Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated...

78
Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein Stanford University / LSV, Ens-Cachan Inscrypt 2009 Elie Bursztein Using Strategy Objectives for Network Security Analysis 1 / 48

Transcript of Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated...

Page 1: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Using Strategy Objectives for NetworkSecurity Analysis

Elie Bursztein

Stanford University / LSV, Ens-Cachan

Inscrypt 2009

Elie Bursztein Using Strategy Objectives for Network Security Analysis 1 / 48

Page 2: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Introduction

Work purposeAnalyzing and anticipating computer networks attacks.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 2 / 48

Page 3: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Network complexity: The Pentagon Case

Huge network

I 15 000 LAN NetworksI 7 000 000 Computers

Huge Security problems

I Flash Drive banned dueto a virus spread (Nov2008).

I 1500 computers taken(Jun 2007)

Elie Bursztein Using Strategy Objectives for Network Security Analysis 3 / 48

Page 4: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attack Complexity

Elie Bursztein Using Strategy Objectives for Network Security Analysis 4 / 48

Page 5: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Some Epic Failures

I 2004 Bouygues Telecom: 2 servers downs→ 3 200 000cellphones down

I 2005 Japan Mitsubishi: 1 computer infected→ 40 MB ofconfidential reports leaked on a P2P network

I 2007 Apple: 1 computer in the production line infected→150 000 ipods infected by the trojan RavMonE.exe

Elie Bursztein Using Strategy Objectives for Network Security Analysis 5 / 48

Page 6: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Outline

Network SecurityAttacks

Game

Strategy

Automated Analysis

Conclusion

Elie Bursztein Using Strategy Objectives for Network Security Analysis 6 / 48

Page 7: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Vulnerabilities

I A vulnerability is a software bug that can be exploited byattacker to gain privilege.

I An exploit is the piece of software that takes advantage ofa software bug.

I A 0day exploit is an exploit for an undisclosed vulnerability.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 7 / 48

Page 8: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Vulnerabilities as Step stones

I Large networks maysuffer multiplevulnerabilities

I Patches andcounter-measures needto be prioritized

I A minor vulnerability canturn into a major holewhen used as astep-stone

Elie Bursztein Using Strategy Objectives for Network Security Analysis 8 / 48

Page 9: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Illustration of a Complex attack

Exploit a bug in Firefox

Install a trojan Stealth the web server password

Upload a rogue page Stealth all user password

Elie Bursztein Using Strategy Objectives for Network Security Analysis 9 / 48

Page 10: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

The Need for Automation

Attack analysis can’t be done by hand: network and attack arejust too complex and big for that.

We need models and tools for this !

Elie Bursztein Using Strategy Objectives for Network Security Analysis 10 / 48

Page 11: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Attack Graph Frameworks

I 1998: Use of model-checking for host security [RS98]I 2000: Use of model-cheking for network [RA00]I 2004: First complete framework that constructs the attack

scenario [SW04]I 2005: Mulval [Ou05] a framework based on Datalog.I 2006: NetSpa [ALI06] a framework that scale up to 50 000

nodes.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 11 / 48

Page 12: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Time is the Essence

Network security is a race between Intruder and Administrator.

Windows of vulnerability

ExploitReleased

PatchReleased

Windows ofVulnerability

Time

Elie Bursztein Using Strategy Objectives for Network Security Analysis 12 / 48

Page 13: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

The Need for Time

Without time meaningless actions are allowed in the model.

I Administrator can patch 1000 services instantly.I Intruder can compromise 1000 services before the

administrator have a chance to react.

Without time concurrent actions can’t be modeled.Ex: Administrator may patch a service while Intruder tries toexploit it.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 13 / 48

Page 14: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Time and Game

ModelTimed automaton game [AFHMS].

PropertyProperty can be written in Timed Alternating-Time TemporalLogic [AHK06].

Elie Bursztein Using Strategy Objectives for Network Security Analysis 14 / 48

Page 15: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Attacks

Collateral Effects

DNS

Internet

WebEmail

DDOS Attack

Dommage collatéral

Dommage collatéral

Elie Bursztein Using Strategy Objectives for Network Security Analysis 15 / 48

Page 16: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Outline

Network Security

GameStructureRules

Strategy

Automated Analysis

Conclusion

Elie Bursztein Using Strategy Objectives for Network Security Analysis 16 / 48

Page 17: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Dual layer structure

The Upper-layer is the timed automaton game, the Lower-layerrepresents the network state.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

Page 18: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Dual layer structure

The Upper-layer is the timed automaton game, the Lower-layerrepresents the network state.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 17 / 48

Page 19: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Lower-layer: the network state

