Dokument

Summary:
The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers.

Bibliographie / References

1. Morin, B., Mé, L., Debar, H., Ducassé, M.: M2d2: A formal data model for ids alert correlation. In: Recent Advances in Intrusion Detection, 5th International Symposium, RAID 2002, Zurich, Switzerland, October 16-18, 2002, Proceedings. Volume 2516 of Lecture Notes in Computer Science., Springer (2002) 115–137
2. Phillips, C.A., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW '98, Proceedings of the 1998 Workshop on New Security Paradigms, September 22-25, 1998, Charlottsville, VA, USA, ACM Press (1998) 71–79
3. Nitsche, U., Ochsenschläger, P.: Approximately satisfied properties of systems and simple language homomorphisms. Information Processing Letters 60 (1996) 201–206
4. Ochsenschläger, P., Repp, J., Rieke, R.: Verification of Cooperating Systems – An Approach Based on Formal Languages. In: Proc. 13th International FLorida Artificial Intelligence Re- search Society Conference (FLAIRS-2000), Orlando, FL, USA, AAAI Press (2000) 346–350
5. Jha, S., Sheyner, O., Wing, J.M.: Two formal analyses of attack graphs. In: 15th IEEE Computer Security Foundations Workshop (CSFW-15 2002), 24-26 June 2002, Cape Breton, Nova Scotia, Canada, IEEE Computer Society (2002) 49–63
6. Bryans, J., Reasoning about XACML policies using CSP,in:SWS'05: Proceedings of the 2005 workshop on Secure Web Services (2005), pp. 28–35.
7. Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple Coordinated Views for Network Attack Graphs. In: IEEE Workshop on Visualization for Computer Security (VizSec'05), Los Alamitos, CA, USA, IEEE Computer Society (2005)
8. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and communications security, ACM Press New York, NY, USA (2002) 217–224
9. Ochsenschläger, P., Repp, J., Rieke, R.: The SH-Verification Tool. In: Proc. 13th International FLorida Artificial Intelligence Research Society Conference (FLAIRS-2000), Orlando, FL, USA, AAAI Press (2000) 18–22
10. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggrega- tion. In: VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, New York, NY, USA, ACM Press (2004) 109–118
11. National Institute of Standards and Technology (NIST), Role-Based Access Control, http://csrc.nist.gov/rbac/ .
12. [13] OASIS Open, Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access control-xacml-2.0-rbac-profile1-spec-os.pdf .
13. Boutaba, R., A. Polyrakis and A. Casani, Active Networks as a Developing and Testing Environment for Networks Protocols, Annals of Telecommunications 59, 2004, pp. 495–514.
14. Alpern, B., Schneider, F.B.: Defining liveness. Information Processing Letters 21(4) (1985) 181–185
15. Ponnappan, A., L. Yang, R. Pillai and P. Braun, A Policy Based QoS Management System for the IntServ/DiffServ Based Internet,i n :Proc. of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'02) (2002), p. 159ff.
16. Ferraiolo, D. F., D. R. Kuhn and R. Chandramouli, " Role-Based Access Control, " Computer Security Series, Artech House, Boston, 2003.
17. Cuppens, F., Cuppens-Boulahia, N., Sans, T.,Mì ege, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust (FAST). (2004)
18. Eilenberg, S.: Automata, Languages and Machines. Volume A. Academic Press, New York (1974)
19. Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 IEEE Symposium on Security and Privacy, May 12-15, 2002, Berkeley, California, USA, IEEE Comp. Soc. Press (2002) 273–284
20. Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DARPA Information Survivability Conference and Exposition (DISCEX II'01) Volume 2,June 12 -14, 2001, Anaheim, California, IEEE Computer Society (2001) 1307–1321
21. Casani, A., Implementation of a Policy Based Network Framework using Metapolicies (2001).
22. Gong, L., " Java TM 2 Platform Security Architecture, Version 1.2, " Sun Microsystems Inc., 2002.
23. Rieke, R.: Modelling and Analysing Network Security Policies in a Given Vulnerability Setting. In: Critical Information Infrastructures Security, First International Workshop, CRITIS 2006, Samos Island, Greece. Volume 4347 of LNCS., Springer (2006) 67–78 c Springer.
24. Phanse, K. S., Policy-Based Quality of Service Management in Wireless Ad Hoc Networks, Dissertation, Virginia Polytechnic Institute and State University (2003).
25. Du rh a m,D.,J .Bo y le ,R.Co h e n ,S .He rz o g ,R.Raja na n dA.Sa st ry ,The COPS (Common Open Policy Service) Protocol, RFC 2748 (Proposed Standard) (2000), updated by RFC 4261.
26. Ochsenschläger, P., Repp, J., Rieke, R., Nitsche, U.: The SH-Verification Tool Abstraction- Based Verification of Co-operating Systems. Formal Aspects of Computing, The International Journal of Formal Method 11 (1999) 1–24
27. Rieke, R.: Tool based formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities utilising Attack Graph Exploration. In: In U.E. Gattiker (Ed.), Eicar 2004
28. Fisler, K., S. Krishnamurthi, L. A. Meyerovich and M. C. Tschantz, Verification and change-impact analysis of access-control policies,i n :ICSE'05: Proceedings of the 27th International Conference on Software engineering (2005), pp. 196–205.
29. Kotenko, I., Stepashkin, M.: Analyzing Network Security using Malefactor Action Graphs.
30. Schiffmann, M.: A Complete Guide to the Common Vulnerability Scoring System (CVSS) (2005) http://www.first.org/cvss/cvss-guide.html.

Das Dokument ist im Internet frei zugänglich - Hinweise zu den Nutzungsrechten