Like this presentation? Why not share!

# Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Keanini

## on Mar 08, 2010

• 1,319 views

Scoring methods are highly reliant on mathematics but what do the numbers really mean? W3C semantic standards allow us to create a more direct meaning-based model. Through set theory and description ...

Scoring methods are highly reliant on mathematics but what do the numbers really mean? W3C semantic standards allow us to create a more direct meaning-based model. Through set theory and description logics, we can compute classification and ranking through ontological-based reasoning. This method finally addresses the multiple viewpoints and perspectives often found within a large enterprise.

### Views

Total Views
1,319
Views on SlideShare
1,316
Embed Views
3

Likes
2
13
0

### 1 Embed3

 http://www.slideshare.net 3

### Report content

• Comment goes here.
Are you sure you want to

## Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim KeaniniPresentation Transcript

• Scoring Systems and Everyday Classification • Credit-worthiness Class • Legal to drink / Legally drunk • Weight Class • Social-Economic Class • Age Class Given a number, within a social context, we are able to infer membership to a class * The term ‘Set’ and ‘Class’ are synonymous in this presentation 2 © nCircle 2010 All rights reserved.
• Scoring Systems: syntax and semantics • Numbers digitize certain aspects of an observable domain – They also help ignore what is not being counted! • Unlike the physical domain, before we can count things in the information domain, we must all agree on what is being counted. – The challenge is that we don’t share the same domain expertise and understanding across an enterprise • Scoring systems are dependant on social processes that institutionalize semantics – They often fall short when asked to support multiple perspectives and points of view 3 © nCircle 2010 All rights reserved.
• The role of Classification and Ranking • Classification methods helps us explain how many different things are the same – Naming (enumeration) differentiates the members of the set • Ranking methods help us explain how the same things [members of the class] are different. * Ranking is just one of the many methods of member differentiation 4 © nCircle 2010 All rights reserved.
• Thinking in Sets/Class and Membership There are 3 blue triangles Triangle …is a member of the intersection of the set Blue, the set Triangle, Blue Three and the set Three 5 © nCircle 2010 All rights reserved.
• Scoring Systems as a Ranking Function • Scoring Systems help us rank the members of a certain class. – CVSS does well in ranking members of the vulnerability class v 10.0 v 9.0v v 8.0 v v 7.0 v v 6.0 v v 5.0 v 4.0 v v v v 3.0 * Omitted Temporal and v 2.0 v Environmental Metric in this diagram v 1.0 v v v v A set whose members are vulnerabilities 6 © nCircle 2010 All rights reserved.
• Scoring systems: Challenges POV 1: SCORE CARDS • Can be too Coarse? POV 2: COMPLIANCE – Too many of one number? POV 3: IT OPERATIONS 10.0 472377 Fix 1 F • Can be too Precise? 10.0 9.0 86335 FAIL hour – Too many to be actionable 10.0 8.0 70357 10.0 D 7.0 69372 Fix in • But ultimately, we end up 10.0 6.0 65822 7 days with a classification 10.0 5.0 4577 C scheme that is actionable 10.0 4.0 4116 10.0 3.0 646 PASS and meaningful to a 10.0 2.0 601 Fix in B 30 particular communities 10.072 1.0 days Point of View (POV) 10.014 10.012 A Scoring systems today do not carry with them enough information to support multiple interpretations of the numbers 7 © nCircle 2010 All rights reserved.
• Summary of Scoring System Challenges • Ensuring that everyone understands the aspects of the scoring system the same way has been challenging – Given the heterogeneous viewpoints of an Enterprise, this could be impractical – If it is at all practical, it may be lossful – Often too static for the dynamic nature of the world it is modeling • The scoring system accounts for each member in isolation – Difficult to account for compositional vulnerabilities – Difficult to model the relationships between members of certain classes • The numbers are not precise enough or too precise • Ultimately, computing the membership to meaningful sets is the goal 8 © nCircle 2010 All rights reserved.
• W3C Semantic Technology Stack Ontologies: OWL Inference OWL-Full Querying: OWL-DL SPARQL OWL-Lite Vocabularies: RDFS Data Interchange: RDF Structure Access: XML Query Validation: XML Schema Syntax: XML / Namespaces Coding Identifiers: URI Character Set: UNICODE 10 © nCircle 2010 All rights reserved.
• RDF – Resource Description Framework Ontologies: OWL Inference OWL-Full Querying: OWL-DL SPARQL OWL-Lite YOU ARE HERE Vocabularies: RDFS Data Interchange: RDF Structure Access: XML Query Validation: XML Schema Syntax: XML / Namespaces Coding Identifiers: URI Character Set: UNICODE 11 © nCircle 2010 All rights reserved.
• RDF – Labeled-Directed Graph • Data Model is a ‘labeled-directed graph’ – All nodes and arcs have some type of label (identifier) – Arcs point only in one direction Shared WebServer Library Apache OpenSSL 1.3.30 Apache123 5/13/2009 OpenSSL456 0.9.7c 12 © nCircle 2010 All rights reserved.
