Re: The Mathematics of Relative Security

[Crispin Cowan <crispin () immunix com>]

Chris Pugrud wrote:

> In attempting to evaluate the relative security and exposure of interconnected
> subsets of computers there is a distinct shortage of language and tools to
> algorithmically evaluate the risks between those groups.
>  
You may want to check out this paper:

   Zhixing Gao, Chen Hui Ong, and Woon Kiong Tan. Survivability
   Assessment: Modeling Dependencies in Information Systems. In
   Proceedings of the Information Survivability Workshop (ISW 2002),
   Vancouver, BC, March 2002. 
   http://www.cert.org/research/isw/isw2001/papers/

They propose a relative security ("survivability") assessment method 
that models dependencies of components on one another, with the mission 
objective as the root. They can then determine which component failures 
will lead to a failure of the mission. The limitation of this approach, 
apart from the cost of constructing such a model for large systems, is 
that for many practical systems, the model would quickly indicate that 
exploiting a failure in a trusted software component can compromise the 
mission, that a very large fraction of the software is trusted, and thus 
the survivability of the system against security attack reduces to the 
probability of exploitable vulnerabilities in a large software base, 
which is hard to assess.

More succinctly, if you ask the question "am I secure?" in a highly 
rigorous fashion, the likely answer is "Hell no" :)

> I know I'm not the first person to evaluate these issues, or to initiate this
> conversation in this group.  I think that this is fundamentably possible at a
> higher level, only looking at connections and direction, and provably
> unsolvable at the lowest levels of ports and protocols (reducability to the
> halting problem).  I'm searching for the people here who have already done some
> of the heavy lifting and can at least point me in the right direction to enable
> some more quantifiable analysis of highly complex security environments.
>  
You might also want to check out my recent book chapter. It mostly 
surveys ways to enhance survivability (a DARPA term that in industrial 
parlance means approximately "intrusion prevention") it covers the 
assurance question (how secure are we?) to some extent:

   "Survivability: Synergizing Security and Reliability". Crispin
   Cowan. Book chapter in "Advances in Computers", Marvin V. Zelkowitz
   editing, Academic Press, 2004.  Buy "Advances in Computers" 60 here
   <http://www.elsevier.com/wps/find/bookdescription.cws_home/702750/description>.
   Chapter here PDF <http://immunix.com/%7Ecrispin/survivability.pdf>.

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards