Re: [fw-wiz] The Mathematics of Relative Security
From: Crispin Cowan (crispin_at_immunix.com)
Date: 09/21/04
- Previous message: Chris Pugrud: "[fw-wiz] The Mathematics of Relative Security"
- In reply to: Chris Pugrud: "[fw-wiz] The Mathematics of Relative Security"
- Next in thread: Chris Pugrud: "Re: [fw-wiz] The Mathematics of Relative Security"
- Reply: Chris Pugrud: "Re: [fw-wiz] The Mathematics of Relative Security"
- Reply: Adam Shostack: "Re: [fw-wiz] The Mathematics of Relative Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Chris Pugrud <chris@pugrud.net> Date: Tue, 21 Sep 2004 11:01:56 -0700
Chris Pugrud wrote:
>In attempting to evaluate the relative security and exposure of interconnected
>subsets of computers there is a distinct shortage of language and tools to
>algorithmically evaluate the risks between those groups.
>
>
You may want to check out this paper:
Zhixing Gao, Chen Hui Ong, and Woon Kiong Tan. Survivability
Assessment: Modeling Dependencies in Information Systems. In
Proceedings of the Information Survivability Workshop (ISW 2002),
Vancouver, BC, March 2002.
http://www.cert.org/research/isw/isw2001/papers/
They propose a relative security ("survivability") assessment method
that models dependencies of components on one another, with the mission
objective as the root. They can then determine which component failures
will lead to a failure of the mission. The limitation of this approach,
apart from the cost of constructing such a model for large systems, is
that for many practical systems, the model would quickly indicate that
exploiting a failure in a trusted software component can compromise the
mission, that a very large fraction of the software is trusted, and thus
the survivability of the system against security attack reduces to the
probability of exploitable vulnerabilities in a large software base,
which is hard to assess.
More succinctly, if you ask the question "am I secure?" in a highly
rigorous fashion, the likely answer is "Hell no" :)
>I know I'm not the first person to evaluate these issues, or to initiate this
>conversation in this group. I think that this is fundamentably possible at a
>higher level, only looking at connections and direction, and provably
>unsolvable at the lowest levels of ports and protocols (reducability to the
>halting problem). I'm searching for the people here who have already done some
>of the heavy lifting and can at least point me in the right direction to enable
>some more quantifiable analysis of highly complex security environments.
>
>
You might also want to check out my recent book chapter. It mostly
surveys ways to enhance survivability (a DARPA term that in industrial
parlance means approximately "intrusion prevention") it covers the
assurance question (how secure are we?) to some extent:
"Survivability: Synergizing Security and Reliability". Crispin
Cowan. Book chapter in "Advances in Computers", Marvin V. Zelkowitz
editing, Academic Press, 2004. Buy "Advances in Computers" 60 here
<http://www.elsevier.com/wps/find/bookdescription.cws_home/702750/description>.
Chapter here PDF <http://immunix.com/%7Ecrispin/survivability.pdf>.
Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chris Pugrud: "[fw-wiz] The Mathematics of Relative Security"
- In reply to: Chris Pugrud: "[fw-wiz] The Mathematics of Relative Security"
- Next in thread: Chris Pugrud: "Re: [fw-wiz] The Mathematics of Relative Security"
- Reply: Chris Pugrud: "Re: [fw-wiz] The Mathematics of Relative Security"
- Reply: Adam Shostack: "Re: [fw-wiz] The Mathematics of Relative Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
