SlideShare a Scribd company logo

VIKING cluster meeting 1

Download as PPTX, PDF
F
fcleary

The document discusses the Cyber Security Modeling Language (CySeMoL) tool developed by the VIKING project. The tool allows users to model their system architecture, visualize potential attacks, and calculate success probabilities of attacks. It consolidates security theory to identify the most important factors that influence attack success. The tool is currently being tested in real-life cases and the developers are seeking collaboration to improve the modeling language, calculation engine, and data collection capabilities.

Technology
1 of 19
Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
SCADA/Industrial Control system security
The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
[Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
[Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
The tool http://www.kth.se/ees/omskolan/organisation/avdelningar/ics/research/eat
Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
Collaboration/usage – VIKING’s “EA models for security analysis” Theory/Modeling language: ,[object Object]

Recommended

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 

Recommended

Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
Ushnish Chowdhury
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
Spiros Fraganastasis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
18
1818
18
Technology_solution
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
LogicMindtech Nologies
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
Vijay Karan
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
Shakas Technologies
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
Anton Chuvakin
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
LogicMindtech Nologies
 
22
2222
22
Technology_solution
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEEMEMTECHSTUDENTPROJECTS
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
JPINFOTECH JAYAPRAKASH
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
Hassan Rizwan
 
Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
bauml
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
Andrea Giuliano
 

More Related Content

What's hot

Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
LogicMindtech Nologies
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
Vijay Karan
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
Shakas Technologies
 
Ch01
Ch01Ch01
Ch01
n C
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
Yulian Slobodyan
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
Anton Chuvakin
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
LogicMindtech Nologies
 
22
2222
22
Technology_solution
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Scott Van Valkenburgh
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEEMEMTECHSTUDENTPROJECTS
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
JPINFOTECH JAYAPRAKASH
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
Hassan Rizwan
 

What's hot (20)

Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
 
Trade offs for threshold implementations
Trade offs for threshold implementationsTrade offs for threshold implementations
Trade offs for threshold implementations
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 Projects
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
Ch01
Ch01Ch01
Ch01
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
 
An efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networksAn efficient distributed trust model for wireless sensor networks
An efficient distributed trust model for wireless sensor networks
 
22
2222
22
 
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015
 
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
IEEE 2014 DOTNET DATA MINING PROJECTS A robust multiple watermarking techniqu...
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
The Champion Supervisor
The Champion SupervisorThe Champion Supervisor
The Champion Supervisor
 

Viewers also liked

Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
bauml
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
Andrea Giuliano
 
Coherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architectureCoherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architecture
University of Pisa
 
Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3
Olybop .fr
 
Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
Louzel Linejan
 
Benefit Of Computer
Benefit Of ComputerBenefit Of Computer
Benefit Of Computer
Komalaa
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
Jay-R Diacamos
 
Validity and Reliability
Validity and ReliabilityValidity and Reliability
Validity and Reliability
Maury Martinez
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnaires
Venkitachalam R
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
songoten77
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
Jester Paquera
 
Precision attachments
Precision attachmentsPrecision attachments
Precision attachments
Amit Bhargav
 
multimedia element
multimedia elementmultimedia element
multimedia element
AZMAN KADIR
 
Benefits Of Computer Software
Benefits Of Computer SoftwareBenefits Of Computer Software
Benefits Of Computer Software
poonam.rwalia
 

Viewers also liked (14)

Automated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component SoftwareAutomated Versioning As A Mechanism For Component Software
Automated Versioning As A Mechanism For Component Software
 
Consistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your ChoiceConsistency, Availability, Partition: Make Your Choice
Consistency, Availability, Partition: Make Your Choice
 
Coherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architectureCoherence and consistency models in multiprocessor architecture
Coherence and consistency models in multiprocessor architecture
 
Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3Pp3 - Pixel Perfect Precision V3
Pp3 - Pixel Perfect Precision V3
 
Louzel Report - Reliability & validity
Louzel Report - Reliability & validity Louzel Report - Reliability & validity
Louzel Report - Reliability & validity
 
Benefit Of Computer
Benefit Of ComputerBenefit Of Computer
Benefit Of Computer
 
advantages and disadvanteges of computer
advantages and disadvanteges of computeradvantages and disadvanteges of computer
advantages and disadvanteges of computer
 
Validity and Reliability
Validity and ReliabilityValidity and Reliability
Validity and Reliability
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnaires
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
 
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTERADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
ADVANTAGES AND DIS-ADVANTAGES OF COMPUTER
 
Precision attachments
Precision attachmentsPrecision attachments
Precision attachments
 
multimedia element
multimedia elementmultimedia element
multimedia element
 
Benefits Of Computer Software
Benefits Of Computer SoftwareBenefits Of Computer Software
Benefits Of Computer Software
 

Similar to VIKING cluster meeting 1

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
maribethy2y
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
Jennifer Wood
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
Infosectrain3
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
IJEACS
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
james yoo
 
Presentation copy
Presentation copyPresentation copy
Presentation copy
Adel Zalok
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
UltraUploader
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
guestc416cd26
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
gangal
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
Konstantinos Demertzis
 
