1 / 54

Security Risk Analysis

PhD student in Computer Science Dipartimento di Scienze Università degli Studi “G. d’Annunzio” Pescara. Corso di Sicurezza e Privacy mercoledì 7 novembre 2007. Security Risk Analysis. Pamela Peretti. Dipartimento di Scienze - 16 luglio 2014. Risk Management Process.

majed
Télécharger la présentation

Security Risk Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PhD student in Computer Science Dipartimento di Scienze Università degli Studi “G. d’Annunzio” Pescara Corso di Sicurezza e Privacy mercoledì 7 novembre 2007 Security Risk Analysis Pamela Peretti Dipartimento di Scienze - 16 luglio 2014

  2. Risk Management Process Il processo di risk management è l'insieme di attività coordinate per gestire un'organizzazione con riferimento ai rischi. Tipicamente include l'identificazione, la misurazione e la mitigazione delle varie esposizioni al rischio. 2

  3. Risk Management Process Il rischio è l'incertezza che eventi inaspettati possano manifestarsi producendo effetti negativi per l'organizzazione. 3

  4. Risk Management Process Il rischio di Information Technology: il pericolo di interruzione di servizio, diffusione di informazioni riservate o di perdita di dati rilevanti archiviati tramite mezzi computerizzati. Information Security Risk Management 4

  5. 1. Risk Assessment Il processo di risk assessment è usato per determinare l'ampiezza delle potenziali minacce ad un sistema IT ed identificare tutte le possibili contromisure per ridurre o eliminare tali voci di rischio. Vengono identificati: asset minacce vulnerabilità contromisure Vengono determinati: impatto prodotto dalle minacce, fattibilità delle minacce, complessivo livello di rischio. 5

  6. 2. Risk Mitigation Nel processo di risk mitigation vengono analizzati le contromisure raccomandati dal team di assessment, e vengono selezionati e implementate le contromisure che presentano il miglior rapporto costi/benefici. 6

  7. 3. Monitoring All'interno di grandi imprese i sistemi IT subiscono frequenti modifiche dovuti ad aggiornamenti, cambiamento dei componenti, modifica dei software, cambio del personale, ecc. Mutano le condizioni del sistema, modificando anche gli effetti delle contromisure adottate. 7

  8. approcci

  9. Approcci Approcci qualitativi Analisi degli scenari che possono realizzarsi all’interno di un sistema. Lo scopo è quello di individuare le possibili minacce e il livello di rischio associato ad ogni risorsa che compone il sistema. Attack tree Approcci quantitativi • Quantificazione di tutte le grandezze necessarie per una valutazione dei rischi con l'obiettivo di determinare, attraverso l’uso di una serie d’indici, la convenienza economica di un investimento in sicurezza. Indici economici 9

  10. Approcci Approcci qualitativi Analisi degli scenari che possono realizzarsi all’interno di un sistema. Lo scopo è quello di individuare le possibili minacce e il livello di rischio associato ad ogni risorsa che compone il sistema. Approcci quantitativi Quantificazione di tutte le grandezze necessarie per una valutazione dei rischi con l'obiettivo di determinare, attraverso l’uso di una serie d’indici, la convenienza economica di un investimento in sicurezza. 10

  11. analisi di uno scenario

  12. A security scenario 12

  13. Defence trees Defence trees are an extension of attack trees [Schneier00]. • Attack tree: • the root is an asset of an IT system • paths from a leaf to the root represent attacks to the asset • the non-leaf nodes can be: • and-nodes • or-nodes root or-nodes and-nodes • Defence tree: • attack tree • a set of countermeasures 13

  14. Defence trees (example) Obtain root privileges a2 a1 $ $ $ Stealing access Corrupting a user Steal datastored in a server 14

  15. Defence trees (example) Attack the system with a remote login a3 a4 a1 a2 Exploit an on-line vulnerability Exploit a web server vulnerability Steal datastored in a server 15

  16. Defence trees (example) Steal theserver a5 a6 a1 a2 a3 a4  Access to the server’s room Go outunobserved Steal datastored in a server 16

  17. Defence trees (example) a1 a2 a3 a5 a4 a6 Steal datastored in a server 17

  18. Defence trees (example) c8 c12 c6 c10 c9 c13 c7 c11 c3 c1 c4 c2 c5 c3 Steal datastored in a server a1 a3 a5 a2 a4 a6 18

