabilities amongst the Mechanisms presented in our model. Evaluation of Risk  It is possible to represent the risk analysis assumptions as more than simple percentages. In theory, Bayesian scores can be utilized for the assessment of risk at The Security Critical Attribute Object proportion of our model. Slide 22

Questions? Comments? Slide 23 (Final)