Towards Modelling Information Security with Key-Challenge Petri Nets - PowerPoint PPT Presentation

About This Presentation
Title:

Towards Modelling Information Security with Key-Challenge Petri Nets

Description:

Title: Dia 1 Author: Atkk Last modified by: Ven l inen, Teijo Vesa O Created Date: 10/28/2004 11:46:24 AM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 25
Provided by: Atkk
Category:

less

Transcript and Presenter's Notes

Title: Towards Modelling Information Security with Key-Challenge Petri Nets


1
Towards Modelling Information Security with
Key-Challenge Petri Nets
  • Teijo Venäläinen
  • teijo.v.o.venalainen_at_jyu.fi

2
Contents
  • Introduction
  • Various modelling methods
  • Graph based modelling
  • Key-Challenge Petri Nets

3
Introduction
  • Since 7/2006 in Information Technology Research
    Institute (ITRI), Agora, JYU
  • Doctoral studies since 2009
  • Goal is to find a method for measuring
    information security (IS)
  • Modelling and Simulation (MS)

4
Motivation for testing/modelling
  • Testing a system in use is not a feasible option
    gt damage
  • Real system must be replicated (modelled) somehow
  • Testing is done with the modelled system
  • How accurately does the model represent the real
    system?

5
Resulting information
  • For the whole system or a single component, the
    following results are interesting
  • Mean time between failure (against attacks)
  • Success probability of attacks
  • Damage (performance degradation, money, )
  • Attack route i.e. how the attack progresses
  • And more

6
Testing methods
  • There are different methods, where varies 1
  • target audience
  • Human involement during testing
  • Detail level
  • Role playing, Packet wars, network design tools
  • Mathematical modelling, state machines, graph
    based modelling

7
Role playing
  • Scenario-based training exercises
  • High abstraction level
  • Test the strategic decision making process of
    personnel and organizations
  • Computers not necessary, pencil paper
  • Target audience high level decision makers
  • Does not provide technical IS information

8
Packet wars
  • Real network with real users, a dedicated test
    network in a laboratory
  • Two teams attackers and defenders
  • Highly accurate method but costly
  • Target audience IS professionals

9
Network design tools
  • Accurate modelling of networks and normal
    activities
  • Attack modelling is limited gt limited results
  • No human involvement during testing, only
    simulation
  • Target audience IS professionals, network
    designers

10
Mathematical modelling, state machines, graph
based models
  • Also approximations of the real system
  • Provide results faster through simulation
  • Cheap
  • Easily modifyable

11
Modelling simulation
System description
Model
Simulation
12
Graph based modelling
  • Network attack is usually a series of
    interdependent actions leading to a goal (
    breach in security)
  • Actions are illustrated using nodes and arcs gt
    an attack graph (AG)
  • Assign conditions (e.g. probability) on
    traversing between nodes
  • Usually attackers point of view
  • Simulate by starting from a node and moving
    towards the goal node(s)

13
Attack tree
Source 2
14
Challenges
  • The system must be described at adequate level of
    accuracy. Scalability with large networks?
  • Valid input parameters (From where? How?)
  • Usability
  • Attackers and defenders interaction (game
    theory?)
  • Creating graphs is labor intensive gt automatic
    tools

15
Petri Nets
  • Place (input/output) holds tokens
  • Arc connects places and transitions
  • Transition lets token pass through if conditions
    are met
  • Token moves from place to place

16
Key-Challenge Petri Nets (KCPN)
  • A modelling method under development
  • Based on Petri-nets
  • KCPN graph is created using network and
    vulnerability information
  • Conditions for transitions key-challenge
  • challenge security measure
  • key means to circumvent/break the security
    measure

17
KCPN overview
  • Hierarchical i.e. modelling may be performed
    using various abstration levels
  • Modular structure
  • Place network device or attack action
  • Arc physical connection of devices or causal
    relation of attack actions
  • Transition challenge (security measure)

18
KCPN simulation
  • Attacker collects keys that allow him to progress
    in the graph
  • Variables may be assigned for transitions
  • Probability of being detected
  • Duration of an attack action (time distribution)
  • Cost, skill level, etc.
  • It is possible to perform an attack action
    without required keys but with a greater
    cost/duration

19
KCPN results
  • Simulation results include
  • Probability of success of an entire attack
  • The most vulnerable attack path
  • The duration of the entire attack
  • Results may be used as input data within the
    model (simulate modules independently)

20
KCPN example
  • Two hierarchy levels
  • Topology level (physical world)
  • Attack action level (abstract world)
  • Multiple network devices lumped into a single
    node (Hosts)
  • Devices with similar connections, OS, software,
    etc. gt lumped together

21
KCPN the physical network
22
KCPN the graph
23
Sources
  • 1 J. Saunders. Simulation Approaches in
    Information Security Education. Proceedings of
    6th National Colloquium for Information System
    Security Education, 2002.
  • 2 Bruce Schneier. Attack Trees. SANS Network
    Security 1999. http//www.cs.utk.edu/dunigan/cns0
    6/attacktrees.pdf

24
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com