150 likes | 301 Views
Summary of my enquiries made so far…. Daniel Germanus <daniel.germanus@gmail.com>. !. Intro. Bachelor Thesis was on Threat Modeling Part of Microsofts Security Development Lifecycle Cons can be: Informal method Static approach Wanted: New, or improved attackability measures
E N D
Summary of my enquiries made so far… Daniel Germanus <daniel.germanus@gmail.com>
! Intro • Bachelor Thesis was on Threat Modeling • Part of Microsofts Security Development Lifecycle • Cons can be: • Informal method • Static approach • Wanted: • New, or improved attackability measures • Based on exact models • Dynamic system view • (semi) automated
How to achieve? • Enquiries on Security, Metrics, Measures and related Technologies • Looking for Metrics, Methods and Tools • Metrics: Attack Surface, Risk measurement • Methods: Attack Graphs • Tools: OPUS • In the future: model own metrics or methods
Attack surface (CMU) • Definition: Sum of accessible APIs and used resources • Non-orthogonal, three dimensional mapping: • Targets & Enablers (i.e. resources, processes and data) • Channels & Protocols (2 types of channels: message passing and shared memory, every channel associated with a protocol) • Access rights: associated with all resources • Developed state machine model for System, Threat and User behavior
Attack surface (CMU) • Calculating actual attackability … • Relative, not absolute measure • Different approaches possible: • Use of domain specific attack classes (cf. Threat Modeling) • Definition of own system/channel/data attack classes
Attack surface (CMU) • Example for some domain specific attack classes:
Attack surface (CMU) • Example for actual metric application • Using • two different versions of an IMAP server (IMAPD1 and IMAPD2) • own system/channel/data attack classes
Threat Index • Metric with cost/benefit approach
Network Attack Graphs • Per host basis algorithms • Supports system analysts, automated graph generation • Input parameters are: • a set of host nodes, H • a set of trust relationships, T • a set of access edges, E • a set of network exploits, X • a set of vulnerabilities at each host, V • a new attacker host, h • At this stage, only known attacks are considered
Tools • OPUS – Online Patches and Updates for Security • Intention: minimize downtime • Granularity: functions (with identical signature) • No globals, • no nonrecurring functions (like main), • no functions which are currently on some stack frame • Currently only supported for C programs • Validated with several Bugtraq incident reports for buffer overflows, double frees, etc.
That‘s it • Thanks. • Please, visit the DEEDS Wiki on Security related content.