1 / 0

Information Sharing for the Financial IT Infrastructure: Opportunities and Technological Challenges

MID LAB. Middleware Laboratory. Sapienza Università di Roma Dipartimento di Informatica e Sistemistica. Information Sharing for the Financial IT Infrastructure: Opportunities and Technological Challenges. Roberto Baldoni Università degli Studi di Roma “La Sapienza ”

inigo
Download Presentation

Information Sharing for the Financial IT Infrastructure: Opportunities and Technological Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Information Sharing for the Financial IT Infrastructure: Opportunities and Technological Challenges Roberto Baldoni UniversitàdegliStudidi Roma “La Sapienza” baldoni@dis.uniroma1.it, http://www.dis.uniroma1.it/~baldoni/ Second Workshop on Cyber Security and Global Affairs Zurich, Switzerland8/7/2010
  2. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem "webification" of critical financial services, such as home banking, online trading, remote payments; Cross-domain interactions, spanning different organization boundaries are in place in financial contexts; Heterogeneous infrastructure systems such as telecommunication supply, banking, and credit card companies working on heterogeneous data; Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  3. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem A payment card fraud (2008) 100 compromised payment cards used by a network of coordinated attackers retrieving cash from 130 different ATMs in 49 countries worldwide, totaling 9 million of US dollars. High degree of coordination, half an hour to be executed evade all the local monitoring techniques used for detecting anomalies in payment card usage patterns. The fraud has been detected only later, after aggregating all the information gathered locally by each financial institution involved in the payment card scam Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  4. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Distributed Denial Of Service Attack (2007, Northern Europe) render web-based financial services unreachable from legitimate users. DDoS attack targeted a credit card company and two DNS. Internet restored only after several trial-and-error activities carried out manually by network administrators of the attacked systems and of their Internet Service Providers (ISPs). Long preparation time (days), short attack time (seconds) Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  5. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Both previous attacks cannot be detected quickly through information available at the IT infrastructure of a single financial player (i.e., trough local monitoring) Need of Information Sharing Exchange non-sensitive status information Set up of agreements Advantages of a global monitoring system Damage mitigation Quick reaction Sense and respond applications (ATC systems, C&C applications, Business intelligence) Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  6. Middleware Laboratory MIDLAB Structure of a sense-respond application Sensors Event Notification Complex Event Processing Application level Correctness factors Accuracy (no false warning) Completeness (no detection of real warning) Timeliness (no late warning) Basicevents Data Dissemination CEP warnings Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  7. Middleware Laboratory MIDLAB The added value of Collaboration Barriers to collaboration Understanding the economics Trust Legal Issues Sharing resources and data Added values (potential): Improved accuracy Improved completeness Better timeliness Additional problems (real) Data privacy Data retention Substain High throughput Large bandwidth and computing capabilities LLYODS UBS France Telecom Internet AT&T SWIFT Unicredit EDF Events warnings Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  8. MIDLAB Middleware Laboratory EU CoMiFin Projectwww.comifin.eu Sapienza Università di Roma Dipartimento di Informatica e Sistemistica ApplicationLevel CollaborationLevel Internet level
  9. Middleware Laboratory MIDLAB Collaborative Cyber Security: CoMiFin platform CoMiFin offers to FIs a platform for gaining the benefits of community-based collaboration over a “business social network” CoMiFin platform addresses needs considered important in the financial operator community (such as: information security, data privacy, SLA, contractual relationship for entering a community, “certified” anonimity, …) CoMiFin project had been submitted to three Financial Advisory Board (FAB) meeting evaluation sessions that have highlighted its possible business value in real financial use cases. Some FAB members: SWIFT, SIA-SSB, IMI-SAN PAOLO, BANK OF ITALY, UBS. Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  10. Middleware Laboratory MIDLAB Collaborative Cyber Security: CoMiFin platform CoMiFin platform can be potentially useful for addressing the following business use cases Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …) Black/white lists distribution (for credit reputation, trust level, …) Anti-terrorism lists (with name check VAS) Anti money laundering monitoring Risk management support These use cases imply value added services that can be offered by SPs to FIs over CoMiFin Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  11. Middleware Laboratory MIDLAB Collaborative Cyber Security: CoMiFin platform CoMiFin platform can be potentially useful for addressing the following business use cases Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …) Black/white lists distribution (for credit reputation, trust level, …) Anti-terrorism lists (with name check VAS) Anti money laundering monitoring Risk management support These use cases imply value added services that can be offered by SPs to FIs over CoMiFin Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  12. Middleware Laboratory MIDLAB The notion of semantic room Contract set of processing and data sharing services provided by the SR along with the data protection, privacy, isolation, trust, security, dependability, performance requirements. The contractalsocontainsthe hardware and software requirements a member has to provision in order to be admitted into the SR. Objective each SR has a specic strategic objective to meet (e.g, large-scale stealthy scans detection, detecting Man-In-The-Middle attacks) Deployment highly flexible to accommodate the use of different technologies for the implementation of the processing and sharing within the SR (i.e., the implementation of the SR logic or functionality). Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  13. Middleware Laboratory MIDLAB The notion of semantic room Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  14. Middleware Laboratory MIDLAB The notion of semantic room: relationship with cloud computing Private cloud Deploymentof the semanticroomthrough the federationofcomputing and storagecapabilities at eachmember Eachmemberbrings a private cloudto federate Public Cloud Deploymentof the semanticroom on a third party cloud provider The third party ownsallcomputing and storagecapabilities FederationofComputing and storageresources: no cloudapproach Application Level Collaboration Level Internet Level Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  15. Middleware Laboratory MIDLAB CoMiFinTestbed Two Semantic rooms Man-In-The-Middle Attack Stealthy Scan Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  16. Middleware Laboratory MIDLAB Collaborative Stealthy scan detection Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  17. Middleware Laboratory MIDLAB Collaborative Man-in-The-Middle attack Events/Intermediate processing results forwarded to DHT overlay Processing rules Overlay Manager Events ... ... Events/Intermediate processing results received from DHT overlay CEP Engine Events PE PE Intermediate processing results DHT Overlay PE Processing results Event Manager PE PE PE PE Dissemination of Alerts/Events Events from SR Gateways Event Manager Manages I/O (events/alerts) with the outside world Overlay Manager Manages the internal communication and distributed storage CEP Engine Applies processing rules and produces alerts and intermediate processing results Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  18. Alerts in the dashboard Alert details (time, source, target, etc.) Service effected Score on the alert
  19. Metrics in the dashboard
  20. Middleware Laboratory MIDLAB Conclusions Customizable event correlation on the top of IP network Moving event correlation at the edge “Locally-aware” computing Usage of open-source technologies for event processing and event dissemination (Agilis, Free Pastry, Esper, Jaql etc) The the economic value of information sharing for Cyber Security Collaboration with SANDIA laboratory (USA) Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
  21. Middleware Laboratory MIDLAB Information Sharingfor the Financial IT Infrastructure: Barriers and Opportunities: (RomeOctober 12th 2010)(RomeOctober 12th 2010) “Cyber Attacks are categorizedasanoperationalriskby the Basel Committee on Banking Supervision in the Basel II accord. RecentevidenceofsuccessfulInternet-basedattacks and fraudsinvolvingfinancialinstitutionshighlights the inadequacyof the existingprotectionmechanisms, in whicheachinstutitionimplementsitsownisolatedmonitoring and reactionstrategy. With the joint adventof web 2.0, the ultra broadband and of the (private/public) cloudcomputingtechnologies, a new era is opening concerning the opportunityforgroupsoftrustedpartiesforsharing, processing and correlating a hugeamountof information that can beusedtoraise the defencesoffinancialinstitutions. However cultural, organizational and legalissues create barrierstothiskindofcooperation. The aimof the workshop istobringtogether people fromacademia, researchcenters, stakeholders and regulatorstoanalyzeopportunities and risksassociatedwith the sharingof information in the Financial IT world. Our ultimate aimistoinfluencedecision and policy makersto take advantageoftheseopportunities. The workshop willbeformed in twosessions. The first onewill include a seriesofinvitedpresentationsprovidingviews on Information Sharingfromstakeholders and regulators and conclude with a paneldiscussion. The secondsessionwill introduce a seriesoftechnicalpresentationsdiscussingframewoksfor information sharing and modelling the addedvalueofcooperation in the Financial IT world.” OrganizedbyCoMiFinPartners and SANDIA Labs Programavailablesoon at http://www.comifin.eu/ Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
More Related