Firewall Wizards mailing list archives
Re: The Mathematics of Relative Security
From: Crispin Cowan <crispin () immunix com>
Date: Tue, 21 Sep 2004 11:01:56 -0700
Chris Pugrud wrote:
In attempting to evaluate the relative security and exposure of interconnected subsets of computers there is a distinct shortage of language and tools to algorithmically evaluate the risks between those groups.
You may want to check out this paper: Zhixing Gao, Chen Hui Ong, and Woon Kiong Tan. Survivability Assessment: Modeling Dependencies in Information Systems. In Proceedings of the Information Survivability Workshop (ISW 2002),Vancouver, BC, March 2002. http://www.cert.org/research/isw/isw2001/papers/
They propose a relative security ("survivability") assessment method that models dependencies of components on one another, with the mission objective as the root. They can then determine which component failures will lead to a failure of the mission. The limitation of this approach, apart from the cost of constructing such a model for large systems, is that for many practical systems, the model would quickly indicate that exploiting a failure in a trusted software component can compromise the mission, that a very large fraction of the software is trusted, and thus the survivability of the system against security attack reduces to the probability of exploitable vulnerabilities in a large software base, which is hard to assess.
More succinctly, if you ask the question "am I secure?" in a highly rigorous fashion, the likely answer is "Hell no" :)
You might also want to check out my recent book chapter. It mostly surveys ways to enhance survivability (a DARPA term that in industrial parlance means approximately "intrusion prevention") it covers the assurance question (how secure are we?) to some extent:I know I'm not the first person to evaluate these issues, or to initiate this conversation in this group. I think that this is fundamentably possible at a higher level, only looking at connections and direction, and provably unsolvable at the lowest levels of ports and protocols (reducability to the halting problem). I'm searching for the people here who have already done some of the heavy lifting and can at least point me in the right direction to enable some more quantifiable analysis of highly complex security environments.
"Survivability: Synergizing Security and Reliability". Crispin Cowan. Book chapter in "Advances in Computers", Marvin V. Zelkowitz editing, Academic Press, 2004. Buy "Advances in Computers" 60 here <http://www.elsevier.com/wps/find/bookdescription.cws_home/702750/description>. Chapter here PDF <http://immunix.com/%7Ecrispin/survivability.pdf>. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- The Mathematics of Relative Security Chris Pugrud (Sep 21)
- Re: The Mathematics of Relative Security Crispin Cowan (Sep 21)
- Re: The Mathematics of Relative Security Chris Pugrud (Sep 22)
- Re: The Mathematics of Relative Security Crispin Cowan (Sep 27)
- Re: The Mathematics of Relative Security Mark Tinberg (Sep 27)
- Re: The Mathematics of Relative Security R. DuFresne (Sep 30)
- Re: The Mathematics of Relative Security Chris Pugrud (Sep 22)
- Re: The Mathematics of Relative Security Adam Shostack (Sep 27)
- Re: The Mathematics of Relative Security Crispin Cowan (Sep 21)
- Re: The Mathematics of Relative Security John Adams (Sep 22)