  19. metodi di scelta

  20. Cp-nets Conditional preference networks [Boutiliet99] are a graphical formalism to specify and representing conditional preference relations. D W I prefer red wine to white wine if a meat dish is served. preference condition • Two variables: the dish D, the wine W. • D is a parent of W: Pa(W)=D 20

  21. Cp-nets (example) I prefer red wine to white wine if a meat dish is served. Df Wr Df Ww Dm Ww Dm Wr Less preferred Most preferred 21

  22. Cp-nets can be used to model conditional preferences over attacks and countermeasures Cp-nets on defence trees A C a4 a3 … Exploit a web server vulnerability Exploit an on-line vulnerability less dangerous… … more dangerous 22

  23. Cp-nets can be used to model conditional preferences over attacks and countermeasures Cp-nets on defence trees A a1 C Obtain root privileges stealing access c1 c3 c2 Add an identification token Change the password periodically Log out the pc after the use : less expensive… …more expensive 23

  24. Cp-nets on defence trees Cp-nets can be used to model conditional preferences over attacks and countermeasures A C ? ? ? c3 c1 c8 c12 c6 c10 c9 c13 c7 c11 c4 c2 c5 c3 Ç Æ Ç a1 a2 a5 a6 a3 a4 24

  25. An and-attack is an attack composed by a set of actions that an attacker has to successfully achieve to obtain his goal. and-composition ? How to combine the preferences for the countermeasure associated to each attack action? 25

  26. and-composition (example) A countermeasure is preferred to another one if it is preferred in, at least, one of the partial orders. y a x z b b a a c c b b c A = {x,y,z}C = {a,b,c} : a  b  c x Æ y Æ z and-composition 26

  27. and-composition (example 2) We have also to consider the preferences over the value of the parent variable a x y b a c c b d d A = {x,y}C = {a,b,c,d} and-composition x Æ y : c  d  a  b 27

  28. or-composition An or-attack is an attack that can be performed with different and alternative actions: the attacker can complete successfully any of its actions to obtain his goal ? How to combine the preferences associated to each action that compose the attack and determine sets of countermeasures? 29

  29. or-composition (example) a x z a,b a,b,c a a a,c b,c b b c y x Ç y Ç z A = {x,y,z}C = {a,b,c} a or-composition c <a,a,a> <a,a,b> [a] [a,b] [a,c] [b,c] [a,b,c] <a,c,a> <a,c,b> <b,a,a> [b,c] [a,b] <b,a,a> <b,a,b> <b,c,a> <b,c,b> <b,c,b> <c,a,a> <c,a,b> <c,c,a> <c,c,b> b b a c a b 30

  30. or-composition: example c1 Æ c5 c3 Æ c4 c1 Æ c3 c3 c1 Æ c4 c2 Æ c5 c3 Æ c5 c3 c1 c2 Æ c4 c2 Æ c3 c4 c2 c5 c3 a1Ç a2 a1 a2 31

  31. Approcci Approcci qualitativi • Analisi degli scenari che possono realizzarsi all’interno di un sistema. Lo scopo è quello di individuare le possibili minacce e il livello di rischio associato ad ogni risorsa che compone il sistema. • Approcci quantitativi • Quantificazione di tutte le grandezze necessarie per una valutazione dei rischi con l'obiettivo di determinare, attraverso l’uso di una serie d’indici, la convenienza economica di un investimento in sicurezza. 32

  32. indici

  33. Indici: SLE The Single Loss Exposure (SLE) represents a measure of an enterprise's loss from a single threat event and can be computed by using the following formula: • where: • the Asset Value (AV) is the cost of creation, development, support, replacement and ownership values of an asset, • the Exposure Factor (EF) represents a measure of the magnitude of loss or impact on the value of an asset arising from a threat event. 34

  34. Indici: ALE The Annualized Loss Expectancy (ALE) is the annually expected financial loss of an enterprise that can be ascribed to a threat and can be computed by using the following formula: • where: • the Annualized Rate of Occurrence, (ARO) is a number that represents the estimated number of annual occurrences of a threat. 35

  35. Indici: ROI The Return on Investment (ROI) indicator can be computed by using the following formula: • where: • RM is the risk mitigated by a countermeasure and represents the effectiveness of a countermeasure in mitigating the risk of loss deriving from exploiting a vulnerability • CSI is the cost of security investment that an enterprise must face for implementing a given countermeasure. 36

  36. Indici: ROA The Return On Attack(ROA) measures the gain that an attacker expects from a successful attack over the losses that he sustains due to the adoption of security measures by his target • where: • GI is the expected gain from the successful attack on the specifiedtarget • costa is the cost sustained by the attacker to succeed, • costac is the additional cost brought by the countermeasure cadopted by the defender to mitigate the attack a.

