using strategy objectives for network security analysis
play

Using Strategy Objectives for Network Security Analysis Elie - PowerPoint PPT Presentation

Dec 17, 2023 •121 likes •909 views

Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein Stanford University / LSV, Ens-Cachan Inscrypt 2009 Elie Bursztein Using Strategy Objectives for Network

  1. Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein Stanford University / LSV, Ens-Cachan Inscrypt 2009 Elie Bursztein Using Strategy Objectives for Network Security Analysis 1 / 48

  2. Network Security Game Strategy Automated Analysis Conclusion Introduction Work purpose Analyzing and anticipating computer networks attacks. Elie Bursztein Using Strategy Objectives for Network Security Analysis 2 / 48

  3. Network Security Game Strategy Automated Analysis Conclusion Network complexity: The Pentagon Case Huge network ◮ 15 000 LAN Networks ◮ 7 000 000 Computers Huge Security problems ◮ Flash Drive banned due to a virus spread (Nov 2008). ◮ 1500 computers taken (Jun 2007) Elie Bursztein Using Strategy Objectives for Network Security Analysis 3 / 48

  4. Network Security Game Strategy Automated Analysis Conclusion Attack Complexity Elie Bursztein Using Strategy Objectives for Network Security Analysis 4 / 48

  5. Network Security Game Strategy Automated Analysis Conclusion Some Epic Failures ◮ 2004 Bouygues Telecom: 2 servers downs → 3 200 000 cellphones down ◮ 2005 Japan Mitsubishi: 1 computer infected → 40 MB of confidential reports leaked on a P2P network ◮ 2007 Apple: 1 computer in the production line infected → 150 000 ipods infected by the trojan RavMonE.exe Elie Bursztein Using Strategy Objectives for Network Security Analysis 5 / 48

  6. Network Security Game Strategy Attacks Automated Analysis Conclusion Outline Network Security Attacks Game Strategy Automated Analysis Conclusion Elie Bursztein Using Strategy Objectives for Network Security Analysis 6 / 48

  7. Network Security Game Strategy Attacks Automated Analysis Conclusion Vulnerabilities ◮ A vulnerability is a software bug that can be exploited by attacker to gain privilege. ◮ An exploit is the piece of software that takes advantage of a software bug. ◮ A 0day exploit is an exploit for an undisclosed vulnerability. Elie Bursztein Using Strategy Objectives for Network Security Analysis 7 / 48

  8. Network Security Game Strategy Attacks Automated Analysis Conclusion Vulnerabilities as Step stones ◮ Large networks may suffer multiple vulnerabilities ◮ Patches and counter-measures need to be prioritized ◮ A minor vulnerability can turn into a major hole when used as a step-stone Elie Bursztein Using Strategy Objectives for Network Security Analysis 8 / 48

  9. Network Security Game Strategy Attacks Automated Analysis Conclusion Illustration of a Complex attack Exploit a bug in Firefox Stealth the web Install a trojan server password Stealth all user Upload a rogue page password Elie Bursztein Using Strategy Objectives for Network Security Analysis 9 / 48

  10. Network Security Game Strategy Attacks Automated Analysis Conclusion The Need for Automation Attack analysis can’t be done by hand: network and attack are just too complex and big for that. We need models and tools for this ! Elie Bursztein Using Strategy Objectives for Network Security Analysis 10 / 48

  11. Network Security Game Strategy Attacks Automated Analysis Conclusion Attack Graph Frameworks ◮ 1998: Use of model-checking for host security [RS98] ◮ 2000: Use of model-cheking for network [RA00] ◮ 2004: First complete framework that constructs the attack scenario [SW04] ◮ 2005: Mulval [Ou05] a framework based on Datalog. ◮ 2006: NetSpa [ALI06] a framework that scale up to 50 000 nodes. Elie Bursztein Using Strategy Objectives for Network Security Analysis 11 / 48

  12. Network Security Game Strategy Attacks Automated Analysis Conclusion Time is the Essence Network security is a race between Intruder and Administrator. Windows of vulnerability Exploit Patch Released Released Windows of Vulnerability Time Elie Bursztein Using Strategy Objectives for Network Security Analysis 12 / 48

  13. Network Security Game Strategy Attacks Automated Analysis Conclusion The Need for Time Without time meaningless actions are allowed in the model. ◮ Administrator can patch 1000 services instantly. ◮ Intruder can compromise 1000 services before the administrator have a chance to react. Without time concurrent actions can’t be modeled. Ex: Administrator may patch a service while Intruder tries to exploit it. Elie Bursztein Using Strategy Objectives for Network Security Analysis 13 / 48

