Upload
richard-kristian-hutchinson
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Sapienza Università di RomaDipartimento di Informatica e Sistemistica
Middleware LaboratoryMIDLAB
Information Sharing for the Financial IT Infrastructure: Opportunities and Technological ChallengesRoberto Baldoni
Università degli Studi di Roma “La Sapienza”
[email protected], http://www.dis.uniroma1.it/~baldoni/
Second Workshop on Cyber Security and Global Affairs
Zurich, Switzerland8/7/2010
Mid
dle
ware
Labora
tory
MID
LAB
The case of Collaborative Cyber Security in Financial Ecosystem
■"webification" of critical financial services, such as home banking, online trading, remote payments;
■Cross-domain interactions, spanning different organization boundaries are in place in financial contexts;
■Heterogeneous infrastructure systems such as telecommunication supply, banking, and credit card companies working on heterogeneous data;
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
The case of Collaborative Cyber Security in Financial Ecosystem■ A payment card fraud (2008)
■100 compromised payment cards used by a network of coordinated attackers retrieving cash from 130 different ATMs in 49 countries worldwide, totaling 9 million of US dollars.
■High degree of coordination, half an hour to be executed
■evade all the local monitoring techniques used for detecting anomalies in payment card usage patterns.
■The fraud has been detected only later, after aggregating all the information gathered locally by each financial institution involved in the payment card scam
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
The case of Collaborative Cyber Security in Financial Ecosystem
■Distributed Denial Of Service Attack (2007, Northern Europe)
■ render web-based financial services unreachable from legitimate users.
■DDoS attack targeted a credit card company and two DNS.
■Internet restored only after several trial-and-error activities carried out manually by network administrators of the attacked systems and of their Internet Service Providers (ISPs).
■Long preparation time (days), short attack time (seconds)
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
The case of Collaborative Cyber Security in Financial Ecosystem■Both previous attacks cannot be detected quickly
through information available at the IT infrastructure of a single financial player (i.e., trough local monitoring)
■Need of Information Sharing
■Exchange non-sensitive status information
■Set up of agreements
■Advantages of a global monitoring system
■Damage mitigation
■Quick reaction
■ Sense and respond applications (ATC systems, C&C applications, Business intelligence)
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
■Sensors
■Event Notification
■Complex Event Processing
■Application level Correctness factors
■Accuracy (no false warning)
■Completeness (no detection of real warning)
■Timeliness (no late warning)
Structure of a sense-respond application
Data Dissemination
CEP
warnings
Basic events
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
■Sharing resources and data
■Added values (potential):
■Improved accuracy
■Improved completeness
■Better timeliness
■ Additional problems (real)
■ Data privacy
■Data retention
■ Substain High throughput
■Large bandwidth and computing capabilities
The added value of Collaboration
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Internet
LLYODS
Unicredit
France Telecom
EDF
AT&T
SWIFT
Events
warnings
UBS
■Barriers to collaboration
■Understanding the economics
■Trust
■Legal Issues
Sapienza Università di RomaDipartimento di Informatica e Sistemistica
Middleware LaboratoryMIDLAB
EU CoMiFin Projectwww.comifin.eu
Internet level
Collaboration Level
Application Level
Mid
dle
ware
Labora
tory
MID
LAB
Collaborative Cyber Security: CoMiFin platform
■CoMiFin offers to FIs a platform for gaining the benefits of community-based collaboration over a “business social network”
■CoMiFin platform addresses needs considered important in the financial operator community (such as: information security, data privacy, SLA, contractual relationship for entering a community, “certified” anonimity, …)
■CoMiFin project had been submitted to three Financial Advisory Board (FAB) meeting evaluation sessions that have highlighted its possible business value in real financial use cases. Some FAB members: SWIFT, SIA-SSB, IMI-SAN PAOLO, BANK OF ITALY, UBS.