  37. scenari + indici

  38. Etichettatura per ROI AV E D C B A EFbAROb SLEbAROb 5 3 1 2 4 RM1Cost1 EFdAROd EFeAROe RM2Cost2 SLEeALEe SLEdALEd RM3Cost3 RM4Cost4 RM5Cost5 39

  39. Etichettatura per ROA A B C D E GI costb costc 1 2 5 3 4 RM1costb,1 RM2costb,2 RM3costc,3 RM4costc,4 RM5costc,5 Corso di Sicurezza e Privacy - 16 luglio 2014 40

  40. Etichettatura Steal datastored in a server Obtain root privileges Attack the system with a remote login Steal the server Stealing access Corrupting a user Exploit an on-line vulnerability Exploit a web server vulnerability Access to the server’s room Go out unobserved Change the password periodically Add an identification token Update the system periodically Install a security door Use an antivirus software Install a video surveillance equipment Log out the pc after the use Distribute responsab. among users Separate the contents on the server Install a safety lock Stop suspicious attachment Employ a security guard Add an identification token Motivate employees 41

  41. Etichettatura ROI Steal datastored in a server AV=100.000 € Attack the system with a remote login Steal the server Obtain root privileges SLE=90.000 € SLE=90.000 € EF=100% EF=100% ARO=0,09 ARO=0,09 Exploit an on-line vulnerability Exploit a web server vulnerability Go out unobserved Access to the server’s room Stealing access Corrupting a user RM=60% RM=80% ROI=9.8 ROI=1.4 CSI=500€ CSI=3000€ Change the password periodically Add an identification token Install a security door Update the system periodically Use an antivirus software Install a video survellaince equipment RM=10% RM=50% ROI=8 ROI=-0.7 CSI=100€ CSI=15000€ Separate the contents on the server Install a safety lock Stop suspicious attachment Employ a security guard Log out the pc after the use Distribute responsab. among users RM=80% RM=80% ROI=1.4 ROI=2.6 CSI=3000€ CSI=2000€ Add an identification token Motivate employees 42

  42. Etichettatura ROA Steal datastored in a server GI=30.000 € Attack the system with a remote login Steal the server Obtain root privileges Costa=3000 € Costb=10000 € Exploit an on-line vulnerability Exploit a web server vulnerability Go out unobserved Access to the server’s room Stealing access Corrupting a user RM=60% RM=80% ROA=2 ROA=-0.48 cost=1000€ cost=1.500€ Change the password periodically Add an identification token Update the system periodically Install a security door Use an antivirus software Install a video survellaince equipment RM=10% RM=50% ROA=6.71 ROA=0.40 cost=500€ cost=700€ Separate the contents on the server Install a safety lock Stop suspicious attachment Employ a security guard Log out the pc after the use Distribute responsab. among users RM=80% RM=80% ROA=0.33 ROA=0.50 cost=1.500€ cost=2000€ Add an identification token Motivate employees 43

  43. varianti

  44. Three novel indicators • Critical time • Retaliation • Collusion

  45. Critical time

  46. Critical time Exposure Factor duringCritical Time expresses the influence that the criticality of a specific time instance plays on the EF .

  47. Critical time: the indicators • Annualized Rate of Occurrence, AROCT, is the rate of occurrence of an attack at a specific CTF per year. • Single Loss Exposure, SLECT, is the cost of a single attack at a specific CTF: • Annualized Loss Expectancy, ALECT, is the cost per year of an attack at a specific CTF: • Return On Investment, ROICT, is the economic return of an enterprise's investment against an attack mounted at a specific CTF:

  48. Retaliation

  49. Retaliation Exposure Factor underRetaliation expresses the influence that the chance of retaliating an attack to an asset plays on the EF.

  50. Retaliation: the indicators • Annualized Rate of Occurrence, AROR, is the rate of occurrence per year of an attack that can be retaliated. • Single Loss Exposure, SLER, is the cost of a single attack that can retaliated: • Annualized Loss Expectancy, ALER, is the cost per year of an attack that can be retaliated: • Return On Investment, ROIR, is the economic return of an enterprise's investment against an attack that can be retaliated:

More Related