1 / 24

Towards Modelling Information Security with Key-Challenge Petri Nets

Towards Modelling Information Security with Key-Challenge Petri Nets. Teijo Venäläinen teijo.v.o.venalainen@jyu.fi. Contents. Introduction Various modelling methods Graph based modelling Key-Challenge Petri Nets. Introduction.

tambre
Télécharger la présentation

Towards Modelling Information Security with Key-Challenge Petri Nets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards Modelling Information Security with Key-Challenge Petri Nets Teijo Venäläinen teijo.v.o.venalainen@jyu.fi

  2. Contents • Introduction • Various modelling methods • Graph based modelling • Key-Challenge Petri Nets

  3. Introduction • Since 7/2006 in Information Technology Research Institute (ITRI), Agora, JYU • Doctoral studies since 2009 • Goal is to find a method for measuring information security (IS) • Modelling and Simulation (M&S)

  4. Motivation for testing/modelling • Testing a system in use is not a feasible option => damage • Real system must be replicated (modelled) somehow • Testing is done with the modelled system • How accurately does the model represent the real system?

  5. Resulting information • For the whole system or a single component, the following results are interesting: • Mean time between failure (against attacks) • Success probability of attacks • Damage (performance degradation, money, …) • Attack route i.e. how the attack progresses • And more …

  6. Testing methods • There are different methods, where varies [1] • ”target audience” • Human involement during testing • Detail level • Role playing, ”Packet wars”, network design tools • Mathematical modelling, state machines, graph based modelling

  7. Role playing • Scenario-based training exercises • High abstraction level • Test the strategic decision making process of personnel and organizations • Computers not necessary, ”pencil & paper” • Target audience: high level decision makers • Does not provide technical IS information

  8. ”Packet wars” • Real network with real users, a dedicated test network in a laboratory • Two teams: attackers and defenders • Highly accurate method but costly • Target audience: IS professionals

  9. Network design tools • Accurate modelling of networks and normal activities • Attack modelling is limited => limited results • No human involvement during testing, only simulation • Target audience: IS professionals, network designers

  10. Mathematical modelling, state machines, graph based models • Also approximations of the real system • Provide results faster through simulation • Cheap • Easily modifyable

  11. Modelling & simulation System description Model Simulation

  12. Graph based modelling • Network attack is usually a series of interdependent actions leading to a goal (= breach in security) • Actions are illustrated using nodes and arcs => an attack graph (AG) • Assign conditions (e.g. probability) on traversing between nodes • Usually attacker’s point of view • Simulate by starting from a node and moving towards the goal node(s)

  13. Attack tree Source [2]

  14. Challenges • The system must be described at adequate level of accuracy. Scalability with large networks? • Valid input parameters (From where? How?) • Usability • Attacker’s and defender’s interaction (game theory?) • Creating graphs is labor intensive => automatic tools

  15. Petri Nets • Place (input/output): holds tokens • Arc: connects places and transitions • Transition: lets token pass through if conditions are met • Token: moves from place to place

  16. Key-Challenge Petri Nets (KCPN) • A modelling method under development • Based on Petri-nets • KCPN graph is created using network and vulnerability information • Conditions for transitions = key-challenge • challenge = security measure • key = means to circumvent/break the security measure

  17. KCPN: overview • Hierarchical i.e. modelling may be performed using various abstration levels • Modular structure • Place = network device or attack action • Arc = physical connection of devices or causal relation of attack actions • Transition = challenge (security measure)

  18. KCPN: simulation • Attacker collects keys that allow him to progress in the graph • Variables may be assigned for transitions • Probability of being detected • Duration of an attack action (time distribution) • Cost, skill level, etc. • It is possible to perform an attack action without required keys but with a greater cost/duration

  19. KCPN: results • Simulation results include: • Probability of success of an entire attack • The most vulnerable attack path • The duration of the entire attack • Results may be used as input data within the model (simulate modules independently)

  20. KCPN: example • Two hierarchy levels: • Topology level (physical world) • Attack action level (abstract world) • Multiple network devices lumped into a single node (Hosts) • Devices with similar connections, OS, software, etc. => lumped together

  21. KCPN: the physical network

  22. KCPN: the graph

  23. Sources • [1] J. Saunders. Simulation Approaches in Information Security Education. Proceedings of 6th National Colloquium for Information System Security Education, 2002. • [2] Bruce Schneier. Attack Trees. SANS Network Security 1999. http://www.cs.utk.edu/~dunigan/cns06/attacktrees.pdf

  24. Thank You!

More Related