Dr.%20Stilianos%20Vidalis - PowerPoint PPT Presentation

About This Presentation
Title:

Dr.%20Stilianos%20Vidalis

Description:

The Role of Deception. in CND & IO. Dr. Stilianos ... Enthusiasts. Media. Political parties. Fire. Flood. Lightning. Vermin. Wind. Sand. Frost. Earthquake ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 22
Provided by: dcsG6
Category:

less

Transcript and Presenter's Notes

Title: Dr.%20Stilianos%20Vidalis


1
The Role of Deception in CND IO
  • Dr. Stilianos Vidalis
  • Information Security Research Group
  • J133 School of Computing
  • University of Glamorgan
  • 0044 (0)1443 482731
  • svidalis_at_glam.ac.uk

2
Pro-logos
  • At the beginning there was light
  • then the cosmos
  • then all the species
  • and finally there was WAR!!!

3
Threat Assessment
  • A threat assessment is a statement of threats
    that are related to vulnerabilities, an
    organisations assets, and threat agents, and
    also a statement of the believed capabilities
    that those threat agents possess.
  • Threat f (Motivation, Capability, Opportunity,
    Impact)

4
Motivation
  • Motivation is the degree to which a threat agent
    is prepared to implement a threat.
  • The motivational factors are the elements that
    drive a threat agent to consider attacking a
    computer system
  • political, secular,
  • personal gain,
  • religious, revenge,
  • power, terrorism,
  • and curiosity
  • Q Can we deceive Them in believing that they do
    not want to target us?

5
Capability
  • Capability is the degree to which a threat agent
    is able to implement a threat
  • The availability of a number of tools and
    techniques to implement an attack, and the
    ability to use the tools and techniques
    correctly.
  • The availability of education and training to
    support the correct use of various tools and
    techniques.
  • The level of resource that a threat agent has, or
    can acquire over a certain time.
  • Q Can we deceive Them in believing
  • that they are not able to target us?

6
Opportunity
  • The easiest of the 3 to manage?
  • Opportunity can be defined as a favourable
    occasion for action.
  • Past
  • make sure that threat agents will be in no
    position of creating or exploiting opportunities.
  • Present
  • Risk is not managed by as but by the threat
    agents, so concentrate on Motivation

7
Threat Agents?
  • The term threat agent is used to denote an
    individual or group that can manifest a threat.
  • Hackers are good people!!!
  • .
  • .
  • .
  • .

8
Threat Agent Categories
Corporation
Nation States
Threat Agents
Partners
Competitors
Non-Target Specific
Natural Disasters
ESA
Terrorists
Organized Crime
Employees
Gangs (blocks)
Political parties
Staff
Bacteria
Political
Fire
Flood
Gangs (city)
Media
Lightning
Religious
Contractors
Worms
Vermin
Fatria (national)
Enthusiasts
Wind
Cleaners
Anarchists
Trojans
Sand
Guards
Fatria (international)
Activists
Frost
Logic Bombs
Earthquake
Trapdoors
Operations Staff
Vandals
General Public
Viruses
Maintenance Staff
Extremists
Religious Followers
Governments
9
Why do we analyse Them?
  • It is a game, the aim achieve information
    superiority
  • We need to understand what motivates them
  • We need to know of their technical and
    educational capability
  • We need to know how they think
  • Security has to be proactive and not reactive

10
How do we analyse Them?
  • We start by identifying them
  • Threat agent catalogue
  • Historical threat agent data
  • Environmental reports
  • Knowledge of personnel
  • Stakeholder List

11
How do we analyse Them?
12
How do we analyse Them?
  • Capability capability metrics available on
    request
  • Opportunity
  • Access to Information
  • Changing Technologies
  • Target Vulnerability
  • Target profile
  • Public Perception
  • Motivation

13
InfoSec Requirements
  • the activities to protect hardware, software
    and intangible information at the hardware and
    software levels (E. Waltz)
  • Information has three abstractions data,
    information knowledge
  • When threat agents acquire knowledge then they
    are able to launch active attacks with high
    probability of success.
  • Q How do we ensure information superiority?

14
IO Taxonomy
IO Layer IO Layer Function NETWAR
Offence Perceptual Manage perception, Disrupt decision processes PSYOPS, Deception
Offence Information Dominate information infrastructure NETOPS
Offence Physical Break things, Incapacitate/kill people Physical destruction
Defence Perceptual Protect perceptions and decision-making processes Intelligence, Counterintelligence
Defence Information Protect information infrastructure INFOSEC
Defence Physical Protect operations, protect people OPSEC
15
What do we do!!!
  • Could we possibly deceive threat agents?
  • Through deception we can manage our adversarys
    perception and disrupt his decision-making
    processes.
  • The outcome can be twofold
  • either the defenders have time to react and
    deploy the necessary countermeasures (or finely
    tune the existing ones),
  • or the threat agent will call off the attack and
    return to the information gathering process in
    order to re-examine his plan of action.

16
Is there a limit?
  • Facts
  • Infrastructures follow a certain logic which
    allows threat agents to easily enumerate them
  • Administrators introduce vulnerabilities to their
    system in order to make their lives easier
  • The users of a system are its biggest
    vulnerability
  • Argument
  • Can we use deception techniques on our own users?

17
Security through Deception
  • Actions executed to deliberately mislead
    adversary military decision makers as to friendly
    military capabilities, intentions, and
    operations, thereby causing the adversary to take
    specific actions that will contribute to the
    accomplishment of the friendly mission
  • Deception can be used in two ways for ensuring
    security
  • Simulating showing the false, drawing attention
    away from the real
  • Dissimulating hiding the real, producing
    confusion about what is real

18
Technical Solution
  • G4DS system that brings enterprises together in
    virtual communities in order to identify and
    monitor threat agents
  • Virtual Honeypots system that takes input from
    G4DS in order to perform near real-time threat
    agent deception

19
Deception Methodology
  • Everything should be dedicated to the execution
    of the deception
  • Intelligence must be brought fully into the
    picture
  • Intelligence must be assessed
  • Secrecy must be enforced
  • The deception plan must be designed at the top
    levels
  • Full implementation consistency of all elements
    of deception
  • Deception must be continuous

20
Epi-logos
  • Need to move reference point from risk assessment
    to threat assessment
  • Need to be able to identify and monitor threat
    agents
  • Hackers are good people!!!
  • G4DS system that brings enterprises together in
    virtual communities in order to identify and
    monitor threat agents
  • Virtual Honeypots system that takes input from
    G4DS in order to perform near real-time threat
    agent deception

21
Questions?
Write a Comment
User Comments (0)
About PowerShow.com