1 / 17

Threat Analysis

Threat Analysis. Lunar Security Services. Overview. Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations. Background. What is threat analysis? Potential Attacks/Threats/Risks Analysis Countermeasures Future Preparations

lesleyl
Download Presentation

Threat Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat Analysis Lunar Security Services

  2. Overview • Definitions • Representation • Challenges • “The Unthinkable” • Strategies & Recommendations

  3. Background • What is threat analysis? • Potential Attacks/Threats/Risks • Analysis • Countermeasures • Future Preparations • NIST’s “Introduction to Threat Analysis Workshop”, October 2005

  4. People Voters Candidates Poll Workers Political Groups Developers Board of Elections Attackers More... Voting: A System of... IT American Politics Duty Trust Inclusion Safety Process Precedence...if it works Stakes

  5. Means of Representation General tactic: • Identify possible attackers • Identify goals of attacker • Enumerate possible ways to achieve goals • Locate key system vulnerabilities • Create resolution plan

  6. Attack Tree • Bruce Sheneier, Dr. Dobb’s Journal, 1999: • Used to “model threats against computer systems” • Continual breaking down of goals and means to achieve them Simple Example Cost propagation Multiple Costs

  7. Attack Tree Evaluation • Creation • Refining over time • Realistic costs • Advantages • Identifies key security issues • Documenting plans of attack and likelihood • Knowing the system • Disadvantages • Amount of documentation • Can only ameliorate foreseen circumstances • Difficult to prioritize/quantize factors Shortened version of an Attack Tree for the interception of a message send with a PGP header.

  8. Other Means of Representation • Threat Catalog – Doug Jones • Attacks -> vulnerabilities -> analysis of defense • Challenges • Organization • Technology • Identity • Scale of Attack • Fault Tree Analysis • Ensures product performance from software • Attempts to avoid single-point, catastrophic failures

  9. Challenges • Vulnerabilities • System • Process • Variety of possible attacks • New Field: Systems Engineering • Attack Detection • Attack Resolution -> too many dimensions to predict all possibilities, but we’ll try to name a few…

  10. “The Unthinkable”, Part 1 • Chain Voting • Votes On A Roll • The Disoriented Optical Scanner • When A Number 2 Pencil Is Not Enough • ...we found these poll workers where?

  11. “The Unthinkable”, Part 2 • This DRE “fell off the delivery truck”... • The Disoriented Touch Screen • The Confusing Ballot (Florida 2000 Election) • Third Party “Whoopsies” • X-ray vision through walls of precinct

  12. “The Unthinkable”, Part 3 • “Oops” code • Do secure wireless connections exist? • I’d rather not have your help, thanks... • Trojan Horse • Replaceable firmware on Optical Scanners Natalie Podrazik – natalie2@umbc.edu

  13. “The Unthinkable”, Part 4 • Unfinished vote = free vote for somebody else • “I think I know what they meant by...” • Group Conspiracy: “These machines are broken.” • “That’s weird. It’s a typo.” • Denial of Service Attack Natalie Podrazik – natalie2@umbc.edu

  14. My Ideas... • Write-in bomb threat, terrorist attack, backdoor code • Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference • Children in the voting booth Natalie Podrazik – natalie2@umbc.edu

  15. Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study Tamper Tape Use of “independent expert security team” Inspection Assessment Full Access Use of “Red Team Exercises” on: Hardware design Hardware/Firmware configuration Software Design Software Configuration Voting Procedures (not hardware or software, but people and process) Strategies & Recommendations

  16. Conclusions • Attack Trees • Identify agents, scenarios, resources, system-wide flaws • Challenges: dimensions in system analysis • Unforeseen circumstances • Independent Team of Experts, but how expert can they be?

  17. Works Cited • All 20 “The Unthinkable” scenarios available at: http://www.vote.nist.gov/threats/papers.htm • Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online: http://www.goldbrickgallery.com/bestof2004_2.html • Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/Jonesthreattalk.pdf • Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/mellthreat.pdf • “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: http://www.brennancenter.org/programs/downloads/voting_systems_final_recommendations.pdf: • Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/wackthreat.pdf • Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree

More Related