Operational Security Assurance: “Requirements for a trusted future internet and privacy ·...
Transcript of Operational Security Assurance: “Requirements for a trusted future internet and privacy ·...
8/12/2010Copyright © 2010 Alcatel-Lucent. All rights reserved.
1
Operational Security Assurance:
“Requirements for a trusted future internet and privacy"
Bertrand Marquet
Head of Security Research Dept (Acting)
Alcatel-Lucent Bell Labs France
Copyright © 2010 Alcatel-Lucent. All rights reserved.2
Agenda
• Introduction
• Operational Security Assurance
• Requirements for Security Assured Operations
• Assurance Profiles in operations
• Conclusion
Copyright © 2010 Alcatel-Lucent. All rights reserved.3
Introduction
Copyright © 2010 Alcatel-Lucent. All rights reserved.4
Several major transformation are occurring simultaneously
You will be here
Copyright © 2010 Alcatel-Lucent. All rights reserved.5
Technological context:
Telco is facing two major transformations
Service
providers
Service
providersEnd
users
End
users
ICT CloudElastic Telco Cloud
ICT infrastructuresIT Cloud (virtualized ressources)
Transformation of infrastructures Transformation of End devices
PCs, SmartphonesApplication stores
Internet of ThingsApplication stores
Mastering risksof service infrastructures
Mastering risksof service infrastructures
Protecting User experiencePrivacy and usability
Protecting User experiencePrivacy and usability
Copyright © 2010 Alcatel-Lucent. All rights reserved.6
Social and economical context
Service
providers
Service
providersEnd
users
End
users
Everything is Video
Social life exposed
Open platforms
Content providerApplication
provider
New ecosystems
Spikes in
ressources demand
Need to comply
with more and
more regulations
Open Services and
APIs
Copyright © 2010 Alcatel-Lucent. All rights reserved.7
Operational Security assurance to provide guaranties
Mastering risksof service infrastructures
Mastering risksof service infrastructures
Protecting User experiencePrivacy
Protecting User experiencePrivacy
Operational Security AssuranceProtecting Business and Privacy
Operational Security AssuranceProtecting Business and Privacy
Copyright © 2010 Alcatel-Lucent. All rights reserved.8
Operational Security Assurance
Copyright © 2010 Alcatel-Lucent. All rights reserved.9
Linked European projects
Part of this work has been studied within EUREKA Celtic Project
2005-2007: BUGYO – CELTIC Excellence award
2009-2011: BUGYO beyond
Large-scale, multi-domain and dynamic infrastructures
Content of the following slides cannot be used without Alcatel-Lucent
And BUGYO Beyond consortium written authorization
Copyright © 2010 Alcatel-Lucent. All rights reserved.10
Between risk management
and trust management:
Inclure roue de BUGYO
Metrics
Assurance
that generate
which leads to
that th
eminimize
Infrastructures
that threaten the
mea
sure
d by
which gives
AssuranceAssuranceAssuranceAssuranceManagementManagementManagementManagementMeasurement
Measurement
Measurement
MeasurementMonitoring
Monitoring
Monitoring
Monitoring Trust managementTrust managementTrust managementTrust management
Risk ManagementRisk ManagementRisk ManagementRisk Management
Assi
stan
ceAs
sist
ance
Assi
stan
ceAs
sist
ance
CountermeasuresEvidence
Confidence
Risks
Copyright © 2010 Alcatel-Lucent. All rights reserved.11
Top down approach: From service to indicators.
