View
218
Download
0
Tags:
Embed Size (px)
Citation preview
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Massimo Scipioni
TRUST Autumn Conference 2011
Realizing intrinsically cyber secure large systems
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Outline
• Introduction• The problem context• The solution
• Development process• Users’ processes and procedures• Cyber Command & Control
• Conclusions
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Introduction
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Introduction (1/2)
“State of the Art” seamless Offer, ranging from Products to Integrated Systems and Solutions.
HOMELAND PROTECTION DEFENCE SYSTEMS
BORDER & TERRITORY PROTECTIONCRITICAL INFRASTRUCTURES PROTECTION
CRISIS MANAGEMENTMAJOR EVENTS
C4ISTAR SYSTEMSNCW INFRASTRUCTURESAIR DEFENCE SYSTEMS
BATTLESPACE C4ISTAR SYSTEMS
AIRBORNE, SURVEILLANCE & SECURITY SYSTEMS
AIRBORNEMISSION SYSTEMS
ATC/ATM & AIRPORT SYSTEMS
VTMS & MARITIME AWARENESS
ADVANCED IT FOR SECURITY,
LOGISTICS, AUTOMATION
AVIONICS (EW, RADAR, EO) NAVAL RADARS & FIRE CONTROL SYSTEMS
GROUND RADARS
NAVAL COMBAT SYSTEMS INTEGRATIONGROUND COMMAND & CONTROL SYSTEMS
NAVAL & GROUNDAVIONIC CNI
PROFESSIONAL TETRA - WiMAX
SENSOR
INTEGRATED SYSTEMS
COMMAND & CONTROL COMMUNICATIONS
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Introduction (2/2)
• A large system is a system of systems, namely a network of interconnected systems that cooperate to perform common functions, more and more in terms of network enabled capability.
• FINMECCANICA assigned to SELEX Sistemi Integrati the prime contractor and architect mission role for large systems development.
• Playing this role the Company is responsible for defining large systems requirements, both functional and non-functional.
• Security is a crucial non-functional requirements family when developing large systems.
• Cyber security is the flow down of general security measures to protect against and react to cyber attacks.
• The Company is therefore approaching the problem to realize large systems intrinsically cyber secure.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The problem context
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
A definition
Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, bestpractices, assurance and technologies that can be used to protect the cyber environment, organization and users’ assets.
General security objectives:• availability;• integrity (which may include
authenticity and non-repudiation);
• confidentiality.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Objectives and threats
• Availability • The capability of the system to protect data
and processes from the denial of service to the authorized users.
• Main threat: Distributed Denial of Service.
• Integrity• The capability of the system to protect data
and processes from unauthorized changes.• Main threats: Exploit, Rootkit.
• Confidentiality • The capability of the system to protect data
and processes from unauthorized access.• Main threats: Eavesdropping, Keylogging,
Data Exfiltration.
8
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The problem (1/3)
• Cyber attacks cover a wide range of actions: attacks can affect data, processes and programs, as well as the network environment.
• Such attacks might involve intrusions into networks for the purpose of compromising data, degrading communications, interrupting commerce, or impairing critical infrastructures (such as transportation or medical and emergency services).
• Stuxnet taught us a lesson!
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The problem (2/3)
Besides,
the whole is more vulnerable than the composing parts.
• Integrating diverse and heterogeneous systems a degradation of the derived large system in the cyber security domain emerges.
• This means that a large system may be affected by vulnerabilities due to its intrinsic complexity.
• Such vulnerabilities may even not affect the composing systems.
How do we fill this gap?
Realizing intrinsically cyber secure large systems.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The problem (3/3)
How do we develop intrinsically cyber secure large systems?
Not just providing large systems with firewalls, IDSs, etc., in other words not just surrounding the system with a Maginot line
but
i. Adopting a cyber security oriented system design and development process.
ii. Defining operating processes and procedures to guide system users, at any level, to work in respect of cyber security requirements.
iii. Providing large systems with a cyber command & control that analyses, protects and contrasts cyber intrusions.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The development process
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Cyber security oriented life cycle
Requirements definition
Security requirement
s
Abuse cases
Architectural design
Threat modeling
Risk analisys
Implementation Testing Deployment
Secure coding
Secure testing
Penetration testing
Secure code review
Vulnerability management
Secure deployment
Operational enabling
Security Testing
Attack Patterns – Security Patterns
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Design and development of artefacts (1/2)
Hardware architecture and network topology are designed to be highly resilient and such that cyber security related non functional requirements are fully satisfied.
