cyber security horizon scan n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cyber- security Horizon Scan PowerPoint Presentation
Download Presentation
Cyber- security Horizon Scan

Loading in 2 Seconds...

play fullscreen
1 / 15

Cyber- security Horizon Scan - PowerPoint PPT Presentation

  • Uploaded on

Cyber- security Horizon Scan. Security of e- Government | Florent Kirchner. February 2013. Why do you trust ( your ) software?. Defense in Depth – Safety. Butterfly. Level 1: prevention of abnormal operation. Level 2: control of abnormal operation.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Cyber- security Horizon Scan' - jase

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cyber security horizon scan

Cyber-securityHorizon Scan

Security of e-Government| Florent Kirchner

February 2013

CEA | 10 AVRIL 2012

defense in depth safety
Defense in Depth – Safety


Level 1: prevention of abnormal operation

Level 2: control of abnormal operation

Level 4: prevention of accident progression

Level 3: control of accidents

Level 5: consequence mitigation

defense in depth security
Defense in Depth – Security


Critical cyber-systemsrequirethoroughsecurityguarantees

COTS are seeingheavy use

Network Firewall

Network translation

Application integrity

Workstation firewall

Kernel controls

Hypervisor separation

Hardware watchdog

cyber leap year
Cyber Leap Year

Propose changes to the cybersecurity landscape

5 innovation categories:

  • Digital Provenancebasing trust decisions on verified assertions
  • Moving-targetDefense attacksonlywork once if at all
  • Hardware-enabled trust knowingwhenyou’ve been had
  • Health-inspired Network Defense fromforensics to real-time diagnostics
  • Cyber Economics crime doesn’tpay

many component types:

  • Compilers new securitylanguages
  • COTS new API-levelsecuritycontrols
  • Network novelprivacyprotocols
  • Platforms innovativebehaviorverification
  • Models different model-basedsecurity
formal methods
  • Guaranteed software properties
    • Based on mathematicalreasoning
    • Properties are formalizedusingunequivocallogical sentences
    • Software systems are represented by sets of rules
        • transforming the system state
        • satisfying certain properties
  • On a givenperimeter
    • Formalmethods are used to provethatsome software propertieshold…
    • … or to provide insight on whyotherproperties do not.
formal methods code cots apis
Formal Methods – CODE, COTS &APIs





if (x >= 0)

r = x;


r = - x;

return r;


/*@ requires -1000 <= x <= 1000;

ensures\result >= 0;





if (x >= 0)

r = x;


r = - x;

return r;


formal methods models
Formal Methods – Models


% Conflict during interval [B,T]

conflict_2D?(s,v) : bool=

EXISTS (t: Lookahead): sqv(s+t*v) <sq(D)

% 2-D Conflict Detection (cd2d)

cd2d?(s,v) : bool =

horizontal_los?(s+B*v) ORomega_vv(s)(v) < 0

% THEOREM: cd2d is correct and complete

cd2d : THEOREM




formal methods protocols
Formal Methods – Protocols


input_clause(intruder_knows_session_key_as_seen_by_B, conjecture,


--knows (crypt (s (nonceb (Kab, A, B)), Kab)),

--knows (Kab)


*** Derived: intruder_knows_session_key_as_seen_by_B ***

1. A -> S : A,B

2. S -> A : {KPb, B}KSs

3. A -> B : {Na, A}KPb

4. B -> S : B,A

5. S -> B : {KPa, A}KSs

6. B -> A : {Na, Nb}KPa

7. A -> B : {Nb}KPb

process vs product based
Process- vs. PRODUCT-BASED
  • Formal methods provide additional means to build trust
    • Process-based assurance
        • Based on testing, V&V tools designed in the 1980s
        • Familiar, but expensive to scale up for software-intensive systemsInapplicable to cots software components
    • Product-based assurance
        • Using formal techniques spawned in the 1980s to provide strong guarantees regarding:
          • Compliance with software safety standards
          • Absence of software security vulnerabilities
        • Disruptive, but can help meet mandatory requirements at reduced costs

The first wave of next-generation verification tools is reaching maturity in terms of cost effectiveness and industrial readiness

the formal methods leap
The Formal Methods Leap
  • But…
    • Far out research questions
    • Difficult to transferindustrially
    • Scatteredcontributorsworldwide
    • Insufficientlyadopted by the public
    • Little support fromstandardizationbodies

This leap requires a significant amount of investment acrossa wide range of domains. However it cannot rely solely on the will of a few commited individuals.


  • DARPA-funded disruptive CSFV program: use games to lower the cost of formalverifications
  • Strongsuccessesfromfoward-lookingindustrials

It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.

The [NIST-developed] CybersecurityFramework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.

[Recommend the] feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.

white house executive order 2013
White House Executive order – 2013
  • Sec. 7(b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure. The CybersecurityFramework will also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations. To enable technical innovation and account for organizational differences, the Cybersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed to address cyber risks. The Cybersecurity Framework shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.


  • open &ambitious cyber-securitypolicies