Inherent risks for the ServiceInherent risks for the Service
Identified risks for the Service
Security Policy
Security Controls realisation
Procedures and Technical mechanisms
enforcing or supporting security controls
Op
era
tio
na
l
syst
em
Running Security ControlsRunning Security Controls
OK OK OK NOK
Ris
k
Ass
ess
me
nt
De
sig
n
&
Imp
lem
en
tati
on
Security Architecture
Accepted risks
Implementation gap (CC evaluation scope)
Application gap (operational evaluation scope)
Copyright © 2010 Alcatel-Lucent. All rights reserved.12
Methodology and tools
Copyright © 2010 Alcatel-Lucent. All rights reserved.13
Requirements for Security Assured Operations
Copyright © 2010 Alcatel-Lucent. All rights reserved.14
2. Service infrastructure
1. Service
3. Target of Measurement
Assurance ProfileSAVSAV
M
M
M
M
M
SAVSAV
M
M
M M
M
M
SAV: Security Assurance Views
M M
SAVSAV
M M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM MMM
MMM
MMM
SAV: Security Assurance Views
M M
SAVSAV
M M
MMMM MMM
SAVSAVSAVSAV
MMM MMM
MMM
4. Security Assurance Views
Runs on
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Assurance profile: a commonly agreed requirements
Copyright © 2010 Alcatel-Lucent. All rights reserved.15
Assurance related componentsAssurance related components
Security related ComponentsSecurity related Components
Infrastructure related
Components
Infrastructure related
Components
Services/businessServices/business
Service InfrastructureService Infrastructure
AP_TOM: Target of MeasurementAP_TOM: Target of Measurement
AP_SSO: Service Security ObjectivesAP_SSO: Service Security Objectives
AP_SMO: Object Measurement ObjectivesAP_SMO: Object Measurement Objectives
AP_CCL: Compliance ClaimAP_CCL: Compliance ClaimAP_REF:
Reference
AP_REF:
Reference
AP_SAV: Security Assurance ViewsAP_SAV: Security Assurance Views
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements
AP_OSR: Object Security Requirements
AP_OSR: Object Security Requirements
AP_SPD: Security Problem DefinitionAP_SPD: Security Problem Definition
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M M
M
M
SAV: Security Assurance Views
M M
SAVSAV
M M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM MMM
MMM
MMM
SAV: Security Assurance Views
M M
SAVSAV
M M
MMMM MMM
SAVSAVSAVSAV
MMM MMM
MMM
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Assurance profil content
Copyright © 2010 Alcatel-Lucent. All rights reserved.16
Objectives levelObjectives level
Requirements levelRequirements level
View levelView level
Services/businessServices/business
Service InfrastructureService Infrastructure
AP_TOM: Target of MeasurementAP_TOM: Target of Measurement
AP_SSO: Service Security ObjectivesAP_SSO: Service Security Objectives
AP_SMO: Object Measurement ObjectivesAP_SMO: Object Measurement Objectives
AP_CCL: Compliance ClaimAP_CCL: Compliance ClaimAP_REF:
Reference
AP_REF:
Reference
AP_SAV: Security Assurance ViewsAP_SAV: Security Assurance Views
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements
AP_OSR: Object Security Requirements
AP_OSR: Object Security Requirements
AP_SPD: Security Problem DefinitionAP_SPD: Security Problem Definition
Compliance with an AP
Leveraging expertises in a common formalized format
Copyright © 2010 Alcatel-Lucent. All rights reserved.17
Associated method: From risk assessment to probes deployment
Interpretation function
+
