1 / 15

Cyber- security Horizon Scan

Cyber- security Horizon Scan. Security of e- Government | Florent Kirchner. February 2013. Why do you trust ( your ) software?. Defense in Depth – Safety. Butterfly. Level 1: prevention of abnormal operation. Level 2: control of abnormal operation.

jase
Download Presentation

Cyber- security Horizon Scan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyber-securityHorizon Scan Security of e-Government| Florent Kirchner February 2013 CEA | 10 AVRIL 2012

  2. Why do youtrust(your) software?

  3. Defense in Depth – Safety Butterfly Level 1: prevention of abnormal operation Level 2: control of abnormal operation Level 4: prevention of accident progression Level 3: control of accidents Level 5: consequence mitigation

  4. Defense in Depth – Security Attacker Critical cyber-systemsrequirethoroughsecurityguarantees COTS are seeingheavy use Network Firewall Network translation Application integrity Workstation firewall Kernel controls Hypervisor separation Hardware watchdog

  5. Cyber Leap Year Propose changes to the cybersecurity landscape 5 innovation categories: • Digital Provenancebasing trust decisions on verified assertions • Moving-targetDefense attacksonlywork once if at all • Hardware-enabled trust knowingwhenyou’ve been had • Health-inspired Network Defense fromforensics to real-time diagnostics • Cyber Economics crime doesn’tpay many component types: • Compilers new securitylanguages • COTS new API-levelsecuritycontrols • Network novelprivacyprotocols • Platforms innovativebehaviorverification • Models different model-basedsecurity • …

  6. Cyber Leap Year ?

  7. FormalMethods • Guaranteed software properties • Based on mathematicalreasoning • Properties are formalizedusingunequivocallogical sentences • Software systems are represented by sets of rules • transforming the system state • satisfying certain properties • On a givenperimeter • Formalmethods are used to provethatsome software propertieshold… • … or to provide insight on whyotherproperties do not.

  8. Formal Methods – CODE, COTS &APIs ! intabs(intx) { intr; if (x >= 0) r = x; else r = - x; return r; } /*@ requires -1000 <= x <= 1000; ensures\result >= 0; */ intabs(intx) { intr; if (x >= 0) r = x; else r = - x; return r; }

  9. Formal Methods – Models ! % Conflict during interval [B,T] conflict_2D?(s,v) : bool= EXISTS (t: Lookahead): sqv(s+t*v) <sq(D) % 2-D Conflict Detection (cd2d) cd2d?(s,v) : bool = horizontal_los?(s+B*v) ORomega_vv(s)(v) < 0 % THEOREM: cd2d is correct and complete cd2d : THEOREM conflict_2D?(s,v) IFF cd2d?(s,v)

  10. Formal Methods – Protocols ! input_clause(intruder_knows_session_key_as_seen_by_B, conjecture, [ --knows (crypt (s (nonceb (Kab, A, B)), Kab)), --knows (Kab) ]). *** Derived: intruder_knows_session_key_as_seen_by_B *** 1. A -> S : A,B 2. S -> A : {KPb, B}KSs 3. A -> B : {Na, A}KPb 4. B -> S : B,A 5. S -> B : {KPa, A}KSs 6. B -> A : {Na, Nb}KPa 7. A -> B : {Nb}KPb

  11. Process- vs. PRODUCT-BASED • Formal methods provide additional means to build trust • Process-based assurance • Based on testing, V&V tools designed in the 1980s • Familiar, but expensive to scale up for software-intensive systemsInapplicable to cots software components • Product-based assurance • Using formal techniques spawned in the 1980s to provide strong guarantees regarding: • Compliance with software safety standards • Absence of software security vulnerabilities • Disruptive, but can help meet mandatory requirements at reduced costs The first wave of next-generation verification tools is reaching maturity in terms of cost effectiveness and industrial readiness

  12. The Formal Methods Leap • But… • Far out research questions • Difficult to transferindustrially • Scatteredcontributorsworldwide • Insufficientlyadopted by the public • Little support fromstandardizationbodies This leap requires a significant amount of investment acrossa wide range of domains. However it cannot rely solely on the will of a few commited individuals. Yet… • DARPA-funded disruptive CSFV program: use games to lower the cost of formalverifications • Strongsuccessesfromfoward-lookingindustrials

  13. It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. The [NIST-developed] CybersecurityFramework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. [Recommend the] feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.

  14. White House Executive order – 2013 • Sec. 7(b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure. The CybersecurityFramework will also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations. To enable technical innovation and account for organizational differences, the Cybersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed to address cyber risks. The Cybersecurity Framework shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.

  15. Recommendation: • open &ambitious cyber-securitypolicies

More Related