This is is my proposal defence. There are many areas need to be modified and to be strengthen., But if you are lost, this might help to at lease have a rough idea on what to prepare during your proposal defence. I am in communication line.
Presentation slides for my PhD thesis dissertation on machine learning algorithm development to analyze multi dimensional genomic data such as microarrays
This is is my proposal defence. There are many areas need to be modified and to be strengthen., But if you are lost, this might help to at lease have a rough idea on what to prepare during your proposal defence. I am in communication line.
Presentation slides for my PhD thesis dissertation on machine learning algorithm development to analyze multi dimensional genomic data such as microarrays
Thesis PROPOSAL Defense Presentation - March 26 Hermes Huang
This is the Thesis Proposal Defense Presentation by Hermes Huang titled
Analyzing Impacts of Networks within the Maker Movement: The Case of DIYBio in Yogyakarta, Indonesia
Research questions are the starting point in any good research . They provide the road map to proceed and identify and focus on the research gaps . The research objectives are actions intended to answer the research questions .
An Empirical Study on Faith-based Microfinance as an Alternative Tool of Poverty Alleviation. The doctoral study discussed the role of FBOs in microfinance.
Presentation from Master of Science thesis defense (Evaluation of Rapid Impact Compaction for Transportation Infrastructure Applications; July 15, 2011)
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
Thesis PROPOSAL Defense Presentation - March 26 Hermes Huang
This is the Thesis Proposal Defense Presentation by Hermes Huang titled
Analyzing Impacts of Networks within the Maker Movement: The Case of DIYBio in Yogyakarta, Indonesia
Research questions are the starting point in any good research . They provide the road map to proceed and identify and focus on the research gaps . The research objectives are actions intended to answer the research questions .
An Empirical Study on Faith-based Microfinance as an Alternative Tool of Poverty Alleviation. The doctoral study discussed the role of FBOs in microfinance.
Presentation from Master of Science thesis defense (Evaluation of Rapid Impact Compaction for Transportation Infrastructure Applications; July 15, 2011)
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
MAT 133 Milestone One Guidelines and Rubric Overview .docxLaticiaGrissomzz
MAT 133 Milestone One Guidelines and Rubric
Overview: The final project for this course is the creation of a research study report. For the first milestone, you need to select an appropriate study from the
Final Project Research Study Options document found in the Module One Reading and Resources. Then you will draft the first of three sections that will make up
your report.
Prompt: Draft the “Introduction” section of your research study report, which includes the following critical elements:
I. Identify the specific focus of the research. In other words, what was this study about?
II. Explain the purpose of the study. What was the study trying to achieve?
III. Describe the specific characteristics of the group being studied. What was the population? What was the sample size? What were its demographics?
Submit your Milestone One submission to the assignment page in Module Two. You will be graded based on the rubric information below.
You will also be sharing your ideas for your introduction to the discussion board for feedback. Make sure to respond to your peers with thoughts and
information to help them improve their work for the final project submission (later in the course).
Rubric
Guidelines for Submission: Your draft of the “Introduction” section of your research study report should be 1 page in length (plus a cover page and references)
and must be written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Cite all references in APA format.
Note: This rubric is tailored to this assignment and awards full points for “Proficient.” For the final project, you will need to demonstrate “Exemplary”
achievement to earn full points. To see how you will be graded on your final project, review the Final Project Guidelines and Rubric document (in the Assignment
Guidelines and Rubrics section of the course).
Critical Elements Proficient (100%) Needs Improvement (75%) Not Evident (0%) Value
Introduction: Focus Accurately identifies the
specific focus of the research
Identifies the focus of the
research, but is not fully
accurate or lacks specificity
Does not identify the focus of
the research
25
Introduction:
Purpose
Accurately explains the purpose
of the study
Explains the purpose of the
study, but is not fully accurate
or lacks specificity
Does not explain the purpose of
the study
25
Introduction: Group Accurately describes the
specific characteristics of the
group being studied
Describes the characteristics of
the group being studied, but is
not fully accurate or lacks
specificity
Does not describe the
characteristics of the group
being studied
25
Articulation of
Response
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and ar.
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersCrawsec
Explore the pivotal role of endpoint security in protecting your virtual frontiers. Discover expert insights on securing your digital landscape. Click for a safer online experience.
I am Nihal Jani from ahmedabad, Sakar English School. I was searching for a good ppt on slideshare on cyber terrorism, but couldn't find one. So I made one instead and am posting it to benifit other people like me...
This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes
Most organizations require threat models. The industry has recommended threat modeling for years. What holds us back? Master security architect, author and teacher Brook Schoenfield will take participants through a threat model experience based upon years of teaching. Expect a kick start. Practitioners will increase understanding. Experts will gain insight for teaching and programs.