Interpretation function
+
Bases MeasuresBases Measures
Operations on viewsRefinement,
combination
Operations on viewsRefinement,
combination
Services/businessServices/business
AP_SPD:Security Problem Definition
AP_SPD:Security Problem Definition
List of Supporting
Assets Classified by priority order
List of Supporting
Assets Classified by priority order
Identification Of Assets
Identification Of Assets
Supporting Assets
Supporting Assets
Primary
Assets
Primary
Assets
Perimeter and boundaries of the study [27005] 7.3Business or processes activities of the company [27005] 7.3
List of objects with ownership [27005] 8.2.1.2
Location and function of objects [27005] 8.2.1.2
Supporting assets
evaluation
Supporting assets
evaluation
[27005] B.2 Break of activities or services
[27005] B.2 Reputation and financial loss
[27005] B.2 Agreement rupture[27005] B.2 Confidence loss
[AP] applicability criteria
Risks EvaluationRisks EvaluationRisks Level EstimationRisks Level Estimation
List of Threats [27005] 8.2.1.3 List of existing security measures [27005] 8.2.1.4
List of Vulnerabilities [27005] 8.2.1.5
List of consequences [27005] 8.2.1.6
[AP] Applicability criteria
List of
Risks
List of
Risks
Risks ReductionRisks ReductionRisks identificationRisks identification
List of risks selected for risk reduction
List of risks selected
for risk reduction
List of
Risks with a
valued risk level
List of
Risks with a valued risk level
List of Consequences Assessed [27005] 8.2.2.2
Likelihood of Risks Selected [27005] 8.2.2.3
Risk Acceptance Criteria [27005] 7.2
Risk Evaluation Criteria [27005] 7.2
Cost of treatment
[27005)
Selection Selection
[AP] Threshold[AP] Applicability criteria
Other AP inherited risks
Other AP inherited risks
Other AP inherited risks
Other AP inherited risks
inheritanceinheritance
AP_CCL:
Compliance Claim
AP_CCL:
Compliance Claim
Identification of standards/Regulation/PoliciesIdentification of standards/Regulation/Policies
List of
MeasurementObjectives from AP_CCL
List of
MeasurementObjectives
from AP_CCL
Formalization & Refinement
Formalization & Refinement
List of Security
Objectives
from risks reduction
List of Security Objectives
from risks reduction
AP_OSR:
Object Security Requirements
AP_OSR:
Object Security Requirements
AP_SAV:
Security Assurance Views
AP_SAV:
Security Assurance Views
List of security objectives and
best practices
from AP_CCL
List of security objectives and
best practicesfrom AP_CCL
Separation Separation
List of Views and
objectives
List of Views and
objectives
Add Define SAVObject
Add Define SAVObject
AP_OMR:
Object Measurement Requirements
AP_OMR:
Object Measurement
Requirements
Binding / coherence checkingBinding / coherence checking
List of
MeasurementObjectives
from AP_OSR
List of
MeasurementObjectives
from AP_OSR
Identification of measurement objectives
Identification of measurement objectives
Measurement taxonomy
[AP] [Standards]
AP_SSO: Service Security Objectives
AP_SSO: Service Security Objectives
Binding / coherence checkingBinding / coherence checkingList of incoherence and remediation
List of incoherence and remediation
List of incoherence's and remediation
List of incoherence's and remediation
formalizationformalization
All requirement are expressed using Measurement taxonomy as a simple binary question:Is [taxonomy domain] of [Security countermeasures] on [TOM-object] is (running) as expected ?
