90 likes | 102 Views
An Active Defense Decision Model. Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of Idaho scaltagi@acm.org. Purpose of Research. Provide a generalizable, extendable model for any organization Completely model the risk of the threat and AD actions
E N D
An Active Defense Decision Model Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of Idaho scaltagi@acm.org Sergio Caltagirone University of Idaho
Purpose of Research • Provide a generalizable, extendable model for any organization • Completely model the risk of the threat and AD actions • Find best active defense solution for the threat (allow for automation) • Provide legal (and ethical) due diligence • Why? • Current tools are inefficient and sometimes critically ineffective • Model is technologically independent • *** Fear *** Sergio Caltagirone University of Idaho
Stages of An Active Defense Sergio Caltagirone University of Idaho
The Model Escalation Ladder AD Policy Asset Evaluation Action Evaluation Graph Asset Identification Goal Identification Risk Identification Shortest Path Threat Identification Action Identification Utility Modifier Contingency Plan Risk Identification Action Classification Success Ordering Sergio Caltagirone University of Idaho
Example Scoring Chart Sergio Caltagirone University of Idaho
Asset (A1): Student Records Database Confidentiality Threats Threat (TC-1): Outsider gains access and copies sensitive data FINAL SCORE: Legal Risks Score Probability Score * Prob L1: National Security Risks NS1: Students’ social security number are released Financial Risks F1: Loss of tuition 5 .8 4 F2: Loss of financial donations 7 .4 2.8 Ethical Consequences EC1: Example Asset Evaluation Sergio Caltagirone University of Idaho
Threat: TA-1 Goal: Stop the ongoing DoS attack while preserving access to the database behind the campus firewall Stage 1 Actions Act1: Risk Score: Success Order: Legal Score Prob S * P National Security Financial E. Consequences E. Actions Stage 2 Actions Example Action Evaluation Sergio Caltagirone University of Idaho
Example Escalation Ladder Graph Stage 0 Stage 1 Stage 2 …. Stage n Act1/7 Act4/2 V/0 Act2/-1 Act5/3 U/0 Act3/2 Act6/1 Vertex Cost = Risk(Action) – Risk(Threat) – Success(Action) Sergio Caltagirone University of Idaho
Final Thoughts • Current Work: • Complete this paper (currently in draft form) • Where does the algorithm stop other than at threat mitigation? (total risk) • Examples need work • Final Analysis • Future Work: • Implement in an IDS or automated fashion • Usability studies on potential model interfaces • Questions? Sergio Caltagirone University of Idaho