Management of security policy configuration using a Semantic Threat Graph approach

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

[1]  Bharat Bhargava,et al.  Characterizing and aggregating attack graph-based security metric , 2010 .

[2]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[3]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[4]  Michael R. Grimaila,et al.  The Use of Attack and Protection Trees to Analyze Security for an Online Banking System , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[5]  Simon N. Foley,et al.  Network Access Control Configuration Management Using Semantic Web Techniques , 2009 .

[6]  Peter Saint-Andre,et al.  Extensible Messaging and Presence Protocol (XMPP): Core , 2004, RFC.

[7]  Duane Wessels Squid: The Definitive Guide , 2004 .

[8]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[9]  Stefan Fenz,et al.  Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard , 2007 .

[10]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[11]  Peter Saint-Andre,et al.  XMPP : The Definitive Guide , 2009 .

[12]  Edgar R. Weippl,et al.  Security Ontology: Simulating Threats to Corporate Assets , 2006, ICISS.

[13]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[14]  Simon N. Foley,et al.  Aligning Semantic Web applications with network access controls , 2011, Comput. Stand. Interfaces.

[15]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[16]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[17]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[18]  Marc Dacier,et al.  Models and tools for quantitative assessment of operational security , 1996, SEC.

[19]  Yakov Rekhter,et al.  Address Allocation for Private Internets , 1994, RFC.

[20]  Nahid Shahmehri,et al.  An Ontology of Information Security , 2007, Int. J. Inf. Secur. Priv..

[21]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[22]  Stefan Fenz,et al.  Ontological Mapping of Information Security Best-Practice Guidelines , 2009, BIS.

[23]  Bülent Yener,et al.  Modeling and detection of complex attacks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[24]  Diego Calvanese,et al.  The description logic handbook: theory , 2003 .

[25]  John Wack,et al.  Guidelines on Firewalls and Firewall Policy , 2002 .

[26]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[27]  Gheorghe Lucian Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter , 2006 .

[28]  Karen A. Scarfone,et al.  Guide to General Server Security | NIST , 2008 .

[29]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[30]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[31]  M Handley,et al.  RFC 4732: Internet Denial-of-Service Considerations , 2006 .

[32]  Dean Allemang,et al.  Semantic Web for the Working Ontologist - Effective Modeling in RDFS and OWL, Second Edition , 2011 .

[33]  Michael Gruninger,et al.  Methodology for the Design and Evaluation of Ontologies , 1995, IJCAI 1995.

[34]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[35]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[36]  Jeannette M. Wing CHAPTER 9 – Scenario Graphs Applied to Network Security , 2008 .

[37]  Simon N. Foley,et al.  Management of heterogeneous security access control configuration using an ontology engineering approach , 2010, SafeConfig '10.

[38]  Bijan Parsia,et al.  Pellet: An OWL DL Reasoner , 2004, Description Logics.

[39]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[40]  Kei-Hoi Cheung,et al.  Semantic Web: Revolutionizing Knowledge Discovery in the Life Sciences , 2006 .

[41]  Simon N. Foley,et al.  An Approach to Security Policy Configuration Using Semantic Threat Graphs , 2009, DBSec.

[42]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[43]  Peter Saint-Andre,et al.  XMPP - The Definitive Guide: Building Real-Time Applications with Jabber Technologies , 2009 .

[44]  Sushil Jajodia,et al.  Implementing interactive analysis of attack graphs using relational databases , 2008, J. Comput. Secur..

[45]  Edgar R. Weippl,et al.  Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[46]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[47]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[48]  Karen A. Scarfone,et al.  Guidelines on Securing Public Web Servers , 2002 .

[49]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[50]  Internet Assigned Numbers Authority Special-Use IPv4 Addresses , 2002, RFC.

[51]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[52]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[53]  Bruce Schneier,et al.  Secrets and lies - digital security in a networked world: with new information about post-9/11 security , 2004 .

[54]  Wietse Z. Venema,et al.  TCP Wrapper: Network Monitoring, Access Control, and Booby Traps , 1992, USENIX Summer.

[55]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[56]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[57]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[58]  Terrence A. Brooks,et al.  Review of: Allemang, Dean and Hendler, James. Semantic Web for the working ontologist: modeling in RDF, RDFS and OWL. Burlington, MA: Morgan Kaufmann, 2008 , 2009, Inf. Res..

[59]  Wayne Jansen,et al.  Guidelines on Electronic Mail Security: Recommendations of the National Institute of Standards and Technology , 2002 .

[60]  Benjamin N. Grosof,et al.  Supporting Rule System Interoperability on the Semantic Web with SWRL , 2005, SEMWEB.

[61]  Henrik Eriksson,et al.  The evolution of Protégé: an environment for knowledge-based systems development , 2003, Int. J. Hum. Comput. Stud..

[62]  M. Samwald,et al.  Classes versus Individuals : Fundamental Design Issues for Ontologies on the Biomedical Semantic Web , 2006 .

[63]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .