1 / 15

The Response Continuum

The Response Continuum. Sergio Caltagirone (scaltagi@acm.org) University of Idaho Deborah Frincke (deb.frincke@pnl.gov) Pacific Northwest National Laboratory. Previous Responses…. Clifford Stoll v. German Hackers (1986)

idalee
Download Presentation

The Response Continuum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Response Continuum Sergio Caltagirone (scaltagi@acm.org) University of Idaho Deborah Frincke (deb.frincke@pnl.gov) Pacific Northwest National Laboratory

  2. Previous Responses… • Clifford Stoll v. German Hackers (1986) C. Stoll, “Stalking the Wiley Hacker” in Communications of the ACM, vol 31, 1998, pp. 484-497. • DoD v. Electronic Disturbance Theater (1998) http://archives.cnn.com/2000/TECH/computing/04/07/self-defense.idg/ • Conxion v. E-Hippies (2000) http://www.nwfusion.com/research/2000/0529feat2.html • FBI v. Russian Hackers (2001) a.k.a. ‘Invita’ Case http://www.wired.com/news/politics/0,1283,47650,00.htm

  3. Where Is Everybody?

  4. Where Is Everybody? • Primary focus to reduce system vulnerability and/or accurately/rapidly detect misuse • Difficult to experiment with extreme or novel forms of response • Folded in as part of detection • Response == Advocacy of Vigilantism • No reason to study response since detection cannot be done reliably

  5. Where We’re At…

  6. Where We Want To Be…

  7. Goals • Develop a framework to discuss response actions • Definition • Taxonomy • Summary of Challenges • Response Process Model

  8. Elements of a Definition • Time-bound • Subjective • Purposeful • Not for retribution or revenge, but to return to a previous secure state • Limited • Threat mitigation not elimination • Controllable and Deliberate • Sequence of Actions • Technologically Independent

  9. A Definition: Active Response Any action sequence deliberately performed by an individual or organization between the time an attack is detected and the time it is determined to be finished, in an automated or non-automated fashion, in order to mitigate the identified threat’s negative effects upon a particular asset set. • Active does not modify response, but rather describes the state of the attack

  10. Taxonomy of Responses • 8 Types • No Action • Internal Notification • Internal Response • External Cooperative Response • Non-cooperative Intelligence Gathering • Non-cooperative ‘Cease and Desist’ • Counter-Strike (Direct vs. Passive) • Preemptive Defense

  11. Challenges of Active Response • Legal • Civil, Criminal, Domestic, International • Ethical • Teleological, Deontological • Technical • Traceback, Reliable IDS, Confidence Value, Real Time • Risk Analysis • Measure ethical, legal risk effectively? • Unintended Consequences • Attacker Action, Collateral Damage, Own Resources

  12. Response Process Model

  13. Future Work • Increased Public Discussion • Competitive Co-Evolution to Determine New Strategies • Continue to Develop Response Models • Increased Research in Response Technologies and Approaches

  14. Conclusions • A Need for Response • More Discussion • Greater Understanding • A Definition • Taxonomy • Summary of Challenges • Process Model

  15. Contact Information Sergio Caltagirone serg@activeresponse.org http://www.activeresponse.org

More Related