1. AIIC ‐ ENEA 2010
March 29, 2010
Roma, Italy
Cyber Dependencies:
Characteriza3on, Discovery and Analysis
E. Casalicchio
University of Roma – Tor Vergata
Department of Computer Science System and Prod.
E.Casalicchio ‐ www.emilianocasalichio.eu
2. AIIC ‐ ENEA 2010
March 29, 2010
Cyber dependencies Roma, Italy
• An infrastructure has a cyber inter‐dependence if its status depends on
informa3on transmi@ed across cyberspace. Rinaldi et al. 2003
We are interested in understanding the coupling (inter-dependencies) among
components, systems, services INSIDE the cyberinfrastructure
Components
Services Systems
Cyberinfrastructure
E.Casalicchio ‐ www.emilianocasalichio.eu
3. AIIC ‐ ENEA 2010
March 29, 2010
Mo3va3ons Roma, Italy
Vulnerability & Impact
Risk Assessment Analysis
• fundamental • (inter‐dependencies) • root/cause of
and strategic IT Assets respect with failure
components, the vulnerabili3es and propaga3on,
Cyber • cascading and
networks and risk must be evaluated
Security escala3ng
services • Quan3ta3ve metrics
phenomena
Cyber
treath
Cyber dependencies discovery
and analysis
Natural
hazard
Terrorism /
physical
attack
E.Casalicchio ‐ www.emilianocasalichio.eu
4. AIIC ‐ ENEA 2010
March 29, 2010
Three phases Roma, Italy
• Dimensions of Discovery
analysis • Intensity
• metrics for • Impact
dependencies • Presence of • Vulnerability
evalua3on dependencies • Risk
• methods and respect to
mechanisms for dimensions of
discovery and analysis
analysis
Analysis
Characteriza3on
E.Casalicchio ‐ www.emilianocasalichio.eu
5. AIIC ‐ ENEA 2010
Characteriza3on of Cyber dependencies March 29, 2010
Roma, Italy
Logical Locality ‐ Physical Inter‐/Intra‐system
Type – nature of the
(services) or logical locaDon Inter‐/Intra‐domain
dependent enDDes
Hardware/SoTware
(architectures)
Life Cycle – when dependencies Strength ‐ the Persistent
are introduced in the system life intensity of Op3onal /
cycle
Func3onal
6 dependencie Occasional
Structural
Resources CriDcality ‐ the potenDal of
becoming disastrous
Pre / Post /Ex‐
requisite
Direct (1st order)
Order ‐ Directness
of a dependency Indirect (2nd/
nth order)
E.Casalicchio ‐ www.emilianocasalichio.eu
6. AIIC ‐ ENEA 2010
March 29, 2010
Characteriza3on suggests Metrics Roma, Italy
• Strength
– probability P of dependency ac3va3on P in [0, 1]
– Dura3on T (related to the ac3vity/life 3me) %T in [0, 1]
• CriDcality
Severe
Elevated
Guarded
High
– how dangerous a dependency can be (qualita3ve)
Low
• Pre‐requisite (Severe), Co‐requisite (High, Elevated)
• Ex‐requisite (Guarded, Low)
• Order
– measure of the cascade effect
– Measure of the distance of a poten3al target from the source of a failure
• Locality
– Indicate if a rela3onship is internal or external the system or layer under
considera3on
• Life cycle
– When a dependency is introduced
– Cost of dependency removal
E.Casalicchio ‐ www.emilianocasalichio.eu
7. AIIC ‐ ENEA 2010
March 29, 2010
Discovery of cyber dependencies: Analysis of Dependencies: Roma, Italy
• Off‐line, sta3c • Off‐line, sta3c
• Off‐line, dynamic
Approaches: Approaches:
• Applica3on Code Analysis (ACA)
• Component Dependencies Graph
• Visual model analysis (VMA)
• Dynamic program analysis (DPA)
• Dependencies Structure Matrix
• Performance analysis (PA)
• System informa3on repositories mining (SRM) Goal:
• Message exchange sequence or pa@ern mining • Evalua3on of metrics/indexes to
(MSM) quan3fy systems/service coupling in
support to:
• Risk and Vulnerability
assessment
• Impact analysis
E.Casalicchio ‐ www.emilianocasalichio.eu