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
Collaborative Cyber Security: CoMiFin platform
■CoMiFin platform can be potentially useful for addressing the following business use cases
■Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …)
■Black/white lists distribution (for credit reputation, trust level, …)
■Anti-terrorism lists (with name check VAS)
■Anti money laundering monitoring
■Risk management support
■These use cases imply value added services that can be offered by SPs to FIs over CoMiFin
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
Collaborative Cyber Security: CoMiFin platform
■CoMiFin platform can be potentially useful for addressing the following business use cases
■Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …)
■Black/white lists distribution (for credit reputation, trust level, …)
■Anti-terrorism lists (with name check VAS)
■Anti money laundering monitoring
■Risk management support
■These use cases imply value added services that can be offered by SPs to FIs over CoMiFin
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
The notion of semantic room
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
■Contract
■ set of processing and data sharing services provided by the SR along with the data protection, privacy, isolation, trust, security, dependability, performance requirements.■ The contract also contains the hardware and software requirements a member has to provision in order to be admitted into the SR.
■ Objective
■ each SR has a specic strategic objective to meet (e.g, large-scale stealthy scans detection, detecting Man-In-The-Middle attacks)
■ Deployment
■ highly flexible to accommodate the use of different technologies for the implementation of the processing and sharing within the SR (i.e., the implementation of the SR logic or functionality).
Mid
dle
ware
Labora
tory
MID
LAB
The notion of semantic room
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
The notion of semantic room: relationship with cloud computing
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Internet
Level
Collaboration
Level
Application
Level
■Private cloud
■ Deployment of the semantic room through the federation of computing and storage capabilities at each member
■ Each member brings a private cloud to federate
■Public Cloud
■ Deployment of the semantic room on a third party cloud provider
■ The third party owns all computing and storage capabilities
■Federation of Computing and storage resources: no cloud approach
Mid
dle
ware
Labora
tory
MID
LAB
CoMiFin Testbed
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Two Semantic rooms
■Man-In-The-Middle Attack
■Stealthy Scan
Mid
dle
ware
Labora
tory
MID
LAB
Collaborative Stealthy scan detection
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
Collaborative Man-in-The-Middle attack
PE
PE
PE
PE PE
PE
EventManager
Overlay Manager
CEPEngine
Processing rules
DHT Overlay
Events from SR Gateways
Dissemination of Alerts/Events
Processing results
...
...
Intermediate processing
results
Events
Events
PE
Events/Intermediate processing results forwarded to DHT overlay
Events/Intermediate processing results received from DHT overlay
Event Manager Manages I/O (events/alerts) with the outside world
Overlay Manager Manages the internal communication and distributed storage
CEP Engine Applies processing rules and produces alerts and intermediate processing results
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Alerts in the dashboard
Alert details (time, source, target, etc.)
Service effected
Score on the alert
Mid
dle
ware
Labora
tory
MID
LAB
Conclusions
■Customizable event correlation on the top of IP network
■Moving event correlation at the edge
■“Locally-aware” computing
■Usage of open-source technologies for event processing and event dissemination (Agilis, Free Pastry, Esper, Jaql etc)
■The the economic value of information sharing for Cyber Security
■Collaboration with SANDIA laboratory (USA)
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni
Mid
dle
ware
Labora
tory
MID
LAB
Information Sharing for the Financial IT Infrastructure: Barriers and Opportunities: (Rome October 12th 2010) (Rome October 12th 2010)
“Cyber Attacks are categorized as an operational risk by the Basel Committee on Banking Supervision in the Basel II accord. Recent evidence of successful Internet-based attacks and frauds involving financial institutions highlights the inadequacy of the existing protection mechanisms, in which each instutition implements its own isolated monitoring and reaction strategy. With the joint advent of web 2.0, the ultra broadband and of the (private/public) cloud computing technologies, a new era is opening concerning the opportunity for groups of trusted parties for sharing, processing and correlating a huge amount of information that can be used to raise the defences of financial institutions. However cultural, organizational and legal issues create barriers to this kind of cooperation.
The aim of the workshop is to bring together people from academia, research centers, stakeholders and regulators to analyze opportunities and risks associated with the sharing of information in the Financial IT world. Our ultimate aim is to influence decision and policy makers to take advantage of these opportunities. The workshop will be formed in two sessions. The first one will include a series of invited presentations providing views on Information Sharing from stakeholders and regulators and conclude with a panel discussion. The second session will introduce a series of technical presentations discussing framewoks for information sharing and modelling the added value of cooperation in the Financial IT world.”
Organized by CoMiFin Partners and SANDIA Labs
Program available soon at http://www.comifin.eu/
Second Workshop on Cyber Security and Global Affairs Roberto Baldoni