1 / 19

Fall Extension Project

Fall Extension Project. Initial Brief Meeting. Martin Q. Zhao. August 28, 2010. Summer Research – An Overview. Title: Knowledge Representation & Reasoning for Impact/ Threat Assessment in Cyber Situation Awareness Systems Objective: Enhancing the SITA system

geri
Download Presentation

Fall Extension Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fall Extension Project Initial Brief Meeting Martin Q. Zhao August 28, 2010

  2. Summer Research – An Overview • Title: Knowledge Representation & Reasoning for Impact/ Threat Assessment in Cyber Situation Awareness Systems • Objective: Enhancing the SITA system • Find ways to model domain knowledge • Develop a tool for VT creation/modification • Collaborators: • Dr. John Salerno • Mike Manno • Jimmy Swistak • Warren Geiler

  3. Cyber SA Model • Endsley’s model: • Perception • Comprehension • Projection JDL model: Level 0: Source Preprocessing/subobject refinement Level 1: Object refinement Level 2: Situation refinement Level 3: Impact Assessment Level 4: Process Refinement

  4. Virtual Terrain The virtual terrain is a graphical representation of a computer network containing information relevant for a security analysis of a computer network, including: • Mission • Hosts & Subnets • Services & exposures • Routers, sensors & firewalls • Physical & wireless links • Users

  5. TIA Procedures Using VT Projecting promising futures & assessing threats Assessing impacts on missions Tracking relevant attack events Attack detection using IDS

  6. Core SITA Subsystems

  7. Problems to Solve • Amount of data is huge • A computer network can have hundreds of machines, thousands of software applications and user accounts • Known vulnerabilities are in the thousands, and the number is ever growing. • XML files are used: they can contain redundant data • Harm efficiency • Cause well-known anomalies • Insertion • Deletion • Update • Tools need to be developed to feed SITA with data

  8. Conceptual Data Model

  9. Relational Data Model-VT S/W H/W Link & Policy Exposure

  10. Relational Data Model-Mission

  11. Relational Data Model-Exposure

  12. Mission Map Editor-Requirements • Requirements modeling w/ a use-case diagram • (Type of) User:SA Operator • System Functions: • Access data in file/DB • Display a mission tree • Modify a mission tree • Save changes to file/DB • Create a mission tree

  13. Mission Map Editor-Tree creation 6 File | Save 1 File | New 5 Assign assets 2 Top mission 3 Add more 4 Set criticality

  14. Mission Map Editor-Architecture XML Mission Map Model VT Model DB

  15. Mission Map Editor-Dynamics

  16. Vulnerability Lookup-Overview National Vulnerability Database (NVD) contains • What is a vulnerability? • What is an exposure? • How is it stored in NVD? • What is CVE? • What is CPE? • How are they related to SITA? Common Vulnerabilities and Exposures (CVE) <entry id="CVE-2010-0278"> … … <cpe-lang:logical-test negate="false" operator="OR"> <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7"/> <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista"/> … … </entry> Common Platform Enumeration (CPE) <cpe-item name="cpe:/o:microsoft:windows_7"> <title xml:lang="en-US">Microsoft Windows 7</title> … … </cpe-item>

  17. Vulnerability Lookup-Prototype 0 Load files C Exposure Apps affected B A CVSS Rating

  18. Vulnerability Lookup-Ideal ways cpe:/o:microsoft:windows_7

  19. Future R&D • MissionMapEditor: Thorough testing and refactoring • VulnerabilityTracker: • Research the processes of checking/updating CVE and CPE data feeds • Design a layered system architecture • Design and implement GUI that organizes products by category (such as OS, apps, HW), vendor, product family, version, etc • IDS (e.g. Snort) alerts specifics and mapping with CVE, as well as with SITA • VT model generation using automatic scanning data • Cyber situation visualization

More Related