1 / 14

Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks

SG17 Tutorial Geneva 15 Dec 2010 V1.1. Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks. Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur. CYBEX Basics. The new cybersecurity paradigm know your weaknesses

cadence
Download Presentation

Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SG17 Tutorial Geneva 15 Dec 2010 V1.1 Application of CYBEX (Cybersecurity Information Exchange) techniques to future networks Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur

  2. CYBEX Basics • The new cybersecurity paradigm • know your weaknesses • minimize the vulnerabilities • know your attacks • share the heuristics within trust communities • CYBEX – techniques for the new paradigm • Weakness, vulnerability and state • Event, incident, and heuristics • Information exchange policy • Identification, discovery, and query • Identity assurance • Exchange protocols • X.1500 culminates a broadly supported 2-year effort • Consists of a non-prescriptive, extensible, complementary “collection of tools” that can be used as needed

  3. Today’s Reality • “security by design” is not a reasonable objective today, as the code/systems are too complex, distributed, autonomous and constantly changing • Common global protocol platforms for the trusted exchange of information are essential • A distributed, “security management” network plane that supports autonomy is emerging • Single “national centres” for this purpose are not feasible and would represent a massive vulnerability

  4. CYBEX Facilitates a Global Cybersecurity Model Measures for protection Encryption/ VPNs esp. for signalling Measures for threat detection Real-time data availability Resilient infrastructure Stored event data availability Provide basis for additional actions Forensics & heuristics analysis Provide data for analysis Provide basis for actions Routing & resource constraints Identity Management Measures for threat response Reputation sanctions Blacklists & whitelists Deny resources Patch development Network/ application state & integrity Provide awareness of vulnerabilities and remedies Vulnerability notices CYBEX Information Exchange Techniques

  5. The CYBEX Model • structuring cybersecurity information for exchange purposes • identifying and discovering cybersecurity information and entities • establishment of trust and policy agreement between exchanging entities • requesting and responding with cybersecurity information • assuring the integrity of the cybersecurity information exchange Cybersecurity Entities Cybersecurity Entities CybersecurityInformationacquisition (out of scope) CybersecurityInformationuse (out of scope)

  6. CYBEX Technique Clusters: Structured Information Event/Incident/Heuristics Exchange Weakness, Vulnerability/State Exchange Knowledge Base VulnerabilitiesandExposures Platforms Weaknesses EventExpressions MalwarePatterns State SecurityStateMeasurement ConfigurationChecklists AssessmentResults IncidentandAttackPatterns MaliciousBehavior Exchange Policies Exchange Terms andconditions

  7. CYBEX Technique Clusters: Utilities Identification, Discovery, Query Requestanddistributionmechanisms CommonNamespaces Discoveryenablingmechanisms Identity Assurance Exchange Protocol TrustedPlatforms AuthenticationAssurance Methods Authentication AssuranceLevels Trusted Network Connect InteractionSecurity TransportSecurity

  8. Today’s Use Cases • Your computer • Patch Tuesday • Open Windows Update • X.1500 Appendices • NICT CYBEX Ontology • Japan’s JVN • USA Federal Desktop Core Configuration/US Government Configuration Baseline

  9. Significant adoption rate • SG17 December 2010 Geneva Cybersecurity Workshop Session 5.1 • Robert A. Martin of MITRE described the essentials for Vendor Neutral Security Measurement & Management with Standards • Ian Bryant of the EU NEISAS Project described the challenges in sharing security information for infrastructure protection • Takeshi Takahashi of NICT described an ontological approach for cybersecurity information haring, especially for Cloud Computing • Thomas Millar of the US-CERT presented an operational model of CIRT processes for improved collaboration and capability development • Luc Dandurand of NATO described his organizations new initiative for cyber defence data exchange and collaboration infrastructure (CDXI) • DamirRajnovic of FIRST described the structure and mechanisms of the principal global organization of cybersecurity incident centers • IETF October 2010 Beijing Meeting • CYBEX conceptualized as a security management layer

  10. Toward Network Security Planes:Security Automation Schemas Everywhere OVALOpen Vulnerability and Assessment Language XCCDF eXensible Configuration Checklist Description Format CVSS Common Vulnerability Scoring System CWSSCommon Weakness Scoring System ARF Assessment Result Format CVECommon Vulnerabilities and Exposures CWECommon Weakness Enumeration CPECommon Platform Enumeration CCECommon Configuration Enumeration SCAPSecurityAutomationTools

  11. What about Future Networks/NGNs? • A potential implementation of a CYBEX reference model for NGNs is depicted in the following diagrams • SCAP should be ubiquitous in the models • This approach is adapted from a similar approach already being taken for NGN Identity Management • NGN providers would play a substantial CYBEX framework-support function with understood assurance levels among themselves and all network devices and capabilities within their domain • Under this approach, CYBEX techniques would be adapted as necessary through the use of extensions and reflected in a new extensible Y-series Recommendation • ETSI TISPAN is already working on a similar model

  12. CYBEX applied to Future Network Strata Scope of CYBEX Management Plane Control Plane User Plane NGN Service Stratum Management Plane Control Plane User Plane NGN Transport Stratum Figure 2/Y.2011

  13. CYBEX applied to Future Network Functions Transport Control Functions Service Control Functions Scope of CYBEX Infrastructural, application, middleware and baseware services Figure 3/Y.2011 Services Resources Service Management Functions Resources Transport Management Functions Transfer Functional Area

  14. CYBEX applied to Future Network Modelstoward a NGN/FN security plane CYBEX Exchange on UNI Interfaces CYBEX Exchange on UNI Interfaces CYBEX Exchange on NNI Interfaces NGN Provider B NGN Provider A CYBEX CYBEX Management Functions Management Functions Application Support Application Support CYBEXFunctions CYBEX Functions End User Functions End User Functions Service Control Service Control CybexFunctions CYEXFunctions Transport Stratum Transport Stratum CYBEXFunctions CYBEXFunctions

More Related