(Source : RSA Conference USA 2017)
Thinking like a hacker - Introducing Hacker VisionPECB
This webinar will explain how to improve Security by adopting the mindset of your opponent, and 'seeing like a hacker'!
Main points covered:
• Introducing ways in which you can think like a hacker, and get into your attacker's mindset so that you can better identify and assess threats.
• How to use this thinking to improve your security controls - how effective are they? And how can you better test them for readiness?
• Visual examples to really lift the lid on what your attackers see, as 'hacker vision' gets you thinking in the mindset of a hacker.
• Examples covered will include physical security, Network security, as well as IoT security.
Presenter:
Our exclusive presenter, Mark Carney is a former pen tester and now a professional security researcher for Security Research Labs in Berlin, specializing in embedded systems and IoT. His background spans compliance testing, Red Teaming, full stack pen testing, and social engineering & physical access engagements.
Link to the recorded webinar: https://youtu.be/Fx2Ha8kIqgE
About the PresentationsThe presentations cover the objectives .docxaryan532920
About the Presentations
The presentations cover the objectives found in the opening of each chapter.
All chapter objectives are listed in the beginning of each presentation.
You may customize the presentations to fit your class needs.
Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.
1
Principles of Incident Response and Disaster Recovery, 2nd Edition
Chapter 01
An Overview of Information
Security and Risk Management
2
2
Objectives
Define and explain information security
Identify and explain the basic concepts of risk management
List and discuss the components of contingency planning
Describe the role of information security policy in the development of contingency plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
3
3
Introduction
Contingency planning
Being ready for incidents and disasters
Example: 1/10 of one percent of online users
Allows for two and a half million potential attackers
Example: World Trade Center (WTC) organizations
Had contingency plans due to February 1993 attack
Example: 2008 Gartner report
2/3 of organizations invoked plans in prior two years
Information security includes contingency planning
Ensures confidentiality, integrity, availability of data
Principles of Incident Response and Disaster Recovery, 2nd Edition
4
4
Information Security
Committee on National Security Systems (CNSS) information security definition
Protection of information and its critical elements
Includes systems and hardware storing, transmitting information
Part of the CNSS model (evolved from C.I.A. triangle)
Conceptual framework for understanding security
Information security (InfoSec)
Protection of confidentiality, integrity, and availability of information
In storage, during processing, and during transmission
Principles of Incident Response and Disaster Recovery, 2nd Edition
5
5
Key Information Security Concepts
Threat: object, person, other entity posing potential risk of loss to an asset
Asset: organizational resource being protected
Logical or physical
Attack: attempt to cause damage to or compromise information of supporting systems
Arises from a threat; intentional or unintentional
Threat-agent: threat instance
Specific and identifiable; exploits asset vulnerabilities
Principles of Incident Response and Disaster Recovery, 2nd Edition
6
6
Key Information Security Concepts (cont’d.)
Vulnerability
Flaw or weakness in system security procedures, design, implementation, internal controls
Results in security breach or security policy violation
Well-known or latent
Exercised accidently or intentionally
Exploit: caused by threat-agent
Can exploit system or information through illegal use
Can create an exploit to target a specific vulnerability
Control/safeguard/countermeasure: prevent attack
Principles of Incident Response and Disaster Recovery, 2nd Edition
7
7
Key Information Security Concepts (cont’d.)
Princ.
About the PresentationsThe presentations cover the objectives .docxbartholomeocoombs
About the Presentations
The presentations cover the objectives found in the opening of each chapter.
All chapter objectives are listed in the beginning of each presentation.
You may customize the presentations to fit your class needs.
Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.
1
Principles of Incident Response and Disaster Recovery, 2nd Edition
Chapter 01
An Overview of Information
Security and Risk Management
2
2
Objectives
Define and explain information security
Identify and explain the basic concepts of risk management
List and discuss the components of contingency planning
Describe the role of information security policy in the development of contingency plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
3
3
Introduction
Contingency planning
Being ready for incidents and disasters
Example: 1/10 of one percent of online users
Allows for two and a half million potential attackers
Example: World Trade Center (WTC) organizations
Had contingency plans due to February 1993 attack
Example: 2008 Gartner report
2/3 of organizations invoked plans in prior two years
Information security includes contingency planning
Ensures confidentiality, integrity, availability of data
Principles of Incident Response and Disaster Recovery, 2nd Edition
4
4
Information Security
Committee on National Security Systems (CNSS) information security definition
Protection of information and its critical elements
Includes systems and hardware storing, transmitting information
Part of the CNSS model (evolved from C.I.A. triangle)
Conceptual framework for understanding security
Information security (InfoSec)
Protection of confidentiality, integrity, and availability of information
In storage, during processing, and during transmission
Principles of Incident Response and Disaster Recovery, 2nd Edition
5
5
Key Information Security Concepts
Threat: object, person, other entity posing potential risk of loss to an asset
Asset: organizational resource being protected
Logical or physical
Attack: attempt to cause damage to or compromise information of supporting systems
Arises from a threat; intentional or unintentional
Threat-agent: threat instance
Specific and identifiable; exploits asset vulnerabilities
Principles of Incident Response and Disaster Recovery, 2nd Edition
6
6
Key Information Security Concepts (cont’d.)