The lower layer is composed ofI The dependency graphI A set of states (atomic proposition)

Elie Bursztein Using Strategy Objectives for Network Security Analysis 18 / 48

Page 20: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Web Service Receipt

To build a web service you need:

I A HTTP frontend to serve the data

I A SQL backend to store the dataI A way to administrate the service

Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

Page 21: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Web Service Receipt

To build a web service you need:

I A HTTP frontend to serve the dataI A SQL backend to store the data

I A way to administrate the service

Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

Page 22: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Web Service Receipt

To build a web service you need:

I A HTTP frontend to serve the dataI A SQL backend to store the dataI A way to administrate the service

Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

Page 23: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Web Service Receipt

To build a web service you need:

I A HTTP frontend to serve the dataI A SQL backend to store the dataI A way to administrate the service

Elie Bursztein Using Strategy Objectives for Network Security Analysis 19 / 48

Page 24: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

The Dependency graph

SQL SSH

HTTP HTTP2

Elie Bursztein Using Strategy Objectives for Network Security Analysis 20 / 48

Page 25: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Set of States

SSH SQL HTTP1 HTTP2Vulnerable > ⊥ ⊥ ⊥

Compromised ⊥ ⊥ ⊥ ⊥

Elie Bursztein Using Strategy Objectives for Network Security Analysis 21 / 48

Page 26: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.

I ∆: Time required tocomplete the action.

I p: The player thatexecutes the rule.

I a: Rule name.I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 27: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.

I p: The player thatexecutes the rule.

I a: Rule name.I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 28: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.I p: The player that

executes the rule.

I a: Rule name.I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 29: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.I p: The player that

executes the rule.I a: Rule name.

I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 30: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.I p: The player that

executes the rule.I a: Rule name.I c: Rule cost.

I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 31: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.I p: The player that

executes the rule.I a: Rule name.I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 32: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Syntax

Rule syntax:

Γ : Pre ϕpre−→ ∆,p,a, cEffect ϕeff

I ϕpre: Preconditions.I ∆: Time required to

complete the action.I p: The player that

executes the rule.I a: Rule name.I c: Rule cost.I ϕeff : Effects.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 22 / 48

Page 33: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rules Syntax

F ::= A atomic propositions, in A| > true| ¬F negation| F ∧ F conjunction| 3F

Elie Bursztein Using Strategy Objectives for Network Security Analysis 23 / 48

Page 34: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

3 Semantics

3Vulnerable: One of the successors is vulnerable.

N1 N2

Elie Bursztein Using Strategy Objectives for Network Security Analysis 24 / 48

Page 35: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Rule Example

Γ : Pre Vulnerable−→ 4, A, Patch, 500Effect ¬Vulnerable ∧ ¬Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 25 / 48

Page 36: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

The Element of Surprise

if the opponent alters the service state during the player ruleexecution then the player is taken by suprise!

Block service 1

Time

Attack service 1

Administator

Intruder

Elie Bursztein Using Strategy Objectives for Network Security Analysis 26 / 48

Page 37: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

StructureRules

Decidability

Decidability

Model-checking TATL over anticipation games isEXPTIME-Complete [BGL,ASIA’07].

Elie Bursztein Using Strategy Objectives for Network Security Analysis 27 / 48

Page 38: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Outline

Network Security

Game

StrategyWhat is a strategy ?Using strategyPlay Example

Automated Analysis

ConclusionElie Bursztein Using Strategy Objectives for Network Security Analysis 28 / 48

Page 39: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

From counter-example to strategy

I An attack is a counter-example.

I Typically you end-up with many counter-examples.

The problemWhich counter-example should the administrator look at first ?

I Which attack is the most devastating ?I What service to patch first ?

Elie Bursztein Using Strategy Objectives for Network Security Analysis 29 / 48

Page 40: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

From counter-example to strategy

I An attack is a counter-example.I Typically you end-up with many counter-examples.

The problemWhich counter-example should the administrator look at first ?

I Which attack is the most devastating ?I What service to patch first ?

Elie Bursztein Using Strategy Objectives for Network Security Analysis 29 / 48

Page 41: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

From counter-example to strategy

I An attack is a counter-example.I Typically you end-up with many counter-examples.

The problemWhich counter-example should the administrator look at first ?

I Which attack is the most devastating ?I What service to patch first ?

Elie Bursztein Using Strategy Objectives for Network Security Analysis 29 / 48

Page 42: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

From counter-example to strategy

I An attack is a counter-example.I Typically you end-up with many counter-examples.

The problemWhich counter-example should the administrator look at first ?

I Which attack is the most devastating ?I What service to patch first ?