F0341026029
F0341026029F0341026029
F0341026029
inventionjournals
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
sadique_ghitm
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
Alan Quayle
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
International Journal of Innovation Engineering and Science Research
 

Similar to VIKING cluster meeting 1 (20)

Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
 
Presentation copy
Presentation copyPresentation copy
Presentation copy
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
 
F0341026029
F0341026029F0341026029
F0341026029
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
 

More from fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
fcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 
Syssec
SyssecSyssec
Syssec
fcleary
 
Nessos
NessosNessos
Nessos
fcleary
 
Tdl
TdlTdl
Tdl
fcleary
 

More from fcleary (20)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Syssec
SyssecSyssec
Syssec
 
Nessos
NessosNessos
Nessos
 
Tdl
TdlTdl
Tdl
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 

VIKING cluster meeting 1

  • 1. Enterprise Architecture Models for Security AnalysisThe VIKING project TeodorSommestad The Royal Institute of Technology (KTH) Stockholm, Sweden teodor.sommestad@ics.kth.se
  • 3. The VIKING project From security requirements to social costs (consequences) Attack SCADA system Power network Societalcost KTH, this presentation ETH, Zürich ViCiSi, in 15 min.
  • 4. Decision makers in utilitiestypicallyhave… … a poorunderstandingof the system architecture and itsenvironment … a poorunderstanding of how to achievesecurity in thiscomplexenvironment … limitedresources, time and money A Bayesian computational engine analyzes your architecture and possible attacks against it
  • 5. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 6. This tool assess if attacks are possible to do against a system architecture Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.34 P(SCADAServer.ConnectTo) = 0.43 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12
  • 7. We do not aim at Inventing some new protection apparatus (e.g. firewall), solution or architecture. Tell cryptography/authentication/…/firewall experts which of their solutions that are secure and which are not. Explain which attacks that probably will be attempted against the system.
  • 8. Qualitative theory What influences what? For example, what influences the possibility for an attacker to compromise a machine? In which ways can it be done? Which of these things are most important? For example, which protection mechanisms against arbitrary code execution attacks are most relevant? In essence: What data should be collected (modeled) to say something about the possibility to succeed with attacks? Quantitative theory How big is the influence? For example, how is the attacker’s chance of success influenced by “address space layout randomization”? What combinations of things are important? For example, does “address space layout randomization” make a difference if you already have an “non-executable memory” turned on? In essence: How probably are different attacks to succeed?
  • 9. [Qualitative theory] The metamodel Attribute dependencies For example: The probability that Remote Arbitrary Code Exploits on a Service can be performed depend on: If you can connect to the Service If it has a high-severity vulnerability The attacker can authenticate itself as a legitimate user If its OS uses ASLR or NX memory protection If there is Deep Packet Inspection Firewall between the attacker and Service
  • 10. [Quantitative theory] Example:Remote Arbitrary Code Exploits on a Service
  • 11. Say that your architecture and our “rules” produces these dependencies [Quantitative theory] Canthis attack be done by professional penetration tester?
  • 12. Our tool would answer: [Quantitative theory] 1.00*0.24*1.00*0.51*1.00=0.1224=12.24% chance of success 100% 100% 100% 24% 51%
  • 13. What if analysis:Execute arbitrary code [Quantitative theory] Install a deep-packet-inspection firewall (IPS) As is. Remove Address Space Layout Randomization (ASLR) 15 % probabilitythat the attacker canexecute his/hercode… 24 % probabilitythat the attacker canexecute his/hercode… 27 % probabilitythat the attacker canexecutehis/hercode… …8 % for the attack scenario… …12 % for the attack scenario… …14% for the attack scenario…
  • 14. Data sources The relationships and dependency-structure: Literature, e.g. standards or scientific articles. Review and prioritization by external experts, e.g. FOI, SÄPO, Combitech, Chalmers, Ericsson, BTH, Management Doctors. The probabilities: Logical relationships, e.g.: if the firewalls allow you to connect to A from B and you have access to B, then you can connect. Others’ studies, e.g. time-to-compromise for of authentication codes or patch level vs patching procedures. Experts’ judgments, e.g. 165 intrusion detection system researchers estimating the detection rate in different scenarios.
  • 15. Successprobabilitiesof attacks: P(SCADAServer.Access) = 0.14P(SCADAService.InjectCode) = 0.14P(SCADAServer.FindKnownService) = 0.04 P(SCADAServer.ConnectTo) = 0.23 Effectofchanges: For P(SCADAServer.Access)Install IPS: 0.14=>0.11 Regularsecurityaudits: 0.14=>0.12 Our aim with CySeMoL
  • 17. Our solution: the Cyber Security Modeling Language The result for your architecture is visualized, e.g. which attacks are easy to do and which countermeasures that make a big difference. We consolidate theory on security, i.e. what is most important and how important is it. A Bayesian computational engine analyzes your architecture and possible attacks against it You represent your system, e.g. add network zones, draw data flows, specify management processes
  • 18. Today’s status of the tool Our theory consolidation is in version 1.0, soon published. Nah… Calculation engine is completed Tests in real life are ongoing
  • 19.
  • 20. Find ways to simplify it
  • 22. Combine with some other modeling language
  • 23.
  • 24. Develop support for automated data collection