CDXI - PowerPoint PPT Presentation

About This Presentation
Title:

CDXI

Description:

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand_at_nc3a.nato.int * Addressing security challenges on a ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 21
Provided by: ituIntdm
Category:
Tags: cdxi

less

Transcript and Presenter's Notes

Title: CDXI


1
(No Transcript)
2
Cyber Defence Data Exchange and Collaboration
Infrastructure (CDXI)
  • Luc DandurandNATO C3 Agencyluc.dandurand_at_nc3a.na
    to.int

3
NATO C3 Agency
  • Mission
  • Enable NATOs success through the unbiased
    provision of comprehensive C4ISR capabilities
  • NC3A mainly provides acquisition and scientific
    support to NATO and NATO Nations
  • Key player at helping Nations achieve
    interoperability
  • CDXI is sponsored by NATO Allied Command
    Transformation (ACT, Norfolk, VA)
  • http//www.nc3a.nato.int/

4
What is the CDXI?
  • Ultimately, the goal of CDXI is to
  • transport cyber defence data between
    organisations
  • through a resilient, global infrastructure
  • structure the data for machine processing
  • feed it directly into automated applications
  • provide assurance of its origin and quality
  • provide access controls for confidentiality
  • provide tools to collaborate on improving the
    data
  • enable commercial exploitation

5
Cyber Defence Data
  • Reference Information
  • Vulnerabilities
  • Software (Applications and Operating Systems)
  • Hardware
  • Malware
  • Patches and Fixes
  • Verification Tests (e.g. IDS signatures VA
    tests)
  • Protocol specifications
  • Certifications

6
Cyber Defence Data
  • Operational Information
  • Events
  • Incidents
  • IP addresses
  • Implicated parties

7
What problems does it solve?
  • Beyond the basic need to exchange data
  • Lots of data sources saying different things
  • Errors Discrepancies
  • Different focus and taxonomies
  • ? No simple way to fix known errors and
    collaborate
  • Limited ability to automate CD applications
  • Importing from the Web is often manual
  • Limited quality assurance ? THIS IS A MAJOR
    PROBLEM
  • No resilience ? Need a local copy of all data!
  • No automated implementation/enforcement of
    sharing policies

8
Examples of Discrepancies
CVE 2010-2941
18 Nov 2010
Possibly execute arbitrary code via a crafted
packet
9
CVE 2010-2941
10
CVE 2010-2941
11
CVE 2010-2941

12
CVE 2010-2941

13
CVE 2010-2941

14
How do we fix this?
  • Support dissension to reach consensus
  • Easily modify the data and send back to community
  • Multiple truths co-exist until further research
    uncovers the ultimate truth
  • Reject or block erroneous data coming into own
    automated systems
  • Custom Quality Assurance Processes

15
Structured Cyber Defence Data
  • Strategy of CDXI is currently based on
  • Pure enumerations for the specified topics
  • Single identifier for each element (e.g.
    CVE-ID)
  • Used to create all links to other data
  • Agile Data Model
  • User-defined taxonomies
  • User-defined relationships
  • CDXI could implement most, if not all, standards
    in CYBEX X.1500.

16
Confidentiality
  • Limited sharing is a reality
  • User-based and role-based access controls
  • Organisational sharing policies
  • Can limit user actions
  • Can automate sharing
  • Multiple security labels and mappings
  • Instances of CDXI exist at every security level
    (Unclassified, Secret and Top Secret)

17
Commercial Exploitation
  • Required since Industry has lots of data,but
    more importantly, the resources to refine it
  • Proposed strategy is to encrypt records
  • Sell keys to decrypt the data through contract
  • Industry can resell
  • Tools that use the CDXI
  • Content
  • Quality assurance of content
  • Data-mining

18
CDXI Architecture
19
Relation to CYBEX
  • Similar to CYBEX in that use/acquisition of the
    data is out of scope
  • Implements the following CYBEX functions
  • Structuring cybersecurity information for
    exchange purposes
  • Identifying and discovering cybersecurity
    information and entities
  • Establishment of trust and policy agreement
    between exchanging entities
  • Providing assured cybersecurity information
    exchange
  • Adds support for
  • Dissension to reach consensus, collaboration
    mechanisms
  • Custom quality assurance processes
  • Commercial exploitation
  • Provides Resilience
  • CDXI tackles the problem from a prototype
    implementation point-of-view, rather than the
    CYBEX standards-based approach

20
CDXI Way Ahead
  • Concept, high-level requirements and proposed
    architecture will be completed Q1 2011
  • We plan to build and test a prototype in 2011
  • We plan to continue prototype development/testing
    in 2012 and beyond
  • We hope for Implementation by Industry?
  • Concept valid for any knowledge centric
    community!
  • For further information luc.dandurand_at_nc3a.nato.i
    nt
Write a Comment
User Comments (0)
About PowerShow.com