Elie Bursztein Using Strategy Objectives for Network Security Analysis 29 / 48

Page 43: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Costs and Rewards

To find the most meaningful counter-example we need someadditional informations.

I Cost: Each action has a cost.I Reward: Each network asset has a value.

O ::= O Objective ∈ φ| O ∧ O| MAX (O) maximize the value| MIN(O) minimize the value| O < x x ∈ N| O > x x ∈ N

Elie Bursztein Using Strategy Objectives for Network Security Analysis 30 / 48

Page 44: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Costs and Rewards

To find the most meaningful counter-example we need someadditional informations.

I Cost: Each action has a cost.

I Reward: Each network asset has a value.

O ::= O Objective ∈ φ| O ∧ O| MAX (O) maximize the value| MIN(O) minimize the value| O < x x ∈ N| O > x x ∈ N

Elie Bursztein Using Strategy Objectives for Network Security Analysis 30 / 48

Page 45: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Costs and Rewards

To find the most meaningful counter-example we need someadditional informations.

I Cost: Each action has a cost.I Reward: Each network asset has a value.

O ::= O Objective ∈ φ| O ∧ O| MAX (O) maximize the value| MIN(O) minimize the value| O < x x ∈ N| O > x x ∈ N

Elie Bursztein Using Strategy Objectives for Network Security Analysis 30 / 48

Page 46: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Costs and Rewards

To find the most meaningful counter-example we need someadditional informations.

I Cost: Each action has a cost.I Reward: Each network asset has a value.

O ::= O Objective ∈ φ| O ∧ O| MAX (O) maximize the value| MIN(O) minimize the value| O < x x ∈ N| O > x x ∈ N

Elie Bursztein Using Strategy Objectives for Network Security Analysis 30 / 48

Page 47: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Relation between Cost and Time

AssumptionThe faster an action is, the more costly it is.Real world examples of this assumption:

I Exploit: 0day versus Public exploit.I Response team: 24/24h versus 8h /day

Elie Bursztein Using Strategy Objectives for Network Security Analysis 31 / 48

Page 48: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Definition

Strategy objectives are a tuple:

S = (Na,Pl ,Ob,Or ,Co)

I Na: Strategy nameI Pl : The playerI Ob: Numerical objectivesI Or : Strict preference orderI Co: Constraints.

ExampleS = (Patch,A,Min(Cost) ∧Max(OCost),OCost > Cost ,�¬Compromised)

Elie Bursztein Using Strategy Objectives for Network Security Analysis 32 / 48

Page 49: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Computing Assets value

I Using the same value for each asset.I Assigning value by hand.I Computing automatically the value with a ranking algorithm

[EB,INSCRYPT’08].

Elie Bursztein Using Strategy Objectives for Network Security Analysis 33 / 48

Page 50: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Which Objectives to choose ?

I Minimizing cost (patch)I Maximizing reward (attack)

Wrong answer !Player performs the best when his opponent makes mistakes.Game theory classical optimal criterion such as Nashequilibrium and Pareto optimality are not applicable.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 34 / 48

Page 51: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Which Objectives to choose ?

I Minimizing cost (patch)I Maximizing reward (attack)

Wrong answer !Player performs the best when his opponent makes mistakes.Game theory classical optimal criterion such as Nashequilibrium and Pareto optimality are not applicable.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 34 / 48

Page 52: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Dominant Strategy

The notion of dominant strategy was informally introduced inbiology [H67] in 1967.

(Strictly) Dominant StrategyThe (strictly) dominant strategy is the player strategy that beatsthe maximum number of (every) opponent strategies.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 35 / 48

Page 53: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

The Lower Layer

SQL SSH

HTTP HTTP2

SSH SQL HTTP1 HTTP2Vulnerable > ⊥ ⊥ ⊥

Compromised ⊥ ⊥ ⊥ ⊥

Elie Bursztein Using Strategy Objectives for Network Security Analysis 36 / 48

Page 54: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

The Lower Layer

SQL SSH

HTTP HTTP2

SSH SQL HTTP1 HTTP2Value 1 100 10 10

Elie Bursztein Using Strategy Objectives for Network Security Analysis 36 / 48

Page 55: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Intruder Rules

Γ : Pre Vulnerable ∧ ¬Compromise−→ 2, I, Exploit 0day, 20000Effect Compromise

Γ : Pre Vulnerable ∧ ¬Compromise−→ 10, I, Exploit Public, 500Effect Compromise

Γ : Pre ¬Compromise ∧3Compromised−→ 1, I, Propagation, 5000Effect Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 37 / 48