Vulnerability
Flaw or weakness in system security procedures, design, implementation, internal controls
Results in security breach or security policy violation
Well-known or latent
Exercised accidently or intentionally
Exploit: caused by threat-agent
Can exploit system or information through illegal use
Can create an exploit to target a specific vulnerability
Control/safeguard/countermeasure: prevent attack
Principles of Incident Response and Disaster Recovery, 2nd Edition
7
7
Key Information Security Concepts (cont’d.)
Princ.
Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
A deception framework for survivability against next generationRuchika Mehresh
Over the years, malicious entities in cyber-space have grown smarter and resourceful. For defenders to stay abreast of the increasingly sophisticated attacks, the need is to understand these attacks. In this paper, we study the current trends in security attacks and present a threat model that encapsulates their sophistication. Survivability is difficult to achieve because of its contradictory requirements. It requires that a critical system survives all attacks (including zero-day attacks), while still conserving the timeliness property of its mission. We recognize deception as an important tool to resolve this conflict.
The proposed deception-based framework predicts an attacker’s intent in order to design a stronger and more effective recovery; hence strengthening system survivability. Each design choice is supported by evidence and a detailed review of existing literature. Finally, we discuss the challenges in implementing such a framework and the directions that can be taken to overcome them.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Introduction to AI for Nonprofits with Tapp Network
Proposal defense presentation
1. PROACTIVE SCHEMES FOR MISSION ASSURANCE IN CRITICAL SYSTEMS Ruchika Mehresh Ph.D. Dissertation Proposal Defense Department of Computer Science and Engineering University at Buffalo, The State University of New York December 20, 2011 Advisor : Dr. Shambhu Upadhyaya Committee Members : Dr. H. Raghav Rao Dr. Murat Demirbas
2. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
3. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
10. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Deception as a tool Component 1 Component 2 Component 3 Threat Model Solution Evaluation
11.
12. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
13. PROBLEM FORMULATION 1. System type : Mission critical 2. Last wall of defense : secure recovery phase for mission survivability 3. Mission Survivability : Satisfy timeliness property 4. Indefinite missions : time-independent security strength 5. Focus : on event’s impact, not cause 6. Attack model : basis for solution design 7. Tamper-proof : ‘Who watches the watcher ?’ 8. Effective Evaluation 9. Integrity over availability
14.
15. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
16.
17.
18.
19.
20. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
21. SOLUTION DESIGN Component 1: Surreptitious intrusion detection by keeping the IDS tamper-proof Component 2: Making the integrity signature invisible and accessible to the attacker Component 3: Deception-based proactive recovery scheme, and multi-phase evaluation framework
22.
23. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
24.
25.
26. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
27.
28.
29.
30.
31.
32.
33. SIMPLE ARCHITECTURE Intrusion detector or a crucial user space service Lightweight process monitor Direction of Monitoring Process i runs on core i , and 1≤i≤K, where K is the total number of cores on the processor Numbers from 1-K indicate the K cores of the host’s processor 2 3 4 5 6 1 K K-1
34.
35.
36.
37.
38.
39.
40. EVALUATION – TAMPER RESISTANCE Figure: Alerts generated for killing process monitors in sequential order without delay, under light system load Figure: Alerts generated for killing process monitors in sequential order without delay, under heavy system load
41.
42. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
43.
44. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
47. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
48.
49. Coordinator Replica 1 Replica 2 Replica 3 Replica n Workload Workload Workload Workload Workload Replica 3 R R R R Periodic checkpoint Hardware Signature Periodic checkpoint Hardware Signature Need at least a duplex system H C H C H C H C Periodic checkpoint Hardware Signature Periodic checkpoint Hardware Signature Periodic checkpoint Hardware Signature
59. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
60.
61. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
62.
63. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
64. DISSERTATION OUTLINE Chapters Topic s Chapter 1 Introduction Chapter 2 Background Chapter 3 Problem Formulation Chapter 4 Surreptitious intrusion detection by keeping the IDS tamper-proof (For both centralized and decentralized environment) Chapter 5 Making the integrity signature invisible and accessible to the attacker (For both centralized and decentralized environment) Chapter 6 Deception-based secure proactive scheme (For both centralized and decentralized environment) Chapter 7 Evaluation Chapter 8 Conclusion
65. PRESENTATION OUTLINE Introduction Motivation Problem Formulation Background Solution Remaining Work Dissertation Outline Conclusion Threat Model Solution Evaluation Deception as a tool Component 1 “ Who watches the watcher” Component 2 “ Hiding detection” Component 3 “ Deception-based recovery”
66.
67.
68.
Editor's Notes
- Hacking community as it is, has been gathering momentum with dedicated forums that not only provide powerful, ready-to-use tools to script kiddies, but also an excellent communication medium for the professionals -Example: Electricity in hospitals
Mission survivability: doesn’t differentiate between benign or malign cause
Mode 1: A short running mission with a definite timeline Usually for such missions, final phase is the most crucial. If we hold off the aggressive behavior of an attacker for long enough, while still maintaining the mission integrity, we can assure mission survivability. Mode 2: A long running mission with an unbounded timeline In long running missions, it may not be possible to hold off the attacker forever. This is especially true for mission critical systems with infinite timelines (like, web based businesses). A full system recovery will be essential. However, as we will see later in Section 4, recovery can be attacked if we recover the system to the same vulnerable state that was exploited before. Thus, the need is to identify the precise vulnerability that resulted in the exploit and close it during the recovery. Such analysis takes time and hence a smart solution will buy the defender more time, without triggering a change in attacker’s rational behavior. If not, the defender can risk the attacker executing his contingency plans
Multi-stage delivery of malware Botnet’s stealthy command and control execution model Stealth features of Stuxnet sniffs for a specific configuration and inert itself if it does not find it. limited spread (one to three) Erases itself on a specific date on which it erases itself. Spread in industry “ Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating ”
Recovery based: Assumes system is compromised as soon as it goes online
mapping and vulnerability analysis of US critical infrastructure to plan for future attacks Rapid adoption of technology like smart grids more vulnerable due to automation and remote access people working on the smart grid are not concerned about security. “ The emergence of Stuxnet points to an overriding need for critical infrastructure companies to acknowledge the changes in the cyber threat landscape and focus attention not only on denial-of-service attacks, but also on more sophisticated threats, like stealthy infiltration from state-sponsored actors or cyber-extortionists. As our research has shown, the critical infrastructure sector has been slow to adjust to this realization.” cyber-security experts concerned about the surveillance of U.S. power grid by other nation states. A classified 2008 Defense Science Board Report highlights the cyber vulnerabilities in the US electric grid. Potential opponents have been observed to engage in cyber-reconnaissance of US critical infrastructure electrical utilities to plan for attack. A statistic reported by this survey shows a stable and high number of perceived nation-sate network attacks against domestic critical infrastructure. Cyber security experts concerned about international surveillance Potential opponents have been observed to engage in cyber-reconnaissance of US critical infrastructure electrical utilities to plan for attack
Knapp and Boulton and make a strong case for why cyber warfare is not just a military domain issue now. They study trends that demonstrate the transformation of information warfare from primarily a military-domain related issue to an industry-related issue. Coporate spionage Nation states avoiding direct confrotation Terrorism, extortion and hacktivism Baskerville discusses the expansion of information warfare to electronic business domain. He discusses the asymmetric warfare theory and how it relates to information warfare. Attackers are not restricted by time to develop exploit as much as defenders are. Another asymmetry is attacker’s advantage of stealth. Therefore, a defense system needs to be agile and adaptive in order to balance out this asymmetry.
Component 1: Surreptitious intrusion detection by keeping the IDS tamper-proof Component 2: Making the integrity signature invisible and accessible to the attacker Component 3: deception-based proactive recovery scheme, and multi-phase evaluation framework
Antivirus virus (retrovirus) Attacks/disables or infects the antivirus Software assets become defenseless Attacks bypass AV protection Called “argument-switch” attack, exploits driver hooks the AV programs use Send benign code and later swap with malicious payload E.g., remove McAfee and install malware Easier to do in a multi-thread, multi-core setup
AMD SimNow is installed on Ubuntu which is the host operating system. Inside AMD SimNow, we run a guest operating system, i.e., FreeBSD. All experiments run on this guest operating system. This system is configured to use emulated hardware of AMD Awesim 800Mhz 8-core processor with 1024 MB RAM. We use kernel level filters to implement process monitoring. This is because inter-process communication support provided by UNIX-like systems (like pipes or sockets) does not suffice for our framework. Inter-process communication delivers messages only between two live processes. However, we require that a communication (alert) be initiated when a process is terminated. For this purpose, we use an event delivery/notification subsystem called Kqueue, which falls under the FreeBSD family of system calls. Under this setup, a process monitor interested in receiving alerts/notifications about another process creates a new kernel event queue (kqueue) and submits the process identifier of the monitored process. Specified events (kevent) when generated by the monitored process are added to the kqueue of the process monitor. Kevent in our implementation is the termination of the monitored process. Process monitors can then retrieve this kevent from their kqueues at any time. A process monitor can monitor multiple processes in parallel using POSIX threads.