• RDF – Statements in the form of a triple • All statements in the form of a triple – Subject-Predicate-Object (S,P,O) – Set of these triples begin to model a domain in the form of a graph rdfs:subClassOf Apache WebServer Subject (S) Predicate (P) Object (O) Apache rdfs:subClassOf WebServer Apache123 rdf:type Apache Apache123 dct:hasVersion 1.3.30 Apache123 :installedOn 05/13/2009 Apache123 :bundles OpenSSL456 OpenSSL456 dct:hasVersion 0.9.7c OpenSSL456 rdf:type OpenSSL OpenSSL rdfs:subClassOf SharedLibrary 13 © nCircle 2010 All rights reserved.
• Subject (S) Predicate (P) Object (O) Apache rdfs:subClassOf WebServer RDF – Graph Model Apache123 rdf:type Apache Apache123 dct:hasVersion 1.3.30 Apache123 :installedOn 05/13/2009 Apache123 :bundles OpenSSL456 Shared WebServer OpenSSL456 dct:hasVersion 0.9.7c Library OpenSSL456 rdf:type OpenSSL OpenSSL rdfs:subClassOf SharedLibrary Apache OpenSSL 1.3.30 Apache123 5/13/2009 OpenSSL456 14 © nCircle 2010 All rights reserved. 0.9.7c
• RDF – Different Syntax • How one would express: – Apache is a member of the set Webserver • RDF/XML <rdf:Description rdf:about="#Apache"> <rdf:type rdf:resource="#Webserver"/> </rdf:Description> • N3 :Apache rdf:type :Webserver . :Apache a :Webserver . • RDF/XML-ABBREV <Webserver rdf:ID="Apache"/> • SeeAlso: TURTLE and N-TRIPLE 15 © nCircle 2010 All rights reserved.
• RDF - Nodes and Arcs are first-class entities If X is a member of the Set Linux; If A hasCVE B; Then X is a member of the Set OS; Then A hasVulnerability B; OS hasVulnerability subClass subProperty subProperty Linux hasCVEid hasBugtraqID Assertion: RedHat rdf:type Linux Inference: RedHat rdf:type OS Assertion: OpenSSL_0.9.7c hasCVEid CVE-2004-0112 Inference: OpenSSL_0.9.7c hasVulnerability CVE-2004-0112 16 © nCircle 2010 All rights reserved.
• Quick Review • RDF is a Labeled-Directed Graph • An RDF statement is made up of a Subject-Predicate- Object sometimes called a “Triple” • Both nodes and arcs are first-class • Next Stop: The Power of Inference 17 © nCircle 2010 All rights reserved.
• RDF Schema YOU ARE HERE Ontologies: OWL Inference OWL-Full Querying: OWL-DL SPARQL OWL-Lite Vocabularies: RDFS Data Interchange: RDF Structure Access: XML Query Validation: XML Schema Syntax: XML / Namespaces Coding Identifiers: URI Character Set: UNICODE 18 © nCircle 2010 All rights reserved.
• RDF Schema (RDF-S) • RDF Vocabulary Description Language 1.0: RDF Schema – Vocabulary defined with RDF statements (triples) • RDF-S Vocabulary is small – Relation between classes (Class , subClassOf) – Relation between properties (Property, subPropertyOf) – Class membership of individuals via properties (domain, range) • Provides some sense of “meaning” to the RDF data – Meaning = what we can explicitly infer from the data – Axioms that express exactly what inference can be drawn – Semantics expressed through the mechanism of inference – Lets explore in the next slides how this works 19 © nCircle 2010 All rights reserved.
• Type Propagation AXIOM • rdfs:Class IF A rdfs:subClassOf B . :Root_Kit rdf:type rdfs:Class . r rdf:type A . :Malware rdf:type rdfs:Class . THEN r rdf:type B . • rdfs:subClassOf :Root_Kit rdfs:subClassOf :Malware . Malware foobar :foobar rdf:type :Root_Kit . we can then infer the triple rdfs:subClassOf :foobar rdf:type :Malware . Root_Kit foobar 20 © nCircle 2010 All rights reserved.
• Relationship Propagation • rdfs:Property :hasBrother rdf:type rdfs:Property . :hasSibling rdf:type rdfs:Property . • rdfs:subPropertyOf :hasBrother rdfs:subPropertyOf :hasSibling . :alice :hasBrother :bob . we can infer the triple :alice :hasSibling :bob . AXIOM IF P rdfs:subPropertyOf R . APB. THEN ARB. 21 © nCircle 2010 All rights reserved.
• Property-Oriented versus Object-Oriented • Semantic data is focused on the relationship between entities and thus Property-Oriented • In Object-Oriented models, an entity is understood to be a member of a class because the class acts as a “template” for its birth • In Property-Oriented models, an entity is understood to be a member of a class because of its relationships • <DOMAIN> property_P <RANGE> – The domain is the collection of types that use the property – The range is the types of values this property describes – Example: domain:CPE :hasVulnerability range:CVE 22 © nCircle 2010 All rights reserved.
• Class Membership through Relationships • Similar to domain and range in math AXIOM (subject) IF :property_P rdfs:domain D-class . P rdfs:domain D-class . :property_P rdfs:range R-class . and Domain applies to the Subject xPy. Range applies to the Object THEN x rdf:type D-class . • Example: :usesSharedLib rdfs:domain :Application . :usesSharedLib rdfs:range :SharedLib . – Assertion AXIOM (object) :Apache :usesSharedLib :OpenSSL . IF – Inference P rdfs:range R-class . :Apache rdf:type :Application . and :OpenSSL rdf:type :SharedLib . xPy. THEN y rdf:type R-class . 23 © nCircle 2010 All rights reserved.
• What are the limits to RDFS? • RDFS may not have enough detail for your modeling – No localized range and domain constraints • Can’t say that “the domain of hasParent is Child when applied to Human and Calf when applied to Elephants” – No existence/cardinality constraints • Can’t say that “all instances of person have a mother that is also a person”, or that persons have exactly 2 parents – No transitive, inverse or symmetrical properties • Can’t say that isAncestorOf is a transitive property • Can’t say that bundles is the inverse of isBundledBy • Can’t say that isMarriedTo or isPeeredWith is symmetrical 24 © nCircle 2010 All rights reserved.