Ranking of security controlling strategies

driven by quantitative threat analysis.

Tavolo 2: "Big data security evaluation" UNIFI-CNR

Nicola Nostro, Ilaria Matteucci, Andrea Ceccarelli, Felicita Di Giandomenico,

Fabio Martinelli, Andrea Bondavalli

Outline

1.General description of work2.Basics3.Architecture/Framework4.Use case5.Conclusions and future works

Fai della Paganella

1. General description of work2. Basics3. Architecture/Framework

General description of the work

• Security analysis and design are key activities for the protection of critical systems and infrastructure.

• Traditional approaches:– Apply a qualitative threat assessment– Results used as input for the security design such that

appropriate countermeasures are selected• Our work: selection and ranking of security controlling

strategies driven by quantitative threat analysis– Threat analysis that identifies attack points and paths, and

ranks attacks (costs, difficulty, ...)– Such enriched information is used for more elaborated

controlling strategies that derive the appropriate monitoring rules and select countermeasures.

Framework Architecture

• Threat analysis supported by security models provides information on:– Attackers– Attacks and Attack points (as usual from threat analysis)– Attack paths– Relevance of the path (from a security viewpoint)/necessity of

countermeasures– Weights: costs, probabilities

• Security control strategies– Uses weights, relevance of the paths– Current objective: ranking of quantitative security controlling

strategies– Final output is the definition of countermeasures based on the

evaluation of the controlled paths

High-level Workflow

(system) functional requirements

dependability and security requirements

Threats AnalysisRequirements Controlling strategies

Design of security countermeasures

Next Steps –Fai della Paganella

• Identification of appropriate Case Study

• Preliminary version of paper in progress

• Iterative approach to framework

What’s new!

• CEMS use case• Submission to DEVVARTS workshop @

SAFECOMP– DEvelopment, Verification and VAlidation of

cRiTical Systems

Customer Energy Management System

A Customer Energy Management System (CEMS) is an application service or device that communicates with devices in the home.It may have interfaces to the meter to read usage data or to the operations domain to get pricing or other information to make automated or manual decisions to control energy consumption more efficiently.

Man in the Middle Attack

• In MIM attack an opponent captures messages exchanged between the EMG and the CEMS.

• It can – partially alter the content of the messages– Delay messages– reorder messages to produce an unauthorized effect– collect information without altering the content of

the messages• violation of integrity, availability or

confidentiality.

Two profiles: Criminal and Hacker

Is a Control strategies better than another?

To select the controller strategy that better fit a set of requirements (e.g., the minimum cost) we associate to each step a value obtained by the threat analysis.

where k, k’ denote these values.

; ;

Quantitative Control strategies

Definition. Given a path t = (a1,k1) … (an,kn), the label of t is given by (a1 … an) belongs to Act*, and its run weight by |t| = k1 * … * kn belongs to K, where the product * denotes the product of the considered semiring K.

The valuation of a process intuitively corresponds to the sum of all possible quantity of the traces belonging to the process.

Given an attack F, and a semiring K, a controller E2 is better than a controller E1 w.r.t. F the valuation of E1 on F is less then the valuation of E2 on F.

NOTE: the interested reader will find all the evaluations in the paper….

Additional information

• The paper is going to be submitted to DEVVARTS

• We will add also proability of attack as measure for driving the definition of security countermeasures

• Future work: deploy the selected controlling system into the system and evaluate the global system.