Servicios y Seguridad, un enfoque basado en estrategias de ataque y defensa

En este artículo se presenta el enfoque metodológico de la asignatura Servicios y Seguridad del Grado de Informática y Servicios, título oficial de la Universidad Autónoma de Barcelona que se imparte en la Escuela Universitaria de Informática Tomás Cerdá. Proponemos un enfoque basado en estrategias de ataque y defensa utilizadas en sistemas informáticos. Los modelos de estrategia constituyen el hilo conductor que permite relacionar cómo contribuyen el resto de temas, como criptografía, estándares de seguridad, metodologías de modelado de amenazas y de evaluación de riesgos en la configuración de un sistema de servicios web seguro. La parte práctica incluye sesiones de laboratorio y el desarrollo de un trabajo de hacking. En el laboratorio los alumnos aprenden a configurar la seguridad de un servidor de aplicaciones web, a generar certificados de servidor y de clientes, y a incluir opciones de seguridad en aplicaciones y en servicios web. Realizando el trabajo práctico los alumnos aprenden a defender mejor al sistema a través del conocimiento de las técnicas y herramientas que utilizan los atacantes para descubrir y explotar las vulnerabilidades de las infraestructuras y aplicaciones.This article describes the methodological approach of the subject Services and Security of the Bachelor's Degree in Information Technology and Services (Universitat Autonoma de Barcelona), which is taught at the Tomas Cerda Computer Science School. We propose an approach based on attack and defense strategies which are used in computer systems. Strategy models are the thread that relates how the rest of the topics as cryptography, security standards, threat modeling and risk assessment methodologies contribute in setting up a secure web service based system. The practical part includes laboratory sessions and development of a work of hacking. In the laboratory students learn to set up a web server application, to generate server and client’s certificates, and to include security options into applications and web services. By doing the practical work students learn how to defend the system in a better way through the knowledge of the techniques and tools used by hackers to discover and exploit vulnerabilities of infrastructure and applications.Universidad de Granada: Departamento de Arquitectura y Tecnología de Computadores; Vicerrectorado para la Garantía de la Calidad

A cyberciege traffic analysis extension for teaching network security

CyberCIEGE is an interactive game simulating realistic scenarios that teaches the players Information Assurance (IA) concepts. The existing game scenarios only provide a high-level abstraction of the networked environment, e.g., nodes do not have Internet protocol (IP) addresses or belong to proper subnets, and there is no packet-level network simulation. This research explored endowing the game with network level traffic analysis, and implementing a game scenario to take advantage of this new capability. Traffic analysis is presented to players in a format similar to existing tools such that learned skills may be easily transferred to future real-world situations. A network traffic analysis tool simulation within CyberCIEGE was developed and this new tool provides the player with traffic analysis capability. Using existing taxonomies of cyber-attacks, the research identified a subset of network-based attacks most amenable to modeling and representation within CyberCIEGE. From the attacks identified, a complementary CyberCIEGE scenario was developed to provide the player with new educational opportunities for network analysis and threat identification. From the attack scenario, players also learn about the effects of these cyber-attacks and glean a more informed understanding of appropriate mitigation measures.http://archive.org/details/acyberciegetraff109451057

Cybersecurity of Industrial Cyber-Physical Systems: A Review

Industrial cyber-physical systems (ICPSs) manage critical infrastructures by controlling the processes based on the "physics" data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the "security by obscurity" principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition while the most common ones are related to weak boundary protection. Although there are existing surveys in this context, very little is mentioned regarding these reports. This paper bridges this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. We also identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.Comment: 32 pages, 10 figure

Control-Flow Security.

Computer security is a topic of paramount importance in computing today. Though enormous effort has been expended to reduce the software attack surface, vulnerabilities remain. In contemporary attacks, subverting the control-flow of an application is often the cornerstone to a successful attempt to compromise a system. This subversion, known as a control-flow attack, remains as an essential building block of many software exploits. This dissertation proposes a multi-pronged approach to securing software control-flow to harden the software attack surface. The primary domain of this dissertation is the elimination of the basic mechanism in software enabling control-flow attacks. I address the prevalence of such attacks by going to the heart of the problem, removing all of the operations that inject runtime data into program control. This novel approach, Control-Data Isolation, provides protection by subtracting the root of the problem; indirect control-flow. Previous works have attempted to address control-flow attacks by layering additional complexity in an effort to shield software from attack. In this work, I take a subtractive approach; subtracting the primary cause of both contemporary and classic control-flow attacks. This novel approach to security advances the state of the art in control-flow security by ensuring the integrity of the programmer-intended control-flow graph of an application at runtime. Further, this dissertation provides methodologies to eliminate the barriers to adoption of control-data isolation while simultaneously moving ahead to reduce future attacks. The secondary domain of this dissertation is technique which leverages the process by which software is engineered, tested, and executed to pinpoint the statements in software which are most likely to be exploited by an attacker, defined as the Dynamic Control Frontier. Rather than reacting to successful attacks by patching software, the approach in this dissertation will move ahead of the attacker and identify the susceptible code regions before they are compromised. In total, this dissertation combines software and hardware design techniques to eliminate contemporary control-flow attacks. Further, it demonstrates the efficacy and viability of a subtractive approach to software security, eliminating the elements underlying security vulnerabilities.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133304/1/warthur_1.pd

An Analysis of the Relationship between Security Information Technology Enhancements and Computer Security Breaches and Incidents

Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside the company’s network for months, and often law enforcement is the first to inform the company of the breach. The problem that was investigated in this case study was whether new information technology (IT) utilized by Fortune 500 financial services companies led to the changes in data security incidents and breaches. The goal of this dissertation is to gain a deeper understanding on how IT can increase awareness of a security incident or breach, and can also decrease security incidents and breaches. This dissertation also explores how threat information sharing increases awareness and decreases information security incidents and breaches. The objective of the study was to understand how changes in IT can influence an increase or decrease in data security breaches. This investigation was a case study of nine Fortune 500 financial services companies to understand what types of IT increase or decrease detection of security incidents and breaches. An increase in detecting and stopping a security incident or breach may have positive effects on the security of an enterprise. The longer a hacker has access to IT systems, the more entrenched they become and the more time the hacker has to locate data with high value. Time is of the essence to detect a compromise and react. The results of the case study showed that Fortune 500 companies utilized new IT that allowed them to improve their visibility of security incidents and breaches from months and years to hours and days

Dynamic Cyber-Incident Response

Doctor of Philosophy and was awarded by Brunel University LondonCyber-Incident Response (or, as it was initially called, Computer Incident response) has traditionally followed cyclic models such as the SEI Incident Response Cycle and SANS models, which aim to detect and identify incidents, stop, contain and eradicate them. Using the knowledge gained from the incidents, these models then advocate improving the capabilities to defend against subsequent attacks of the same nature. Although some later versions of these models, including the NIST model proposed in 2012, have nested the cycles to provide a more reactive response, they are neither demonstrably empirically founded nor do they represent the interests of all stakeholders within an organisation. This research addresses cyber-incident response from a broader perspective, looking from the viewpoint of a cross-functional set of stakeholders and ensures that incident response decisions are sensitive to temporal priorities, taken from an organisation-wide perspective and provide a range of responses rather than only containing and eradicating an incident. During this research, principal component analysis and structural equation modelling were used to develop the Dynamic Cyber Incident Response Model (DCIRM) which resulted in the development of a fielded prototype tool, the Cyber Operations Support Tool (COST). COST was then subjected to both controlled experimentation and operational validation. Empirical analysis of both of these activities confirmed the utility and effectiveness of the COST and the underlying DCIRM. The COST has since been used to train military cyber operational planners. The novel areas of this research are the dynamic nature of DCIRM which takes account of the changing asset values based on the point in the business/mission cycle, the trade-off between risk to the organisation and gathering intelligence during an incident, the flexibility in response options within organisational constraints and the abstraction of the information to allow a non-cyber specialist to make an appropriate incident response decision

Rapid Mission Assurance Assessment via Sociotechnical Modeling and Simulation

How do organizations rapidly assess command-level effects of cyber attacks? Leaders need a way of assuring themselves that their organization, people, and information technology can continue their missions in a contested cyber environment. To do this, leaders should: 1) require assessments be more than analogical, anecdotal or simplistic snapshots in time; 2) demand the ability to rapidly model their organizations; 3) identify their organization’s structural vulnerabilities; and 4) have the ability to forecast mission assurance scenarios. Using text mining to build agent based dynamic network models of information processing organizations, I examine impacts of contested cyber environments on three common focus areas of information assurance—confidentiality, integrity, and availability. I find that assessing impacts of cyber attacks is a nuanced affair dependent on the nature of the attack, the nature of the organization and its missions, and the nature of the measurements. For well-manned information processing organizations, many attacks are in the nuisance range and that only multipronged or severe attacks cause meaningful failure. I also find that such organizations can design for resiliency and provide guidelines in how to do so