Defense Trees to Prevent Misuse Özgür Kafalı Postdoctoral Researcher Security Threat Modeling Misuse case diagrams Attack defense trees Current Approaches Informal Written in natural language ID: 580006
Download Presentation The PPT/PDF document "Socializing Attack/" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Socializing Attack/
Defense
Trees to Prevent Misuse
Özgür
Kafalı
Postdoctoral ResearcherSlide2
Security Threat Modeling
Misuse case diagrams
Attack/
defense
treesSlide3
Current Approaches
Informal
Written in natural language
Cannot formalize how nodes relate to each other
Focus mainly on technical vulnerabilitiesLess attention to human misuseIntentional or unintentionalSlide4
Goals
I fixed 100+ vulnerabilities today, great!
How many humans did you fix though?
Enhance attack/defense
trees with social factors to understand and
prevent misuse
Picture credit to
http://www.outsidethebeltway.com/nuclear-planet-engineers-want-us-to-know-theyre-not-homer-simpson/Slide5
Towards Happy Little Attack/Defense Trees
“Trees don't grow even, they don't grow straight ...
Just however it makes them happy”
Bob Ross
on trees and their significance:
Picture credit to “http://do210.com/p/internships”Slide6
How Prevalent are Misuses?
Investigated 1,600 breaches from HHS
Common misuses:
Improper disposal Incorrect emails Slide7
HHS Breach Categories
Vulnerabilities
Misuses
44%Slide8
Are Policies Enough to Prevent Misuse?
HIPAA clause:
Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored
Breach:
failure to erase patient data on disposed photocopiers’ hard drivesSlide9
How Good is HIPAA?
Vulnerabilities
Misuses
very
fewSlide10
Normative Formalization
Commitments
Authorizations
ProhibitionsSlide11
Representing Requirements
Parents are
authorized
to
access minor’s medical records
if they are legal representatives.Slide12
Representing Breaches
Breach:
failure to erase patient data on disposed photocopiers’ hard drives
Healthcare workers are committed
to erasing any media that might contain sensitive patient data Slide13
Social Factors
Picture credit to
https://www.reddit.com/r/TheSimpsons/comments/19jygj/rolling_rolling_rolling_toxic_barrel_rolling/
Norms regulate
interactions of users
State who is accountable
to whom, and for whatSlide14
Normative Reasoning
Having a normative model enables formal relations among norms
Understand conflicts
Pairwise comparison of normsUnderstand what desired security properties our threat models supportSlide15
Normative Attack/Defense Trees
Asset
Misuse
Phishing
Malware
Norm
Violation
Sanction
Refine
NormSlide16
Efforts to Improve Threat Models
Collaborative games for identification and risk based prioritization of vulnerabilities
Protection Poker Elevation of PrivilegeSlide17
Norm Defense Game
Strategy card game for security
Attacker and defender teams
New elements:
Accountability
Forensics Logging
Forensics
Logging
AccSlide18
Evaluation
Different game modes: experts, novices
Introduce random elements to simulate realistic scenarios
Novelty: Outcome holds
clues about security of the subject systemSlide19
Benefits
For us:
More papers
For you: Less misuseFor the greater good:
raise awareness regarding social factorsSlide20
Collaboration
Investigation of breaches
Seeking
breach reports from organizationsGame design and evaluation
Seeking players to be involved in our game Our approach will improve
your threat models, or your money back!