160 likes | 311 Views
Practical and Theoretical Issues on Adaptive Security. Alexander Shnitko Novosibirsk State Technical University. Structure of the presentation. Introduction Motivation for adaptive security Common problem definition Formalization General adaptive model Mathematical description
E N D
Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University
Structure of the presentation • Introduction • Motivation for adaptive security • Common problem definition • Formalization • General adaptive model • Mathematical description • Methods of solution • Contribution to practical tasks • Adaptation for different types of security tasks • Illustrative samples of the adaptation • Implementation issues • Verification issues • Related works • Conclusions
Complex security systems Theoretical issues • Adaptive security problem definition • Security process couldn’t be predetermined • Complete formalization couldn’t be provided • Environment is complex and heterogeneous • Important practical security factors • Secondary place in overall information infrastructure • Explicitly cross-disciplinary subject • Non uniform foundations for security tools and methods • Related trends in information security • International standardization (ISO: 17799, 15408, Industry: ISS, Capgemini) • Unifying local solutions to develop universal solutions • Fuzzy problem definitions Practical issues
Adaptive information security Contribute to different types of security tasks • Object of adaptation • General and special information security functions • Hardware and software information security tools • Overall information security system • Goals of adaptation • Security object and environment identification • Security process performance optimization • General improving of information security • Types of adaptation • Parameters adaptation • Structure adaptation • Goal adaptation Several tasks for adaptive security Simple and complex methods of the adaptation
Levels of security adaptation Communication protocols, special software and hardware Servers, Workstation, special software and hardware tools Local software and hardware Cryptography, security models, etc.
General Adaptive Security Model Environment X / U / Analyzer Device Detector Device Responder Device Complex Security System Control Device F U X Y Influence of the Environment Control Object Influence on the Environment
Common formalization A task of adaptation is considered as a problem of optimal control of specified object F. State S of the object and its influence Y on the environment depends on influences Y of the environment and set of adaptable factors U. Goals Z of the adaptive control are defined by specific constraints on the state of the object. • Security goals expressed as formal constraints on the state of the system • Control Theory notions is used to describe dynamic security processes
Mathematical formalization Constraints expressed as: Where Mxis a function for average-out by the states of the environment, and h/, g/, q/ is actually measured systems parameters
Adaptive algorithms – adoptable parameters vector and vectors of the values of the criterion function measured from till moments of time – recurrent algorithm of the adaptation Process of adaptation in the adoptable factors space Process of adaptation in the system states space
Adaptation on different levels • Formal methods • Model treated in notion of building blocks of formal algorithms • Integration of special adaptive algorithms in traditional tasks • Standalone workstation • Adaptation in TCB • Fuzzy definition and special adaptive algorithms • Local network • Adaptation in servers, workstations and security perimeter • Evolutionary adaptation in agent-based models (cyber-warfare) • Distributed network • Adaptation in information channels • Redundancy and adaptive optimization
Illustrative samples • Adaptive self-scanning • Level of adaptation: Workstation or Local Network level • Goals: Improve general availability, decrease risk of DDoS attack • Solutions: Optimized searchless adaptive algorithms • Security policy adaptation • Level of adaptation: Workstation or Local Network • Goals: Improve overall security, decrease risk of attack propagation • Solutions: Special stochastic adaptive algorithms
Implementation issues • Obstacles for the implementation • Complexity of correct definition of goals and restrictions • Necessity of continuous system and environment identification • Speed requirements for the adaptive algorithms • Some methods of solution • Redundancy and optimization • Expert and analytical data usage • Special algorithms from the Control Theory
Verification issues • Correct integration of adaptive security • Building secure system from insecure components • Multi-level security • Testing of practical adaptive systems • Specification testing • Stressful testing • Statistical contributions
Related work • Adaptation in special information security tasks • Carney M., Loe B., A Comparison of Methods for Implementing Adaptive Security Policies • Reiher P., Eustice K., Sung K.-M., Adapting Encrypted Data Streams in Open Architectures • Lee W., Cabrera J., Thomas A., Balwalli N., Saluja S., Zhang Y., Performance Adaptation in Real-Time Intrusion Detection Systems • Adaptation in broader context • Badrinath B., Fox A., Kleinrock L., Popek G., Reiher P., Satyanarayanan M., A Conceptual Framework for Network and Client Adaptation • Marcus L., Local and Global Requirements in an Adaptive Security Infrastructure
Conclusions • Adaptation in Security Context • Advantages • Contribution to the real-world information security with fuzzy definition and uncertain conditions • Access to the methods and tools from the Control Theory for the needs of the adaptation • Disadvantages • Effectiveness is very dependant on the correct definition of security goals • The additional resources required for the adaptation processes • Further work • Development and analysis of adaptive algorithms for specific security problems • Research of the usage of statistical methods for optimization and verification of the adaptive systems