Your SlideShare is downloading. ×
Practical Security Architecture Analysis
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Practical Security Architecture Analysis

130
views

Published on

A work in progress presentation given at a private security conference in the UK in the winter of 2008.

A work in progress presentation given at a private security conference in the UK in the winter of 2008.

Published in: Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
130
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Phil HugginsPrivate Security Conference Winter 2008
  • 2. “Complexity is the worst enemy of security” –Marcus RanumThis is a work in progress.Winter 2008
  • 3.  Is it secure? What are the risks? Are the risks important? Whose fault are the risks? Why didnt our external pen test / app test / vuln scan find all these risks? Can I save money on my security investment? Why is security always the source of our problems? Can you tell us how to fix it?
  • 4.  What are the negative outcomes we want to avoid?  Pure business focus at this point How can we rank them in importance? For the example system we identified six key negative outcomes:  Loss of Credit Card Data  Loss of Personal Data  Compromise of internal network  Loss of regulatory required data  Defacement of the website  Attack on user of the system
  • 5.  Where are the possible sources of the negative outcomes? How capable are those sources? How do the threat sources get to the outcomes via the identified system components? Attack Trees
  • 6.  Lots of work Manually need to build a tree for each outcome Some commercial tools available Graphviz & Dot
  • 7.  The attack trees identify potential risks NOT vulnerabilities No testing at this point Map to existing security controls to identify security design gaps
  • 8.  Still very opinion based – hard to compare results across practitioners Manually intensive Not pretty for customers What does it identify:  Security design gaps  Likely vulnerable (complex) components  Trust relationships between components
  • 9.  Approach to identify complexity and interdependencies Component DSM used for system architecture analysis Matrix of components www.dsmweb.org
  • 10.  Just focus on which component connects to which other connections Sum of each row is the component fan-out complexity Sum of each column is the component fan-in complexity Sum of row + column for each component is total component complexity Sum of total component complexity is a measure of system complexity Allows you to rank components on connection complexity
  • 11.  Previous Work  Howard at Microsoft  Manadhata at Carnegie Mellon Manadhata correlated severity of reported public vulns in FTP servers with:  Method privilege  Method access rights  Channel Protocol  Channel access rights  Data item type  Data item access rights
  • 12.  Measuring Connection Complexity  Number and type of protocols  Number and type of API calls  Number and type of messages  Number and type of functions Measuring Connection Trust  Authenticated Y/N?  Integrity checking Y/N? Measuring Connection Privilege  Number of levels of authorisation  Privilege level of protocol endpoint  Privilege level of message endpoint  Persistence of message data Measuring Connection Privacy  Encrypted Y/N?
  • 13.  Assign some arbitrary ordinal numbers to the attack surface measures Implement a clustering tool to map trust / complexity across systems Pretty graphics Anyone got any systems they want to try this out on?
  • 14. http://blog.blackswansecurity.comWinter 2008 UNCON 14

×