  14. Network Security Game Strategy Attacks Automated Analysis Conclusion Time and Game Model Timed automaton game [AFHMS]. Property Property can be written in Timed Alternating-Time Temporal Logic [AHK06]. Elie Bursztein Using Strategy Objectives for Network Security Analysis 14 / 48

  15. Network Security Game Strategy Attacks Automated Analysis Conclusion Collateral Effects Dommage Dommage Email DNS Web collatéral collatéral DDOS Attack Internet Elie Bursztein Using Strategy Objectives for Network Security Analysis 15 / 48

  16. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Outline Network Security Game Structure Rules Strategy Automated Analysis Conclusion Elie Bursztein Using Strategy Objectives for Network Security Analysis 16 / 48

  17. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Dual layer structure The Upper-layer is the timed automaton game, the Lower-layer represents the network state. Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

  18. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Dual layer structure The Upper-layer is the timed automaton game, the Lower-layer represents the network state. Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

  19. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Lower-layer: the network state The lower layer is composed of ◮ The dependency graph ◮ A set of states (atomic proposition) Elie Bursztein Using Strategy Objectives for Network Security Analysis 18 / 48

  20. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  21. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  22. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data ◮ A way to administrate the service Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  23. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Web Service Receipt To build a web service you need: ◮ A HTTP frontend to serve the data ◮ A SQL backend to store the data ◮ A way to administrate the service Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

  24. Network Security Game Structure Strategy Rules Automated Analysis Conclusion The Dependency graph SQL SSH HTTP HTTP2 Elie Bursztein Using Strategy Objectives for Network Security Analysis 20 / 48

  25. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Set of States SSH SQL HTTP1 HTTP2 Vulnerable ⊤ ⊥ ⊥ ⊥ Compromised ⊥ ⊥ ⊥ ⊥ Elie Bursztein Using Strategy Objectives for Network Security Analysis 21 / 48

  26. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. Rule syntax: Γ : Pre ϕ pre − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  27. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. Γ : Pre ϕ pre − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  28. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. ◮ p : The player that Γ : Pre ϕ pre executes the rule. − → ∆ , p , a , c Effect ϕ eff Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

  29. Network Security Game Structure Strategy Rules Automated Analysis Conclusion Rule Syntax ◮ ϕ pre : Preconditions. ◮ ∆ : Time required to Rule syntax: complete the action. ◮ p : The player that Γ : Pre ϕ pre executes the rule. − → ∆ , p , a , c Effect ϕ eff ◮ a : Rule name. Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same hub `trusted LAN Internet Eavesdrop / block messages / insert messages / ... Typical attacker model security protocol analysis: Attacker

780 views • 63 slides
OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

GSM/3G security Implementing GSM protocols Security analysis Summary OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de SSTIC

1.16k views • 34 slides
Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza Vincent Berk George Cybenko Institute for Security Technology Studies Thayer School of Engineering Dartmouth College Hanover, NH FloCon 2006,

224 views • 21 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov

Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov

Using Social Network Analysis as an Implementation Strategy A. Rani Elwy, PhD Rani.Elwy@va.gov relwy@bu.edu @ranielwy June 26, 2018 AcademyHealth Annual Research Meeting Thank You to Collaborators Bo Kim, PhD Dorothy Plumb, MA

776 views • 28 slides
Security Analysis of Network Protocols John Mitchell Reference:

Security Analysis of Network Protocols John Mitchell Reference:

CS259 Winter 2008 Security Analysis of Network Protocols John Mitchell Reference: http://www.stanford.edu/class/cs259/ Course organization Lectures Tues, Thurs for approx first six weeks of quarter Project presentations in 3

805 views • 42 slides
1 Description Mur Modeling Prior to 4-way handshake, we assume:

1 Description Mur Modeling Prior to 4-way handshake, we assume:

Scenario: 802.11 Analysis of 4-way handshake protocol in IEEE 802.11i Wired Network Changhua He Stanford University Security ! Mar. 04, 2004 An example of a 802.11 wireless local area network History of Security Concerns Terms

285 views • 3 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Week 5 Video 6 Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network Analysis (ENA) (Shaffer, 2017) Studying relationships between elements in coded data Lots of applications Conference founded

536 views • 30 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher Previously: Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre rootaccesspodcast.com Behavioral Analysis VIDEO analyzing website visitors

1.45k views • 127 slides
Network Security (CS6500) Chester Rebeiro IIT Madras Connected Devices IoT / Smart cities

Network Security (CS6500) Chester Rebeiro IIT Madras Connected Devices IoT / Smart cities

Network Security (CS6500) Chester Rebeiro IIT Madras Connected Devices IoT / Smart cities Critical Infrastructure Cloud computing Online Services PC: Statista 209, Global Data Analysis and Forecasts Network Security (Statistics) In

332 views • 19 slides

More recommend