Threat analysis-perception
-
Upload
zaffar-abbasi -
Category
News & Politics
-
view
1.361 -
download
0
Transcript of Threat analysis-perception
Threat Analysis
Lunar Security Services
2
Overview
• Definitions• Representation• Challenges• “The Unthinkable”• Strategies & Recommendations
3
Background
• What is threat analysis?– Potential Attacks/Threats/Risks– Analysis– Countermeasures– Future Preparations
• NIST’s “Introduction to Threat Analysis Workshop”, October 2005
4
Stakes• People– Voters– Candidates– Poll Workers– Political Groups– Developers– Board of Elections– Attackers– More...
• Voting: A System of...– IT– American Politics– Duty– Trust– Inclusion– Safety– Process– Precedence...if it
works
5
Means of Representation
General tactic:– Identify possible attackers– Identify goals of attacker– Enumerate possible ways to achieve goals– Locate key system vulnerabilities– Create resolution plan
6
• Bruce Sheneier, Dr. Dobb’s Journal, 1999:– Used to “model threats against computer
systems”
• Continual breaking down of goals and means to achieve them
Attack Tree
Simple Example
Cost propagation
Multiple Costs
7
Attack Tree Evaluation• Creation
– Refining over time– Realistic costs
• Advantages– Identifies key security issues– Documenting plans of attack
and likelihood– Knowing the system
• Disadvantages– Amount of documentation– Can only ameliorate
foreseen circumstances– Difficult to prioritize/quantize
factorsShortened version of an Attack
Tree for the interception of a message send with a PGP
header.
8
Other Means of Representation
• Threat Catalog – Doug Jones– Attacks -> vulnerabilities -> analysis of defense– Challenges
• Organization• Technology• Identity• Scale of Attack
• Fault Tree Analysis– Ensures product performance from software– Attempts to avoid single-point, catastrophic
failures
9
Challenges• Vulnerabilities– System– Process
• Variety of possible attacks• New Field: Systems Engineering• Attack Detection• Attack Resolution
-> too many dimensions to predict all possibilities, but we’ll try to name a few…
10
“The Unthinkable”, Part 1
1. Chain Voting2. Votes On A Roll 3. The Disoriented Optical Scanner4. When A Number 2 Pencil Is Not
Enough5. ...we found these poll workers where?
11
“The Unthinkable”, Part 2
6. This DRE “fell off the delivery truck”...
7. The Disoriented Touch Screen8. The Confusing Ballot (Florida 2000
Election)9. Third Party “Whoopsies”10.X-ray vision through walls of precinct
Natalie Podrazik – [email protected] 12
“The Unthinkable”, Part 3
11.“Oops” code12.Do secure wireless connections
exist?13.I’d rather not have your help,
thanks...14.Trojan Horse15.Replaceable firmware on Optical
Scanners
Natalie Podrazik – [email protected] 13
“The Unthinkable”, Part 4
16.Unfinished vote = free vote for somebody else
17.“I think I know what they meant by...”
18.Group Conspiracy: “These machines are broken.”
19.“That’s weird. It’s a typo.”20.Denial of Service Attack
Natalie Podrazik – [email protected] 14
My Ideas...
• Write-in bomb threat, terrorist attack, backdoor code
• Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference
• Children in the voting booth
15
Strategies & Recommendations
• Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study
• Tamper Tape• Use of “independent
expert security team”– Inspection– Assessment– Full Access
• Use of “Red Team Exercises” on:– Hardware design– Hardware/Firmware
configuration– Software Design– Software Configuration– Voting Procedures (not
hardware or software, but people and process)
16
Conclusions
• Attack Trees– Identify agents, scenarios, resources,
system-wide flaws• Challenges: dimensions in system
analysis• Unforeseen circumstances• Independent Team of Experts, but how
expert can they be?
17
Works Cited1. All 20 “The Unthinkable” scenarios available at:
http://www.vote.nist.gov/threats/papers.htm2. Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online:
http://www.goldbrickgallery.com/bestof2004_2.html 3. Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST
Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/Jonesthreattalk.pdf
4. Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/mellthreat.pdf
5. “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: http://www.brennancenter.org/programs/downloads/voting_systems_final_recommendations.pdf:
6. Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/wackthreat.pdf
7. Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree