Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Nonrepudiability Metrics
Jason King
Computer Science PhD Student
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Repudiation Threats Users can deny performing an action without other parties having any way to prove otherwise
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Nonrepudiation • Counter repudiation threats • Secure activity logs
– Includes events that create, delete, view, modify sensitive data
– Includes security events – Protects log entries from being altered
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Research Objective
• Improve integrity of logging mechanisms •Mitigate repudiation threats • Developing and validating a set of security
metrics
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism References •Healthcare •Payment Card Industry •Research Articles
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System OpenEMR Example
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System PatientOS Example
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System OpenEMR Immutability
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Attributes of Nonrepudiation
• Data transactions logged • Security actions logged • Log entry content • Software-driven immutability
• Timestamp reliability • Log retention • Log backups • Policy-driven immutability
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Data Transactions Logged
Derive from requirements specification
Create View
Delete
Modify
Import
Query Export
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Natural Language Processing of Functional Requirements
Subject Verb Direct Object A doctor creates prescriptions A patient views allergy information A doctor modifies office visit notes
[Subject] [Verb] [Direct Object]
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Data Transactions Logged Example
Health Care Personnel can modify or delete the fields of the office visit [prescriptions, laboratory procedures, referrals,
diagnoses, and/or immunizations]. Data Element Create View Modify Delete
Prescription X X
Lab Procedure X X
Referral X X
Diagnoses X X
Immunization X X
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Security Actions Logged Login Logout
Revoke Privilege
Grant Privilege
System Backup
Access Audit Log Initialize Audit Log
System Restore Session Timeout
Account Lockout Print …
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Required for Nonrepudiation Additional Content Timestamp Source Machine ID User identification Success/Failure Flag Description of the event ID of affected data Identify of whose data accessed Reason for access
Log Entry Content Data captured for each log entry
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Evaluation
Software User Actions Log Output
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Software-driven Immutability
• Tampering with log files should be detectable – Serialization/digital signatures of log files – Provenance tracking of data writes
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Preliminary EHR Evaluation
0%
25%
50%
75%
100% Data Transactions Logged
Security Actions Logged
Log Entry Content
Software-based Immutability
OpenEMR v4.1.1
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Preliminary EHR Evaluation
0%
25%
50%
75%
100%
Data Transactions Logged
Security Actions Logged
Log Entry Content
Software-based Immutability
OpenEMR v4.1.1 PatientOS v1.3
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Collaboration
Requirement artifacts
Software access for black-box testing
Log Output
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Collaboration
Requirement artifacts
Software access for black-box testing
Log Output
Logging strengths
Logging weaknesses
Functional logging requirements
Mitigate repudiation threats
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Nonrepudiability Metrics
Jason King
Computer Science PhD Student