trust distribution diagrams theory and applications
play

TRUST DISTRIBUTION DIAGRAMS: THEORY AND APPLICATIONS Michael E. - PowerPoint PPT Presentation

Jul 08, 2023 •131 likes •472 views

TRUST DISTRIBUTION DIAGRAMS: THEORY AND APPLICATIONS Michael E. Locasto, University of Calgary 2 There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex

  1. TRUST DISTRIBUTION DIAGRAMS: THEORY AND APPLICATIONS Michael E. Locasto, University of Calgary

  2. 2 “There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies.” – C. A. R. Hoare "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  3. Takeaway Message 3 Vary whatever you wish, but make sure you understand how such alterations affect the trust relationships in the system’s design and implementation. "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  4. Conclusion 1: Trust Relationships 4 Systems are composed of trust relationships; we must understand how the process of varying system properties (i.e., “moving target”) affects these trust relationships and frustrates attackers’ ability to control primitives in the computing environment Outcome: create an artifact for documenting the nature of these trust relationships "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  5. Conclusion 2: Security Coordination 5 Security systems routinely interfere with each other (i.e., “bickering-in-depth”); we need a framework for negotiating over security-critical resources, measurements points, data structures, and hooks Outcome: TDDs should provide a way of understanding the composition/layering of multiple security mechanisms "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  6. Work That Shaped My Thinking 6 “We Need Assurance!”, Brian Snow, ACSAC 2005 “Some Thoughts on Security after Ten Years of qmail 1.0”, DJB, CSAW 2007 “High Assurance Digital Forensics: A Panelist’s Perspective”, Steven J. Greenwald, SADFE2009 "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  7. Time Out: What Do You Mean by “Trustworthy”? 7 “…we equate ‘trustworthy’ with the notion that software ‘follows expected behavior’ according to some security policy (where ‘behavior’ consists of sequences of events that read or modify specific data structures).” "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  8. Trust Distribution Diagrams 8 Motivation, Theory, and Applications Work in progress! "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  9. Observations: Software Assurance 9 Observation 1: The academic research community seems to have lost the art of making assurance arguments (CC EAL==red herring here) Observation 2: Somehow “small” (as in “fewest lines of code”) has become our best metric for software trustworthiness, but we posit that the relationship between size and trustworthiness remains ill-defined "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  10. Key Issue: Increase in Complexity 10 Challenge 1: difficult to argue effectively in prose Challenge 2: difficult to construct & maintain formal proof for complex, evolving system "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  11. An Alternative to Lines of Code 11 “Perhaps a better measure of assurance should rely on the complexity of the trust relationships between system components.” "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  12. An Alternative to Lines of Code 12 “Perhaps a better measure of assurance should rely on the complexity of the trust relationships between system components.” How do you depict these relationships? "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  13. Trust Distribution Diagrams 13 TDDs will define a graphical language for expressing the distribution, amount, and migration of trust in design-level components. "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  14. TDD Key Properties 14 Direction of trust relationships (map) Location of trust regardless of level of trust (orthagonality) How direction, location, and level change over time (duration and migration) "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  15. Mapping Trust Between Components 15 "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  16. 16 "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  17. "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010 17

  18. Depicting Trust Statements 18 Trust Policy = Trust Statements + Consequences “Function foo trusts function bar to check property P.” “…if bar does not, foo will henceforth check P itself.” "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  19. 19 "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  20. Effect of Lattice… "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010 20

  21. "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010 21

  22. Tasks that Require Further Work 22  Exact syntax and semantics  Represent evolving graph structure  Leverage complexity measure as a coherent basis for qualitative trustworthiness arguments (next slide)  Possible models  Jackson Structured Programming  Harel’s Statecharts  Lattices "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  23. TDD Complexity: An Evaluation Tool? 23  “less complex” (entropy measure of patterns)  “more robust” (contains redundancy, no SPoF)  “checkable” (model checking)  “survivable” (contains layers to jettison to save core)  “nimble” (trust migrates btwn component subsets) TDDs depict patterns of trust that may repeat in different contexts within a system "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  24. Graph Patterns 24 "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  25. Composing Security Mechanisms 25 “Bickering-in-depth” "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  26. Defense-in-Depth 26 Doctrine of defense-in-depth says: “You should be able to add a new security mechanism to deepen your independent layers of security.” "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  27. Bickering-in-Depth 27 Security software doesn’t play nice, and these systems routinely interfere with each other according to our preliminary experiments [S&P mag 2009] Key issue seems to stem from indiscriminant and conflicting modifications of kernel objects and other important resources [uninformed.org] "Design Tools and Patterns for Trust Migration" Locasto et al. 10/26/2010