Taxonomy domain = static-configuration, dynamic configuration, etc…(WP2 taxonomy)
Part 1 SFR[ISO15408][ISO27002-ISO27011]
[others standards to identity]
[AP] View(s) definition
AP_TOM:Target of Measurement
AP_TOM:Target of Measurement
inheritanceinheritance
Business
model(s)
Business
model(s)
Other AP inherited risks
Other AP inherited risks
Identify view(s)Identify view(s) ExtractionExtraction
List of identified security
countermeasures
List of identified security
countermeasures
List of existing security counter measures [27005] 8.2.1.4
List of
Risks classified by priority order
List of
Risks classified by priority order
List of existing security counter measures [27005] 8.2.1.4With new identified for risk reduction
1
2
3’
5
6
3
List of standards/
regulations/Policies/
Best practises
List of standards/
regulations/Policies/
Best practises
4’
AP_SMO: Object Measurement objectives
AP_SMO: Object Measurement objectives 4
associateassociate List of Metrics
List of Metrics
Aggregation function +
Derives Mesures
Aggregation function +
Derives Mesures
Specify MetricSpecify Metric
IOMInfrastructure of
Masure
IOMInfrastructure of
MasureDerived MeasuresDerived Measures
deployed
Security Assurance Views
deployed
Security Assurance ViewsList of probesList of probes
List of deployed
security countermeasures
List of deployed
security
countermeasures
Deployed Target of Measurement
Deployed Target of Measurement
associateassociate
Security Realizations
Security
Realizations
associateassociate
List of Selected supporting Assets
List of Selected supporting Assets
associateassociate Addition of infrastructure element for
measuring
Addition of infrastructure element for
measuring
Construct view(s)Construct view(s)
Copyright © 2010 Alcatel-Lucent. All rights reserved.18
Defining Assurance profile
Copyright © 2010 Alcatel-Lucent. All rights reserved.19
Identifying supporting assets: AP first target
Services/businessServices/business
List of Supporting Assets
Classified by priority order
List of Supporting
Assets
Classified by priority order
Identification
Of Assets
Identification
Of Assets
Supporting Assets
Supporting Assets
Primary Assets
Primary Assets
Perimeter and boundaries of the study [27005] 7.3
Business or processes activities of the company [27005] 7.3
List of objects with ownership [27005] 8.2.1.2Location and function of objects [27005] 8.2.1.2
Supporting assetsevaluation
Supporting assetsevaluation
[27005] B.2 Break of activities or services[27005] B.2 Reputation and financial loss
[27005] B.2 Agreement rupture
[27005] B.2 Confidence loss
[AP] applicability criteria
Selection Selection
[AP] Threshold
[AP] Applicability criteria
inheritanceinheritanceOther AP
inherited risks
Other AP inherited risks List of Selected supporting
Assets
List of Selected supporting Assets
Services/businessServices/business
List of Supporting Assets
Classified by priority order
List of Supporting
Assets
Classified by priority order
Identification
Of Assets
Identification
Of Assets
Supporting Assets
Supporting Assets
Primary Assets
Primary Assets
Perimeter and boundaries of the study [27005] 7.3
Business or processes activities of the company [27005] 7.3
List of objects with ownership [27005] 8.2.1.2Location and function of objects [27005] 8.2.1.2
Supporting assetsevaluation
Supporting assetsevaluation
[27005] B.2 Break of activities or services[27005] B.2 Reputation and financial loss
[27005] B.2 Agreement rupture
[27005] B.2 Confidence loss
[AP] applicability criteria
Selection Selection
[AP] Threshold
[AP] Applicability criteria
inheritanceinheritanceOther AP
inherited risks
Other AP inherited risks List of Selected supporting
Assets
List of Selected supporting Assets
Copyright © 2010 Alcatel-Lucent. All rights reserved.20
Step 1: identifying Security Problem
AP_SPD:
Security Problem Definition
AP_SPD:
Security Problem Definition
Risks EvaluationRisks EvaluationRisks Level EstimationRisks Level Estimation
List of Threats [27005] 8.2.1.3
List of existing security measures [27005] 8.2.1.4
List of Vulnerabilities [27005] 8.2.1.5List of consequences [27005] 8.2.1.6
[AP] Applicability criteria
List of Risks
List of
Risks
Risks ReductionRisks ReductionRisks identificationRisks identification
List of risks selected
for risk reduction
List of risks selected
for risk reduction
List of Risks with a
valued risk level
List of
Risks with a
valued risk level
List of Consequences Assessed [27005] 8.2.2.2
