Post on 01-Feb-2016
description
Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)
Luc DandurandNATO C3 Agency
luc.dandurand@nc3a.nato.int
2Addressing security challenges on a global scale Geneva, 6-7 December 2010
NATO C3 Agency
Mission: Enable NATO’s success through the unbiased provision of
comprehensive C4ISR capabilities
NC3A mainly provides acquisition and scientific support to NATO and NATO NationsKey player at helping Nations achieve interoperabilityCDXI is sponsored by NATO Allied Command Transformation (ACT, Norfolk, VA)http://www.nc3a.nato.int/
3Geneva, 6-7 December 2010 Addressing security challenges on a global scale
What is the CDXI?
Ultimately, the goal of CDXI is to transport cyber defence data between organisations through a resilient, global infrastructure structure the data for machine processing feed it directly into automated applications provide assurance of its origin and quality provide access controls for confidentiality provide tools to collaborate on improving the data enable commercial exploitation
4Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Cyber Defence Data
Reference Information Vulnerabilities Software (Applications and Operating Systems) Hardware Malware Patches and Fixes Verification Tests (e.g. IDS signatures & VA tests) Protocol specifications Certifications
5Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Cyber Defence Data
Operational Information Events Incidents IP addresses Implicated parties
6Geneva, 6-7 December 2010 Addressing security challenges on a global scale
What problems does it solve?
Beyond the basic need to exchange data Lots of data sources saying different things
Errors & Discrepancies Different focus and taxonomies → No simple way to fix known errors and collaborate
Limited ability to automate CD applications Importing from the Web is often “manual” Limited quality assurance → THIS IS A MAJOR PROBLEM
No resilience → Need a local copy of all data! No automated implementation/enforcement of sharing
policies
7Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Examples of Discrepancies
8Addressing security challenges on a global scale Geneva, 6-7 December 2010
CVE 2010-2941
18 Nov 2010
Possibly execute arbitrary code via a
crafted packet
CVE 2010-2941
9Addressing security challenges on a global scale Geneva, 6-7 December 2010
CVE 2010-2941
10Addressing security challenges on a global scale Geneva, 6-7 December 2010
CVE 2010-2941
11Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
CVE 2010-2941
12Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
?
?
CVE 2010-2941
13Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
How do we fix this?
“Support dissension to reach consensus” Easily modify the data and send back to community “Multiple truths” co-exist until further research
uncovers the “ultimate truth” Reject or block erroneous data coming into own
automated systems
Custom Quality Assurance Processes
14Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Structured Cyber Defence Data
Strategy of CDXI is currently based on Pure enumerations for the specified topics
Single identifier for each element (e.g. “CVE-ID”) Used to create all links to other data
Agile Data Model User-defined taxonomies User-defined relationships
CDXI could implement most, if not all, standards in CYBEX X.1500.
15Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Confidentiality
Limited sharing is a reality User-based and role-based access controls Organisational sharing policies
Can limit user actions Can automate sharing
Multiple security labels and mappings Instances of CDXI exist at every security level
(Unclassified, Secret and Top Secret)
16Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Commercial Exploitation
Required since Industry has lots of data,but more importantly, the resources to refine itProposed strategy is to encrypt records Sell keys to decrypt the data through contract
Industry can resell Tools that use the CDXI Content Quality assurance of content Data-mining
17Geneva, 6-7 December 2010 Addressing security challenges on a global scale
CDXI Architecture
18Addressing security challenges on a global scale Geneva, 6-7 December 2010
Relation to CYBEX
Similar to CYBEX in that use/acquisition of the data is out of scope Implements the following CYBEX functions Structuring cybersecurity information for exchange purposes Identifying and discovering cybersecurity information and entities Establishment of trust and policy agreement between exchanging entities Providing assured cybersecurity information exchange
Adds support for Dissension to reach consensus, collaboration mechanisms Custom quality assurance processes Commercial exploitation Provides Resilience
CDXI tackles the problem from a prototype implementation point-of-view, rather than the CYBEX standards-based approach
19Geneva, 6-7 December 2010 Addressing security challenges on a global scale
CDXI Way Ahead
Concept, high-level requirements and proposed architecture will be completed Q1 2011We plan to build and test a prototype in 2011We plan to continue prototype development/testing in 2012 and beyondWe hope for: Implementation by Industry? Concept valid for any knowledge centric community!
For further information: luc.dandurand@nc3a.nato.int
20Geneva, 6-7 December 2010 Addressing security challenges on a global scale