  28. Preliminary Experiments 28  Scenario: install multiple security software programs on a host…and observe ensuing chaos (BSOD, etc.)  Compiling Apache: 2 minutes vs. 45 minutes  Numerous detections of “incompatible” software during installation…but installation proceeds anyway  CA Internet Security and Clam AV  lose network  PC Tools Anti-Virus and Webroot  shutdown  Anonymizer on top of the whole mess: 75% of startups freeze "Design Tools and Patterns for Trust Migration" Locasto et al. 10/26/2010

  29. Negative Outcomes 29 Loss in performance Loss in protection efficacy Potentially disastrous fusion of policy Poor management strategies arising from dealing with above rather than actual threats "Design Tools and Patterns for Trust Migration" Locasto et al. 10/26/2010

  30. Application for TDDs? 30 Understand (separately) what critical data structures and measurement points two different TCBs attempt to control Diagram these trust relationships The exercise of composing the TDDs will help show where overlap and potential conflict exist "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  31. Programming Latent Functionality 31 From an attacker’s viewpoint, our computing environments contain latent functionality Formulating exploits (or ROP gadget chains) are a way of composing this latent functionality to achieve an attacker’s goal (control, exfiltration, etc.) Moving Target Defense must provide effective methods for assessing the potential for latent functionality and breaking sequences of this composed latent functionality "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  32. Conclusion 32 TDD: Diagram trust relationships to give us a sense of what state our system is in Possible (high-level) application areas: Moving Target Defense Layering Software Security Mechanisms "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

  33. Contact 33 email: locasto@ucalgary.ca web: http://pages.cpsc.ucalgary.ca/~locasto/ "Trust Distribution Diagrams: Theory and Applications" Locasto et al. 6 December 2010

Recommend

Review: graphical models Represent a distribution over some RVs using both diagrams and

Review: graphical models Represent a distribution over some RVs using both diagrams and

Review: graphical models Represent a distribution over some RVs using both diagrams and numbers Chief problem: given a GM (the prior ) and some evidence ( data ), compute properties of the conditional distribution P(RVs | data) (the

272 views • 26 slides
Computational Geometry Exercise session #7: Voronoi diagrams Fields of applications of

Computational Geometry Exercise session #7: Voronoi diagrams Fields of applications of

Computational Geometry Exercise session #7: Voronoi diagrams Fields of applications of Voronoi Diagrams Applications: 1. The largest empty circle problem 2. Euclidean minimum spanning trees 3. Euclidean traveling salesman problem 4.

367 views • 10 slides
A Theory of Spherical Diagrams Giovanni Viglietta (work in progress...) JAIST July 16, 2020

A Theory of Spherical Diagrams Giovanni Viglietta (work in progress...) JAIST July 16, 2020

A Theory of Spherical Diagrams Giovanni Viglietta (work in progress...) JAIST July 16, 2020 Overview Spherical Occlusion Diagrams Definition Examples Basic properties Swirls and uniformity Re-interpretation Spherical Occlusion

982 views • 81 slides
Visualizing Geometric Proofs 3D surface diagrams Lukas Heidemann Diagrams 0-diagrams 1

Visualizing Geometric Proofs 3D surface diagrams Lukas Heidemann Diagrams 0-diagrams 1

Visualizing Geometric Proofs 3D surface diagrams Lukas Heidemann Diagrams 0-diagrams 1 1-diagrams: bead diagrams 2 1-diagrams: bead diagrams 2 2-diagrams: string diagrams 3 2-diagrams: string diagrams 4 2-diagrams: string diagrams 5

696 views • 40 slides
Theory and Applications of Boosting Theory and Applications of Boosting Theory and Applications

Theory and Applications of Boosting Theory and Applications of Boosting Theory and Applications

Theory and Applications of Boosting Theory and Applications of Boosting Theory and Applications of Boosting Theory and Applications of Boosting Theory and Applications of Boosting Rob Schapire Princeton University Example: How May I Help

