Upload
sadegh-dorri-nogoorani
View
60
Download
3
Embed Size (px)
Citation preview
In the Name of Allah
Data and Network Security Lab. (DNSL)
Sharif University of Technology
The 9th International ISC Conference on Information Security & Cryptology (ISCISC 2012)
Sadegh Dorri Nogoorani, Mohammad Ali Hadavi, Rasool Jalili
Data and Network Security Lab, Dept. of Computer Engineering Sharif University of Technology, Tehran, I.R. IRAN
http://ce.sharif.edu/~dorri
Measuring Software Security Using SAN Models
22
of
Formal Software Security Measurement
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
2
Formal Verification Proving properties (safety, liveness) Measuring metrics (our approach)
Challenges Very complicated and time-consuming A must for mission critical systems Verification through high level models
Tools in the Literature Colored and aspect-oriented Petri nets Discrete-time Markov chains Queuing models Our Paper: Stochastic Activity Networks
22
of
Outline
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
3
Background
Stochastic Activity Networks
Our General Attack Model
The semi-Markov model
Metrics
Measurement
Case Study
Conclusions
Background
14 Sep. 2012
4
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
SANs
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
5
Stochastic Activity Networks (SANs) - Since 1984 Probabilistic extensions of activity networks
Stochastic generalization of Petri nets
Timing of Activities Not restricted to be exponential
Exponential, deterministic, normal, uniform
Programmable cases
Automatic Tools Easy graphical modeling
Möbius tool
Our General Attack Model
14 Sep. 2012
7
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
The Attack Model
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
8
Semi-Markov Attack Model States: privilege levels (secure, insecure, compromized)
Transitions: exploit, recover, cancel
22
of
Example: Password Compromise
14 Sep. 2012
9
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
Security Metrics
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
10
Metrics
Probability of Attack Success (PAS) – Probability
System Misuse Proportion (SMP) – Proportion
Mean Time to First Breach (MTFB) – Time
Measurement
The attack model is transformed to SAN models
PAS-SAN, SMP-SAN, MTFB-SAN
22
of
Case Study
14 Sep. 2012
11
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
Measuring SMP
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
12
SMP (System Misuse Proportion)
Steady-state prob. of being in a compromised state
SMP-SAN
Places
Transitions •
22
of
Measuring MTFB
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
13
MTFB (Mean Time to First Breach)
Average time until (transient) the attacker (token) reaches a compromised state
MTFB-SAN
One trapping compromised state
•
22
of
Measuring PAS
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
14
PAS (Probability of Attack Success)
The no. of successful attacks / all attacks
Transient
PAS-SAN
Recovery = Attack failed state
•
Case Study Results
14 Sep. 2012
15
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
Transition Times (Hours)
(dependent on Password Change)
14 Sep. 2012
16
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
Uniform dist.: Increasing Failure Rate (IFR)
22
of
PAS (Prob. Attack Succ.)
14 Sep. 2012
17
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
of
SMP (Sys. Misuse Proportion)
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
18
22
of
MTFB (Mean Time to First Breach)
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
19
(about a year)
22
of
Conclusions and Future Work
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
20
Quantitative Analysis More reliable and tangible than traditional subjective qualitative
evaluations
Our Contribution Semi-Markov attack model Can incl. prevention and recovery mechanisms Can account for adversary skill level, auditing level Automatic measurement using Möbius
Future Work Other case studies One universal SAN model for all metrics Analytically solve the SAN models
My Homepage
http://ce.sharif.edu/~dorri
Thanks! 21
Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili 14 Sep. 2012
22
of
References
14 Sep. 2012 Measurement of Software Security, S. Dorri Nogoorani, M.A. Hadavi, R. Jalili
22
1. J.F. Meyer, A. Movaghar, and W. H. Sanders, Stochastic activity networks: structure, behavior and application, Int. Workshop on Timed Petri Nets, 1985, pp. 106-115.
2. W.H. Sanders and J. F. Meyer, Stochastic activity networks: formal definitions and concepts, Lec. Formal Methods and Performance Analysis, LNCS, vol. 2090, Springer-Verlag, 2001, pp. 315-343.
3. J. Almasizadeh and M. A. Azgomi, A new method for modeling and evaluation of the probability of attacker success, Int. Conf. Security Technology, 2008, pp. 49-53.
4. J. Almasizadeh and M. A. Azgomi, Intrusion process modeling for security quantification, 4th Int. Conf. Availability, Reliability and Security, 2009, pp. 114-121.