fall extension project
Post on 05-Feb-2016
21 Views
Preview:
DESCRIPTION
TRANSCRIPT
Fall Extension ProjectInitial Brief Meeting
August 28, 2010Martin Q. Zhao
Summer Research – An OverviewTitle:
Knowledge Representation & Reasoning for Impact/ Threat Assessment in Cyber Situation Awareness Systems
Objective: Enhancing the SITA systemFind ways to model domain knowledgeDevelop a tool for VT creation/modification
Collaborators: Dr. John SalernoMike Manno Jimmy SwistakWarren Geiler
Cyber SA Model
JDL model:Level 0: Source Preprocessing/subobject refinementLevel 1: Object refinementLevel 2: Situation refinementLevel 3: Impact AssessmentLevel 4: Process Refinement
Endsley’s model:-Perception-Comprehension-Projection
Virtual TerrainThe virtual terrain is a graphical representation of a computer network containing information relevant for a securityanalysis of a computer network, including:
-Mission-Hosts & Subnets-Services & exposures-Routers, sensors & firewalls-Physical & wireless links-Users
TIA Procedures Using VT
Attack detection using IDS
Tracking relevant attack events
Assessing impacts on missions
Projecting promising futures & assessing threats
Core SITA Subsystems
Problems to Solve•Amount of data is huge
A computer network can have hundreds of machines, thousands of software applications and user accounts
Known vulnerabilities are in the thousands, and the number is ever growing.
•XML files are used: they can contain redundant
dataHarm efficiencyCause well-known anomalies
o Insertiono Deletiono Update
•Tools need to be developed to feed SITA with data
Conceptual Data Model
Relational Data Model-VT
H/W
S/W
ExposureLink &Policy
Relational Data Model-Mission
Relational Data Model-Exposure
Mission Map Editor-Requirements
• (Type of) User:
SA Operator
• System Functions: Access data in file/DB Display a mission tree Modify a mission tree Save changes to
file/DB Create a mission tree
Requirements modeling w/ a use-case diagram
Mission Map Editor-Tree creation
1
2
34
5
6File | New
Top mission
Add more Set
criticality
Assign assets
File | Save
Mission Map Editor-Architecture
DBVT
Model
Mission Map
Model
XML
Mission Map Editor-Dynamics
Vulnerability Lookup-Overview
• What is a vulnerability?
• What is an exposure?
• How is it stored in NVD?
• What is CVE?
• What is CPE?
• How are they related to
SITA?
National Vulnerability Database (NVD) contains
CVE Vulnerabilities
43054
CPE Names 22181
Common Platform Enumeration (CPE)
<cpe-item name="cpe:/o:microsoft:windows_7"> <title xml:lang="en-US">Microsoft Windows 7</title> … … </cpe-item>
Common Vulnerabilities and Exposures (CVE)
<entry id="CVE-2010-0278"> … … <cpe-lang:logical-test negate="false" operator="OR"> <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7"/> <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista"/> … … </entry>
Vulnerability Lookup-Prototype
0 Load files
A CVSS Rating
BApps
affected
C Exposure
Vulnerability Lookup-Ideal ways
Type
Application : a
Hardware : h
O/S : o
Vendor
Alcatel
Apple
… …
IBM
… …
Microsoft
… …
cpe:/o:microsoft:windows_7
Prod. Line
MS-DOS
Windows
Product
Windows 98
Windows 2000
Windows XP
Windows Vista
Windows 7
CVE Entry
CVE-2010-0278
CVE-2010-0018
CVE-2010-0249
CVE-2010-0232
… …
Future R&D•MissionMapEditor: Thorough testing and refactoring
•VulnerabilityTracker:Research the processes of checking/updating CVE and
CPE data feedsDesign a layered system architectureDesign and implement GUI that organizes products by
category (such as OS, apps, HW), vendor, product family, version, etc
•IDS (e.g. Snort) alerts specifics and mapping with CVE, as well as with SITA
•VT model generation using automatic scanning data
•Cyber situation visualization
top related