1.62k views • 104 slides
Lecture 5: Applications of Consumer Theory Alexander Wolitzky MIT 14.121 1 Applications of

Lecture 5: Applications of Consumer Theory Alexander Wolitzky MIT 14.121 1 Applications of

Lecture 5: Applications of Consumer Theory Alexander Wolitzky MIT 14.121 1 Applications of Consumer Theory Consumer theory is very elegant, but also very abstract. This lecture: three classic topics that bring consumer theory closer to economic

702 views • 30 slides
On gauge theory phase diagrams at zero and finite temperature K. Tuominen University of

On gauge theory phase diagrams at zero and finite temperature K. Tuominen University of

On gauge theory phase diagrams at zero and finite temperature K. Tuominen University of Jyvskyl & Helsinki Institute of Physics SCGT 2012, Nagoya. Outline: SU( N c ) gauge + fund rep. matter x f x f N f H L N c 7 6 1.

794 views • 58 slides
The 2d Disordered Bose-Hubbard Model: Phase Diagrams and New Applications H. Rieger Saarland

The 2d Disordered Bose-Hubbard Model: Phase Diagrams and New Applications H. Rieger Saarland

The 2d Disordered Bose-Hubbard Model: Phase Diagrams and New Applications H. Rieger Saarland University, Saarbrcken, Germany Statistical Physics of Quantum Matter, Taipei, 28.-31.7.2013 Outline Part 1 Superfluid Clusters, Percolation and

246 views • 24 slides
QCD scattering amplitudes beyond Feynman diagrams MHV, CSW, BCFW and all that Christian Schwinn

QCD scattering amplitudes beyond Feynman diagrams MHV, CSW, BCFW and all that Christian Schwinn

QCD scattering amplitudes beyond Feynman diagrams MHV, CSW, BCFW and all that Christian Schwinn RWTH Aachen 11.12.2007 C. Schwinn QCD beyond Feynman diagrams PSI Theory seminar Introduction 1 Multi-particle final states important

1.07k views • 56 slides
Utilizing AMI Infrastructure to Support Distribution Automation Applications Smart Grid

Utilizing AMI Infrastructure to Support Distribution Automation Applications Smart Grid

Utilizing AMI Infrastructure to Support Distribution Automation Applications Smart Grid Distribution Automation Conference Nov. 2-3, 2011, Raleigh, NC History Lesson "Load/voltage modeling of distribution systems; a system identification

393 views • 25 slides
Cluster algebras and applications Bernhard Keller Universit Paris Diderot Paris 7 DMV

Cluster algebras and applications Bernhard Keller Universit Paris Diderot Paris 7 DMV

Preliminaries: The Dynkin diagrams Definitions: quiver mutation, cluster algebras Application in Lie theory, after B. Leclerc et al. Application to discrete dynamical systems: periodicity Cluster algebras and applications Bernhard Keller

797 views • 22 slides
Improvement Theory Jim Handyside Improvision Healthcare Inc 1 Purpose To become familiar

Improvement Theory Jim Handyside Improvision Healthcare Inc 1 Purpose To become familiar

Driver Diagrams: Improvement Theory Jim Handyside Improvision Healthcare Inc 1 Purpose To become familiar with driver diagrams. To recognize the input required for the development of improvement theory. Differentiate the driver

354 views • 24 slides
Applications of abacus diagrams: Simultaneous core partitions, alcoves, and a major statistic

Applications of abacus diagrams: Simultaneous core partitions, alcoves, and a major statistic

Applications of abacus diagrams: Simultaneous core partitions, alcoves, and a major statistic Christopher R. H. Hanusa Queens College, CUNY Joint work with Brant Jones, James Madison University and Drew Armstrong, University of Miami

1.21k views • 99 slides
DRAFT Enterprise Applications Summary Roadmaps FY15 Q3 Roadmap Diagrams The OCIO Enterprise

DRAFT Enterprise Applications Summary Roadmaps FY15 Q3 Roadmap Diagrams The OCIO Enterprise

DRAFT Enterprise Applications Summary Roadmaps FY15 Q3 Roadmap Diagrams The OCIO Enterprise Applications maintains Roadmaps as follows: Shared Roadmaps for Architecture and Integration Batch Application Suite Roadmaps for

