Andrey Chechulin

A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components

The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The development of security-enhanced systems of embedded components is a difficult task due to different types of threats that may affect such systems, and because the security in systems of embedded devices is currently added as an additional feature when the development is advanced, or avoided as a superfluous characteristic. We present in this paper a methodology for the analysis and modeling of threats and attacks for systems of embedded components. The Intruder Model allows us to describe possible actions a potential intruder can accomplish, depending on his/her capabilities, resources, etc. Using this information, we can define a Threat Model that will specify the threats and attacks that affect different security properties in specific domains.

Common Framework for Attack Modeling and Security Evaluation in SIEM Systems

The paper suggests a framework for attack modeling and security evaluation in Security Information and Event Management (SIEM) systems. It is supposed that the common approach to attack modeling and security evaluation is based on modeling of a malefactors behavior, generating a common attack graph, calculating different security metrics and providing risk analysis procedures. Key elements of suggested architectural solutions for attack modeling and security evaluation are using a comprehensive security repository, effective attack graph (tree) generation techniques, taking into account known and new attacks based on zero-day vulnerabilities, stochastic analytical modeling, and interactive decision support to choose preferred security solutions. The architecture of the Attack Modeling and Security Evaluation Component (AMSEC) is proposed, its interaction with other SIEM components is described. We present the prototype of the component and the results of experiments carried out.

Configuration-based approach to embedded device security

Development of embedded devices is a challenging task because of their varying, reactive and real-time nature. Conventionally embedded devices are considered as a part of systems owned by some other entities and operated in a potentially hostile environment. Embedded device development is an extremely complicated problem due to various types of threats and attacks the device subject to, and because the security in embedded devices is commonly provided as an additional feature at the final stages of the development process, or even neglected. In this paper we propose a new configuration model, which facilitates the design of secure and resource consumption efficient embedded devices. The model enables the search for the most effective combinations of security building blocks in terms of consumption of device resources.

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.

Analysis and Evaluation of Web Pages Classification Techniques for Inappropriate Content Blocking

The paper considers the problem of automated categorization of web sites for systems used to block web pages that contain inappropriate content. In the paper we applied the techniques of analysis of the text, html tags, URL addresses and other information using Machine Learning and Data Mining methods. Besides that, techniques of analysis of sites that provide information in different languages are suggested. Architecture and algorithms of the system for collecting, storing and analyzing data required for classification of sites are presented. Results of experiments on analysis of web sites’ correspondence to different categories are given. Evaluation of the classification quality is performed. The classification system developed as a result of this work is implemented in F-Secure mass production systems performing analysis of web content.

Application of a Technique for Secure Embedded Device Design Based on Combining Security Components for Creation of a Perimeter Protection System

From information security point of view embedded devices are the elements of complex systems operating in a potentially hostile environment. Therefore development of embedded devices is a complex task that often requires expert solutions. The complexity of the task of developing secure embedded devices is caused by various types of threats and attacks that may affect the device, as well as that in practice security of embedded devices is usually considered at the final stage of the development process in the form of adding additional security features. The paper proposes a design technique and its application that will facilitate development of secure and energy-efficient embedded devices. The technique organizes the search for the best combinations of security components on the basis of solving an optimization problem. The efficiency of the proposed technique is demonstrated by development of a room perimeter protection system.

Design of Integrated Vulnerabilities Database for Computer Networks Security Analysis

Integration of existing open vulnerabilities databases allows to increase the probability of detection of vulnerable software and hardware that are used in computer networks and improve the quality of security analysis. The paper is dedicated to investigation of open vulnerabilities databases and of process of their integration for further application in the security analysis system. The object of investigation is the process of integration of vulnerabilities databases. The main distinct of the designed integrated vulnerabilities database is its orientation to operative receiving of results of appropriate vulnerabilities search. The model of the process of the vulnerabilities database generation and the structure of the integrated vulnerabilities database are suggested. The description of the designed prototype and the results of its testing are outlined.

An approach for network information flow analysis for systems of embedded components

Systems (devices) with embedded components operate in a potentially hostile environment and have strong recourse limitations. The development of security-enhanced embedded components is a complicated task owning to different types of threats and attacks that may affect the device, and because the security in embedded devices is commonly provided as an additional feature at the final stages of the development process, or even neglected. In the paper we consider an approach to analysis of network information flows in systems containing embedded components. This approach helps to the system engineer to evaluate the embedded system from security point of view and to correct the architecture of future system on early stages of the development.

Choosing Models for Security Metrics Visualization

This paper aims at finding optimal visualization models for representation and analysis of security related data, for example, security metrics, security incidents and cyber attack countermeasures. The classification of the most important security metrics and their characteristics that are important for their visualization are considered. The paper reviews existing and suggested research by the author’s data representation and visualization models. In addition, the most suitable models for different metric groups are outlined and analyzed. A case study is presented as an illustration on the way the visualization models are integrated with different metrics for security awareness.

Categorisation of web pages for protection against inappropriate content in the internet

The paper outlines a framework for automated categorisation of web pages to protect against inappropriate content. The paper contains the framework overview, analysis of state-of-the-art, description of the developed prototype and its evaluation based on series of experiments. Several sources are used for the categorisation, namely text, HTML tags and URL addresses. During the categorisation, this data and other information are analysed using machine learning and data mining methods. Finally, the evaluation of the categorisation quality is performed. The categorisation system developed as a result of this work are planned to be partially implemented in F-Secure Corporation in mass production systems performing analysis of web content.