Nicola Nostro

Insider Threat Assessment: a Model-Based Methodology

Security is a major challenge for todays companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are companys employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.

Model-based Evaluation of Scalability and Security Tradeoffs: a Case Study on a Multi-Service Platform

Abstract Current ICT infrastructures are characterized by increasing requirements of reliability, security, performance, availability, adaptability. A relevant issue is represented by the scalability of the system with respect to the increasing number of users and applications, thus requiring a careful dimensioning of resources. Furthermore, new security issues to be faced arise from exposing applications and data to the Internet, thus requiring an attentive analysis of potential threats and the identification of stronger security mechanisms to be implemented, which may produce a negative impact on system performance and scalability properties. The paper presents a model-based evaluation of scalability and security tradeoffs of a multi-service web-based platform, by evaluating how the introduction of security mechanisms may lead to a degradation of performance properties. The evaluation focuses on the OPENNESS platform, a web-based platform providing different kind of services, to different categories of users. The evaluation aims at identifying the bottlenecks of the system, under different configurations, and assess the impact of security countermeasures which were identified by a thorough threat analysis activity previously carried out on the target system. The modeling activity has been carried out using the Stochastic Activity Networks (SANs) formalism, making full use of its characteristics of modularity and reusability. The analysis model is realized through the composition of a set of predefined template models, which facilitates the construction of the overall system model, and the evaluation of different configuration by composing them in different ways.

A methodology and supporting techniques for the quantitative assessment of insider threats

Security is a major challenge for todays companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are companys employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.

Dependability and Performance Assessment of Dynamic CONNECTed Systems

In this chapter we present approaches for analysis and monitoring of dependability and performance of connected systems, and their combined usage. These approaches need to account for dynamicity and evolvability of connected systems. In particular, the chapter covers the quantitative assessment of dependability and performance properties through a stochastic model-based approach: first an overview of dependability-related measurements and stochastic model-based approaches provides the necessary background. Then, our proposal in connect of an automated and modular dependability analysis framework for dynamically connected systems is described. This framework can be used off-line for system design (specifically, in connect, for connector synthesis), and on-line, to continuously assess system behaviour and detect possible issues arising at run-time. For the latter purpose, a generic, flexible and modular monitoring infrastructure has been developed. Monitoring is at the core of the connect vision, in order to ensure run-time observation of specified quantitative properties and possibly trigger adequate reactions. We focus here on the interaction chain between monitoring and analysis, to allow for on-line continuous validation of specified dependability and performance properties. Illustrative examples of applications of analysis and monitoring are provided with reference to the connect Terrorist Alert scenario.

On enabling dependability assurance in heterogeneous networks through automated model-based analysis

We present the specification of a basic library of dependability mechanisms that can be used within automated approaches for synthesising dependable CONNECTors in heterogeneous networks. The library builds on classical dependability patterns, such as majority voting and retry, and uses the concept of overlay networks for triggering the synthesis of specific dependability mechanisms in the CONNECTor from high-level specifications. We translated such dependability mechanisms into SAN models with the aim to evaluate, through model-based analysis, which dependability mechanisms should be embedded in the synthesised CONNECTor for ensuring a given dependability level between networked systems willing to be connected. A case study is also presented to show the application of selected library mechanisms. This work is carried out in the context of CONNECT, a European FET project which is investigating the possibility of enabling long-lasting inter-operation among networked systems by synthesising mediating CONNECTors at run-time.

On-the-Fly Dependable Mediation between Heterogeneous Networked Systems

The development of next generation Future Internet systems must be capable to address complexity, heterogeneity, interdependency and, especially, evolution of loosely connected networked systems. The European project Connect addresses the challenging and ambitious topic of ensuring eternally functioning distributed and heterogeneous systems through on-the-fly synthesis of the Connectors through which they communicate. In this paper we focus on the Connect enablers that dynamically derive such connectors ensuring the required non-functional requirements via a framework to analyse and assess dependability and performance properties. We illustrate the adaptive approach under development integrating synthesis of Connectors, stochastic model-based analysis performed at design time and run-time monitoring. The proposed framework is illustrated on a case study.