217 views • 9 slides
On two tricks to make Category Theory fjt in less mental space: missing diagrams and skeletons

On two tricks to make Category Theory fjt in less mental space: missing diagrams and skeletons

On two tricks to make Category Theory fjt in less mental space: missing diagrams and skeletons of proofs A talk at the Creativity 2019 conference in honor of Newton da Costas 90th birthday Rio de Janeiro, december 11, 2019 By:

538 views • 24 slides
breakdown of perturbation approach ! Fermi liquid theory one-dimensional systems 28 distribution

breakdown of perturbation approach ! Fermi liquid theory one-dimensional systems 28 distribution

Fermi liquid theory 1 Concept of Landau's Fermi liquid theory elementary excitations of interacting Fermions are described by almost independent fermionic quasiparticles state of Fermi liquid described simply by quasiparticle distribution

510 views • 30 slides
eHealth .. How to trust a cloud? Enabling trust in distributed eHealth applications Dr. Mario

eHealth .. How to trust a cloud? Enabling trust in distributed eHealth applications Dr. Mario

eHealth .. How to trust a cloud? Enabling trust in distributed eHealth applications Dr. Mario Drobics Thematic Coordinator Safety & Security Department AIT Austrian Institute of Technology GmbH mario.drobics@ait.ac.at +43 50 550 4810

567 views • 17 slides
Vadim Lozin DIMAP Center for Discrete Mathematics and its Applications Mathematics Institute

Vadim Lozin DIMAP Center for Discrete Mathematics and its Applications Mathematics Institute

Graph Theory Applications Vadim Lozin DIMAP Center for Discrete Mathematics and its Applications Mathematics Institute University of Warwick Theory vs applications Theory vs applications 25+25 = Theory vs applications + 25+25 = Theory

2.12k views • 199 slides
Laser Speckle interferometry: Laser Speckle interferometry: theory and applications theory and

Laser Speckle interferometry: Laser Speckle interferometry: theory and applications theory and

Laser Speckle interferometry: Laser Speckle interferometry: theory and applications theory and applications Maria L. Calvo Department of Optics, Complutense University of Madrid 17 th February 2017, 11:00 Leonardo Building Budinich Lecture

437 views • 18 slides
Building and Losing Trust in Introduction Trust, Ambient Intelligent Sofware Applications

Building and Losing Trust in Introduction Trust, Ambient Intelligent Sofware Applications

Tutorial 1 Building and Losing Trust in Introduction Trust, Ambient Intelligent Sofware Applications Confidence, Familiarity Explanations Context Jrg Cassens Tutorial 2 SoSe 2018 Contextualized Computing and Ambient Intelligent Systems

1.18k views • 107 slides
Theory of Statistical Inference Dajiang Liu @PHS 525 Feb-11, 2016 Sampling Distribution for

Theory of Statistical Inference Dajiang Liu @PHS 525 Feb-11, 2016 Sampling Distribution for

Theory of Statistical Inference Dajiang Liu @PHS 525 Feb-11, 2016 Sampling Distribution for the Mean can be calculated For each sample, a mean value What is the distribution like? Normal distribution For a typical

581 views • 15 slides
Todays Lecture INF 111 / CSE 121: UML Software Tools and Methods Package Diagrams

Todays Lecture INF 111 / CSE 121: UML Software Tools and Methods Package Diagrams

Todays Lecture INF 111 / CSE 121: UML Software Tools and Methods Package Diagrams State Transition Diagrams Activity Diagrams y g Communication Diagrams Lecture Notes for Summer Quarter, 2008 Michele Rousseau Set 8

462 views • 7 slides
Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan Darwiche Nov 4, 2015, INFORMS Basing Decisions on Sentences US Senate: 54 Rep., 44 Dem., and 2 Indep. p1 s1 p2 s2 p3 s3 Basing Decisions on

931 views • 65 slides
Approximate Voronoi Diagrams: Techniques, tools, and applications to k th ANN search Nirman Kumar

Approximate Voronoi Diagrams: Techniques, tools, and applications to k th ANN search Nirman Kumar

Approximate Voronoi Diagrams: Techniques, tools, and applications to k th ANN search Nirman Kumar University of California, Santa-Barbara January 13th, 2016 Similarity Search ? Need similarity search to make sense of the world! When an

811 views • 79 slides

More recommend