Likelihood of Risks Selected [27005] 8.2.2.3
Risk Acceptance Criteria [27005] 7.2
Risk Evaluation Criteria [27005] 7.2
Cost of treatment
[27005)
Other AP
inherited risks
Other AP
inherited risks Other AP
inherited risks
Other AP
inherited risks
inheritanceinheritance
List of Security Objectives from risks
reduction
List of Security Objectives from risks
reduction
Business
model(s)
Business
model(s)
List of identified security
countermeasures
List of identified security
countermeasures
List of Risks classified
by priority order
List of Risks classified
by priority order
List of existing security counter measures [27005] 8.2.1.4
With new identified for risk reduction
1
Copyright © 2010 Alcatel-Lucent. All rights reserved.21
Step 3: From Compliance to security requirements
AP_CCL:Compliance Claim
AP_CCL:Compliance Claim
List of
MeasurementObjectives from AP_CCL
List of
Measurement
Objectives from AP_CCL
Formalization & Refinement
Formalization & Refinement
List of Security
Objectives
from risks reduction
List of Security Objectives
from risks
reduction
AP_OSR: Object Security Requirements
AP_OSR:
Object Security Requirements
List of security objectives and
best practices
from AP_CCL
List of security objectives and
best practicesfrom AP_CCL
Separation Separation
AP_SSO: Service Security Objectives
AP_SSO: Service Security Objectives
Binding / coherence checkingBinding / coherence checkingList of incoherence and remediation
List of incoherence and remediation
Part 1 SFR[ISO15408]
[ISO27002-ISO27011][others standards to identity]
List of identified security
countermeasures
List of identified security
countermeasures
List of existing security counter measures [27005] 8.2.1.4
With new identified for risk reduction
2
3’
3
List of standards/
regulations/Policies/
Best practises
List of standards/
regulations/
Policies/Best practises
Copyright © 2010 Alcatel-Lucent. All rights reserved.22
Step 4: Deriving Object Measurement Requirements
List of
MeasurementObjectives from AP_CCL
List of
MeasurementObjectives from AP_CCL
AP_OSR: Object Security Requirements
AP_OSR: Object Security Requirements
AP_OMR:
Object Measurement Requirements
AP_OMR: Object Measurement
Requirements
Binding / coherence checkingBinding / coherence checking
List of
MeasurementObjectives
from AP_OSR
List of
MeasurementObjectives
from AP_OSR
Identification of measurement objectives
Identification of measurement objectives
Measurement taxonomy
[AP] [Standards]
List of incoherence's and remediation
List of incoherence's
and remediation
formalizationformalization
All requirement are expressed using Measurement taxonomy as a simple binary question:
Is [taxonomy domain] of [Security countermeasures] on [TOM-object] is (running) as expected ?Taxonomy domain = static-configuration, dynamic configuration, etc…(WP2 taxonomy)
3’
4’
AP_SMO: Object Measurement objectives
AP_SMO: Object Measurement objectives 4
Copyright © 2010 Alcatel-Lucent. All rights reserved.23
Step 5: Defining Target of Measurement and assurance views
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements
AP_TOM:Target of Measurement
AP_TOM:Target of Measurement
ExtractionExtraction
List of existing security counter measures [27005] 8.2.1.4
5 4’
List of Selected supporting
Assets
List of Selected supporting
Assets
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements
AP_TOM:Target of Measurement
AP_TOM:Target of Measurement
ExtractionExtraction
List of existing security counter measures [27005] 8.2.1.4
5 4’
List of Selected supporting
Assets
List of Selected supporting
Assets
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements4’
AP_SAV: Security Assurance Views
AP_SAV: Security Assurance Views
List of
Views and objectives
List of
Views and
objectives
Add Define
SAVObject
Add Define
SAVObject
[AP] View(s) definition
Identify view(s)Identify view(s)
6
associateassociate List of
Metrics
List of
MetricsConstruct view(s)Construct view(s)
Copyright © 2010 Alcatel-Lucent. All rights reserved.24
Assurance profile in operations
Copyright © 2010 Alcatel-Lucent. All rights reserved.25
Service infrastructure
Assurance Profilefor this service
EvaluationAggregationMeasuringMetric
selection
Service
modellingPresentation
operational stepspreperatory steps
continous
Learning process
(TOM + SAVs)
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Copyright © 2010 Alcatel-Lucent. All rights reserved.26
Applicability Requirementssatisfied ?