Software architecture mapping onto the hardware architecture is optimized wrt the cyber security requirements. Functional and non-functional requirements allocation components is cyber security driven.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Design and development of artefacts (2/2)
Software code artefacts at any architectural level are not affected by defects originating vulnerabilities.
Software testing artefacts stress the system to simulate the possible kinds of attack foreseen for the system under test, performing penetration testing, security testing, etc.
A cyber secure operating system is the basement upon which build secure applications.
Common core
Applicatio
n
Customiza
tion
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The users’ processes and procedures
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Users’ processes and procedures
• Users’ and operators’ behaviour is crucial to the cyber security. • A set of cyber security oriented processes and procedures to guide
users is produced as part of the large system development. • This will largely reduce the occurrences of the so called insider
threats, namely attacks both volunteer and non-volunteer due to system users and operators. Internal attacks are definitely more dangerous than the external ones.
• Very often cyber attacks causing significant damages are originated from incautious actions (e.g. infected USB keys).
• Training programs will be put in place to build the necessary awareness in the personnel who will be using the system.
• Need to know and responsibility to share policies will be set forth and adopted by the users’ community.
• Following this approach, the cyber security related human factors become an integrated part of the large system design and development.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
The Cyber Command & Control
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Cyber Command & Control (1/4)
• A cyber command & control is provided as part of the large system.• Such cyber command & control application is the large system cyber
security supervisor and embraces the whole large system. • It integrates the lower level cyber security applications, embedded in
the composing systems, and provides additional functions in order to build an overall protection and to guarantee an improved cyber security capability to the whole large system.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Cyber Command & Control (2/4)
Systems
Cyber Command & Control
Malicious activities detection
Post attacks restoring support
Attacks prevention and defence
Intelligence and Decision Support
Consolidated information Assurance picture management
Cyber Command & Control Data Base
Non open sources (e.g. ISP)
Open sources (e.g. web)
Risks and threats dynamic assessment
•Risk analysis•Vulnerability assessment
•Platform application information
•Log•Network monitoring
•Cyber events
•Risk management
•Patch management
•CERT interoperability•Anomaly management
•Incident management
•Counter measures
Open info
Non open info
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Cyber Command & Control (3/4)
• Consolidated information assurance picture management• Provide operators with a real time human computer interface to interact with
the Cyber Command & Control:• Visualize all the node of networks in the domain under control,• Visualize the geo-reference of systems, networks, nodes and incidents,• Visualize the risk status of all the assets in the domain.
• Malicious activity detection• Collect and correlate information coming from:
• Network monitoring,• Application status monitoring,• Access control,
in order to detect malicious activity.• Attacks prevention and defense
• Stop or mitigate any detected attack and implement preventive measures to avoid attacks.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Cyber Command & Control (4/4)
• Risks and threats dynamic assessment• Project the current situation into the future, • Assess the damage incurred from an attack,• Improve the understanding of threats by assessing on-going attacks.
• Post attacks restoration support• Support the composing systems in restoring after an attack has been stopped
and the damage has been assessed:• Replace compromised systems and information, • Take actions with respect to compromised confidentiality of information.
• Intelligence and decision support• Support operations by accessing and exploiting any kind of open and non-
open sources relevant to the cyber defence and security situation,• Correlate and fuse heterogeneous data coming from diverse sources to
support the intelligence processing,• Support operators in taking decision as to the best way to manage situations,
providing alternative scenarios.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Conclusions
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Conclusions
• The development of cyber secure large systems is based on three main pillars: • A design, development, integration and deployment process
oriented to cyber defence and security;• Users’ and operators’ processes and procedures oriented to
cyber security;• A cyber command and control embedded in the large system.
• From the architectural perspective, the whole stack, from the hardware platforms up to the application software, are rigorously cyber secure.
• All the concepts discussed is applied to both the newly developed large systems and the legacy ones.
• This way a holistic approach is applied to the realization of cyber secure large systems.
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Thank you for your attention
© 2
011
SE
LEX
Sis
tem
i Int
egra
ti -
Com
mer
cial
in
Con
fiden
ce
Via Tiburtina, Km 12.40000131 - Roma, ItaliaT. +39 06 41501
SELEX Sistemi Integrati