Page 56: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Intruder Rules

Γ : Pre Vulnerable ∧ ¬Compromise−→ 2, I, Exploit 0day, 20000Effect Compromise

Γ : Pre Vulnerable ∧ ¬Compromise−→ 10, I, Exploit Public, 500Effect Compromise

Γ : Pre ¬Compromise ∧3Compromised−→ 1, I, Propagation, 5000Effect Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 37 / 48

Page 57: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Intruder Rules

Γ : Pre Vulnerable ∧ ¬Compromise−→ 2, I, Exploit 0day, 20000Effect Compromise

Γ : Pre Vulnerable ∧ ¬Compromise−→ 10, I, Exploit Public, 500Effect Compromise

Γ : Pre ¬Compromise ∧3Compromised−→ 1, I, Propagation, 5000Effect Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 37 / 48

Page 58: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Intruder Rules

Γ : Pre Vulnerable ∧ ¬Compromise−→ 2, I, Exploit 0day, 20000Effect Compromise

Γ : Pre Vulnerable ∧ ¬Compromise−→ 10, I, Exploit Public, 500Effect Compromise

Γ : Pre ¬Compromise ∧3Compromised−→ 1, I, Propagation, 5000Effect Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 37 / 48

Page 59: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Administrator Rules

Γ : Pre Vulnerable−→ 4, A, Patch, 500Effect ¬Vulnerable ∧ ¬Compromise

Elie Bursztein Using Strategy Objectives for Network Security Analysis 38 / 48

Page 60: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Strategy

S = (Attack, I,MAX (Reward) ∧Max(OCost),OCost >Reward ,�Compromised)

Elie Bursztein Using Strategy Objectives for Network Security Analysis 39 / 48

Page 61: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 62: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff Cost0 A choose Patch SSH ⊥ - -0 I choose Exp 0 Day SSH ⊥ - -

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 63: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSH

SQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

2 I execute Exp 0 Day SSH ⊥ 1 20000

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 64: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSH

SQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

2 I choose propagation SQL SSH - -

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 65: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

3 I execute propagation SQL SSH 101 25000

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 66: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

3 I choose propagation HTTP1 SQL - -

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 67: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

4 I execute propagation HTTP1 SQL 111 30000

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 68: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSHSQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA In Progress Patch SSH ⊥ - -

4 I choose propagation HTTP2 SQL - -

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 69: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSH

SQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff Cost4 A execute Patch SSH SQL 1 500

I InProgress propagation HTTP2 SQL - -

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 70: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

SQL SSH

HTTP HTTP2

SSH

SQL

HTTP

SSH

HTTP2

T P Action Rule Target Succ Payoff CostA ⊥ 1 500

5 I execute propagation HTTP2 SQL 121 35000

Elie Bursztein Using Strategy Objectives for Network Security Analysis 40 / 48

Page 71: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

What is a strategy ?Using strategyPlay Example

Extending the model

We extended the anticipation game framework [EB,FAST’08] inorder to model

I Multiples network cooperationI Cost over the time (penalty)I Timeline of events

Elie Bursztein Using Strategy Objectives for Network Security Analysis 41 / 48

Page 72: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Outline

Network Security

Game

Strategy

Automated Analysis

Conclusion

Elie Bursztein Using Strategy Objectives for Network Security Analysis 42 / 48

Page 73: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

The Tool

We create an implementation in C (≈ 6500 lines) of theanticipation game framework called NetQi [EB,ATVA’08].

Elie Bursztein Using Strategy Objectives for Network Security Analysis 43 / 48

Page 74: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

HomePage

Elie Bursztein Using Strategy Objectives for Network Security Analysis 44 / 48

Page 75: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Case study

Nb Nodes Nb Dep Strategy type Time5200 27000 Defense Exact 2.4 sec5200 27000 Intrusion Approximate 55 sec

Elie Bursztein Using Strategy Objectives for Network Security Analysis 45 / 48

Page 76: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Outline

Network Security

Game

Strategy

Automated Analysis

Conclusion

Elie Bursztein Using Strategy Objectives for Network Security Analysis 46 / 48

Page 77: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Conclusion

In this work we have

I Developed the notion of strategyI Show how strategy allow to select the most interesting playI Implemented the model in order to show the effectiveness

of the approach.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 47 / 48

Page 78: Using Strategy Objectives for Network Security …...Network Security Game Strategy Automated Analysis Conclusion Using Strategy Objectives for Network Security Analysis Elie Bursztein

Network SecurityGame

StrategyAutomated Analysis

Conclusion

Perspective

I Finding network key services.I Using dynamic costs and rewards.I Modeling various classes of attackers.

Elie Bursztein Using Strategy Objectives for Network Security Analysis 48 / 48