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Specific service deployment
YES
M M
M
M
Use AP to deploy assurance program
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
AP compliance(Objective level,Requirements level
Views level)
NO Use AP as support tool only but No compliance can be claimed
ContractSLAsCertificationAccreditation
APPLICABILIY and COMPLIANCE
Copyright © 2010 Alcatel-Lucent. All rights reserved.27
Metric Construction Metric Construction
ContributionCombinationRefinement
Instantiation
Operations on Views Operations on Views
Instantiation
Deployed Security Assurance ViewsDeployed Security Assurance Views
Services/businessServices/business
Service InfrastructureService Infrastructure
AP_TOM: Target of MeasurementAP_TOM: Target of Measurement
AP_SSO: Service Security ObjectivesAP_SSO: Service Security Objectives
AP_SMO: Object Measurement ObjectivesAP_SMO: Object Measurement Objectives
AP_CCL: Compliance ClaimAP_CCL: Compliance ClaimAP_REF:
Reference
AP_REF:
Reference
AP_SAV: Security Assurance ViewsAP_SAV: Security Assurance Views
AP_OMR: Object Measurement
Requirements
AP_OMR: Object Measurement
Requirements
AP_OSR: Object Security Requirements
AP_OSR: Object Security Requirements
AP_SPD: Security Problem DefinitionAP_SPD: Security Problem Definition
Deriving assurance profiles into models and metrics
Service infrastructure
Assurance Profilefor this service
(TOM + SAVs)
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Service infrastructure
Assurance Profilefor this service
(TOM + SAVs)
SAVSAV
M
M
M
M
M
SAVSAV
M
M
M
M
M
M
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
SAVSAV
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
SAVSAV
M
M
M
M
M
M
SAVSAVSAVSAV
MMM
MMM
MMM
MMM
MMM
MMM
SAV: Security Assurance Views
M
M
SAVSAV
M
M
M
MMM
MMM
SAVSAVSAVSAV
MMM
MMM
MMM
AP
Target Of Measurement
Critical Infrastructure Objects
Copyright © 2010 Alcatel-Lucent. All rights reserved.28
TOMSAVSAV
M
M
M
M
SAVObject without metric
M
SAVObject with metric
AP_SAV
SAV instanciation
Object Measurement Requirements:
Object Measurement Requirements:
Object Measurement Requirements:
AP_OMR
Object Measurement Requirements:
Object Measurement Requirements:
Object Measurement Requirements:
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
AP Security Assurance view Operational environment
probes
probes
probes
probes
probes
probes
Measurement FrameworkOperations on views
Instantiation of deployed views and binding to measurement framework
TOMSAVSAVSAVSAV
MMM
MMM
MMM
MMM
SAVObject without metric
MMM
SAVObject with metric
AP_SAV
SAV instanciation
Object Measurement Requirements:
Object Measurement Requirements:
Object Measurement Requirements:
AP_OMR
Object Measurement Requirements:
Object Measurement Requirements:
Object Measurement Requirements:
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
Derived Measures
AP Security Assurance view Operational environment
probes
probes
probes
probes
probes
probes
Measurement FrameworkOperations on views
Instantiation of deployed views and binding to measurement framework
Binding profiles with
infrastructures
Copyright © 2010 Alcatel-Lucent. All rights reserved.29
Conclusion
Copyright © 2010 Alcatel-Lucent. All rights reserved.30
Operational security assurance
• Both from service providers and end user privacy, security
assurance can lead to trust as it
– Requires formalized expression of security requirement
– Requires formalized expression of security verification
– Helps different entities of large organizations to communicate
– Allow confidence in deployed security without having details of
mechanisms deployed
• Privacy aspects (guaranties of protection without revealing information)
• Service level agreement based contracts
– Allows best practices approach to extent to more formalized,
comprehensive and coherent approach to security
• From risk management to trust management