Document

Transcript Document

An Alternative Model for Information Availability

via Indirect Intention Specification of DoS Attackers 01 May 2020 Theodore Tryfonas

Information Security Research Group

Dept. of Electronics & Computer Systems Engineering Faculty of Advanced Technology University of Glamorgan United Kingdom

4th SPI, Brno 1

Agenda

• • • Availability definitions and perspectives A Fuzzier approach to modelling availability Further Research 01 May 2020 4th SPI, Brno 2

Availability Through Reliable Systems Engineering:



MTTF MTTF



MTTR

• Irrespective of the initial root cause that may contain a malicious intention, threats to the availability of systems may include: – excessive workload (e.g. a heavily used or targeted/flooded web server) – system corruption (e.g. a hard disk failure or electromagnetic interference) – faulty configuration options (e.g. bad signal synchronisation or lack of deadlock avoidance measures) 01 May 2020 4th SPI, Brno 3

‘Early warning’

Time linearity and incident manifestation

‘Incident Response’ Preliminary indication(s) 01 May 2020 Incident underway 4th SPI, Brno System damaged Disaster recovery 4

Implications of traditional availability modelling

• • • • A security model should emphasise on the potential illicit action or the intention of a malicious perpetrator.

That is true in relation to the formal models developed historically, such as the Bell-LaPadula, Clark-Wilson, Biba etc.

However, a brief review of the literature reveals that availability is usually studied through the traditional perspective of the reliable systems research.

Whilst this is generally acceptable, this perspective is rarely related to the occurrence of, or the intention to launch, a denial of service attack.

01 May 2020 4th SPI, Brno 5

•

Information Security & Availability

The standard ITSEC defined IT security as: – confidentiality – prevention of the unauthorised disclosure of information; – integrity – prevention of the unauthorised modification of information; –

availability – prevention of the unauthorised withholding of information or resources.

01 May 2020 4th SPI, Brno 6

•

Availability Through Information Security

Availability address the ability of a system to respond to authorised requests at proper times.

• Under that perspective, for authorised users, availability is acceptable latency.

• The term acceptable however introduces another aspect; what response time is acceptable depends on the specific application and the requirements of the application’s context. 01 May 2020 4th SPI, Brno 7

A Fuzzy Definition of Availability

Availability of information within a system is defined as the fuzzy function

F = {(t, μ(t)) | t

information.

 

where t is the response time of a process/transaction and μ(t) the degree of membership of that time in the expectations of the subjects that require that 01 May 2020 4th SPI, Brno Example of setting availability expectations per anticipated response time (

response time in seconds)

μ(t) =

     t  t  t  t  t  [0, 0.9), best [0.9, 2.5), good [2.5, 4), average [4, 5), poor [5, +  ), unacceptable 8

Introducing Entropy

• • • •

f i

/N  probability of occurrence of i

I(i) = -log(f i /N)

Mean IC per element = H = 

i=1...M

i log p i

) = 

i=1...M

p i

I(i), where p

i = f i

/N.

We would ideally expect to retrieve the totality of the informational content of an element per transaction, however at an average we retrieve – E[A]  H, where E[.] calculates the mean of the variable A 01 May 2020 4th SPI, Brno 9

Defining a Metric for Availability

• Therefore, it is possible to define a metric that combines the fuzzy nature of our expectations for availability as defined previously, with the amount of content actually retrieved, by setting

μ(t)



(In the table above it is assumed that A = 1) • We can now also indirectly but conveniently refer to the attacker who intents to withhold informational resources by inverting the model, as

μ(t) -1

 (1 – A) 01 May 2020 4th SPI, Brno 10

A Fuzzier Approach

Legitimate user expectations DoS attacker expectations IC HIGH successful delayed LOW 0 In-progress 01 May 2020 Non-completed LOW HIGH Attacking window of opportunity 4th SPI, Brno Latency 11

Further Research

• Complete running of the fuzzy model (C++ implementation) with different distributions for A for a number of applications and associated expectations • Compare the theoretical output with timeseries of DoS incidents occurrences as recorded through ‘BigEars’, ISRG’s honeypot (collected via snort) 01 May 2020 4th SPI, Brno 12

Conclusions

• Need for models that are security-, not reliability driven • Theoretical modelling without reference to the medium (similar to access control models) – implicit assumption on the exchange of information / some sort of transaction or protocol step • Simple model, easy to simulate • Indirect intention specification through what is not desirable from a user’s perspective 01 May 2020 4th SPI, Brno 13

Acknowledgements

• Thank you - Questions?

01 May 2020 4th SPI, Brno

For further details please contact: Theo Tryfonas Faculty of Advanced Technology University of Glamorgan CF37 1DL, Pontypridd Wales United Kingdom [email protected]