The initial setup time is defined as the time taken for the kqueue subsystem to get loaded before an attacker tries to subvert the process monitors. This is the only major time delay this system has been observed to incur. Initial setup time increases linearly with increasing degree of incidence. With 8 process monitors in a circulant digraph topology, the worst case initial setup delay of 0.3ms is obtained with a maximum degree of incidence.
We experimented with different circulant digraph topologies with varying number of process monitors and degree of incidence, as shown in the table. We experiment with the worst case scenario where the attacker already knows the correct order of the nodes in this topology. We assume that he also identifies the windows of vulnerability and uses them to his advantage (again, the worst case). In the figure, the number of alerts generated shows the sensitivity of this framework toward a crash attack executed using SIGKILL, under light system load.
Composability : The functionalities of the potential sub-modules can be composed to provide the functionalities of their parent module. Sufficiency : The functionalities of the potential sub-modules collectively describe the entire set of functionalities of their parent module.
For our analysis, checkpoint interval is assumed to be 1 hour. Fig. 2 presents the execution times for the four Scimark workloads on a logarithmic scale. It can be seen that the execution time overhead increases only a little when the system transitions from Case 1 to Case 2 (i.e., employing the proposed scheme as a preventive measure). For instance, an application that runs for 13.6 hours for Case 1 will incur an execution time overhead of only 13.49 minutes in moving to Case 2. However, the execution time overhead increases somewhat rapidly when the system transitions from Case 2 to Case 3. The increase in execution overhead will be substantial only if there are too many faults/attacks present, which is not very common. Fig. 3 shows the percentage increase in execution times of various workloads when the system transitions from a lower case to a higher one. It is assumed that these executions do not have any interactions (inputs/outputs) with the external environment. The percentage increase in execution time is only around 1.6% for all the workloads when system transitions from Case 1 to Case 2. The overhead for a transition from Case 1 to Case 3 (with mean time to failure, M =10 hours) is around 9%. These percentages indicate acceptable overheads in most fault tolerant systems.
Need for extending the framework to a decentralized environment: As with all centralized architectures, the framework that we developed has a single point of failure. Its trusted computing base is limited only to the coordinator. This can be advantageous because it is easier to ensure whether a single system is running tamper-free or not. However, since it will be connected to compromised systems during a mission cycle, we cannot assume that it will stay secure forever. Thus, we would like to go beyond our extreme dependence on this single entity. While moving towards decentralization, we will conduct a detailed investigation about the various candidate topologies, the candidate voting procedures, the limited trusted computing base, etc. A user will submit his job randomly to multiple replicas in this decentralized framework. Similarly, it will obtain information from randomly selected multiple replicas and will perform a majority voting. Following are the prime areas that we will investigate for building the solution: Choosing the topology The topology can range from anything completely decentralized, to cluster formation, to even having a trusted computing base with multiple coordinators. We add a replica to the blacklist till either the mission is complete or the suspected replica has been completely profiled and believed to be uncompromised. This is because if we keep adding replicas to the blacklist aggressively and predictably, we may risk availability of the service and it can lead to a denial of service attack. Thus, we predict that there will be some centralized components in the new framework because it will not be very efficient to have each replica profile every other replica. Choosing the secure, distributed voting algorithm We plan to leverage features from [49] and other secure voting algorithms to reach a distributed consensus about the integrity status of replicas. Since the system requirements here are very different from any of the work done before, we will have to modify the presented algorithms in order to suit our purpose. Reputation-based mechanisms We will investigate the possibility of using reputation mechanisms as a substitute for blacklisting. Possible use of Nexus In an ideal environment, COTS paradigm is most useful since stronger system could be built without depending on any dedicated or specially designed components. However, the proposed solution requires some minimal intervention to harvest the built-in redundant logics in a chip. So, as an alternative solution, we propose software approaches such as the Nexus platform [50] to achieve the same effect of trusted monitoring using the built-in hardware.