Modeling and analysis of the impact of failures in Electric Power Systems organized in interconnected regions

Analysis of interdependencies in Electric Power Systems (EPS) has been recognized as a crucial and challenging issue to improve their trustworthiness. The recent liberalization process in energy markets has promoted the entry of a variety of operators in the electricity industry. The resulting new organization contributed to increase in complexity, heterogeneity and interconnection. This paper proposes a framework for analyzing EPS organized as a set of interconnected regions, both from the point of view of the electric power grid and of the cyber control infrastructure. The emphasis is on interdependencies and in assessing their impact on indicators representative of the QoS perceived by users. Taking a reference power grid as test case, the effects of failures on selected measures are shown, both in case the grid is partitioned in a number of regions and in case of a single region, to illustrate the behavior of different grid and control configurations.

Adding Security Concerns to Safety Critical Certification

Safety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems have been designed in compliance with safety requirements. The increasing presence of automatic controlling operation, the massive use of networks to transfer data and information, and the human operations introduce a new security concern in safety-critical systems. Security issues (threats) do not only have direct impact on systems availability, integrity and confidentiality, but they also can influence the safety aspects of the safety critical systems. Today taking into account malicious actions through intrusion into communications and computer control systems become a critical and not negligible step during the design and the assessment of safety-critical systems. The paper describes a general methodology to support the assessment of safety-critical system with respect to security aspects. The methodology is based on a library of security threats. Such threats, identified during the work, have been mapped to the NIST security controls. Then, a preliminary representation of the library in the aerospace domain is shown through some simple example, together with some considerations on the relation between security issues and safety impact as a valuable addition to the safety critical systems certification process.

Automated synthesis of dependable mediators for heterogeneous interoperable systems

Abstract Approaches to dependability and performance are challenged when systems are made up of networks of heterogeneous applications/devices, especially when operating in unpredictable open-world settings. The research community is tackling this problem and exploring means for enabling interoperability at the application level. The EU project Connect has developed a generic interoperability mechanism which relies on the on-the-fly synthesis of “ Connect ors”, that is software bridges that enable and adapt communication among heterogeneous devices. Dependability and Performance are relevant aspects of the system. In our previous work, we have identified generic dependability mechanisms for enhancing the dependability of Connect ors. In this work, we introduce a set of generic strategies for automating the selection and application of an appropriate dependability mechanism. A case study based on a global monitoring system for environment and security (GMES) is used as a means for demonstrating the approach.

Achieving functional and non functional interoperability through synthesized connectors

An automated connectors synthesis approach for application interoperability.A connector adaptation process to preserve the connector non functional adequacy.A stochastic model-based implementation of performance and dependability analysis. Our everyday life is pervaded by the use of a number of heterogeneous systems that are continuously and dynamically available in the networked environment to interoperate to achieve some goal. Goals may include both functional and non functional aspects and the evolving nature of such environment requires automated solutions as means to reach the needed level of flexibility. Achieving interoperability in such environment is a challenging problem. Even though some of such systems may in principle interact since they have compatible functionalities and similar interaction protocols, mismatches in their protocols and non functional issues arising from the environment may undermine their seamless interoperability. In this paper, we propose an approach for the automated synthesis of application layer connectors between heterogeneous networked systems (NSs) addressing both functional and some non functional interoperability. Our contributions are: (i) an automated connectors synthesis approach for NSs interoperability taking into account functional, performance and dependability aspects spanning pre-deployment time and run-time; (ii) a connector adaptation process, related to the performance and dependability aspects; and (iii) a stochastic model-based implementation of the performance and dependability analysis. In addition, we implemented, analyzed, and critically discussed a case study.