Santiago Núñez Corrales
Director of Digital Technology
Ministry of Science and Technology
Coordinator of the e-Science Research Program
Costa Rica Institute of Technology
Cybersecurity Threat Analysis: Status and Advanced Tools
Was aber ist deine Pflicht? Die Forderung des Tages.
What is my task? What the day demands.
Wolfgang von Goethe
Cybersecurity: the philosophical problem
• Deep inside cybersecurity, there is a fundamental fact of computing that prevents perfect incident detection
• No computer program can, in principle, acquire absolute knowledge of what other program will do with certainty
• Our strategies for combating cybercrime are based on its phenomenology
• It is a pattern-based discipline
Kurt Gödel (1931) showed that systems based on rules are limited in the extent to which they can analyze themselves.
Allan Turing, by constructing the basic model of a computer found that part of the latter limitation prevents programs to calculate many important properties of other programs.
Cybersecurity depends therefore heavily upon prompt detection and artifact inspection procedures.
Cybersecurity: the historical problem
• Market forces computing technology to advance at ever-increasing rates
• Software/hardware safety and security can be embedded in the design
• The development pace and complexity of computing system leave gaps that evolve to become vulnerabilities
• We use multi-level systems that resemble a technological swiss cheese
In hardware, processor families allow software to be compatible between different microprocessor versions. It also allows small design flaws to be inherited.
Thus, source code development has become afflicted by hardware design problems. But software remains as the largest source of vulnerabilities, precisely due to market dynamics and the complexity involved in its design and development.
Cyberthreats can occur at any level of the technology ladder, and close relations to industry are essential.
Cybersecurity: the network problem
• Malware propagation tactics rely heavily on the properties of data networks
• The Internet is a distributed mechanism, where data is routed across the globe using many possible paths
• Malware analysis is constantly pushed to the limit when faced with local information related to an incident as malware complexity increases
Remote control mechanisms, data encryption and mutant code allow malware to diversify and evolve in the types of actions and range of threats it poses.
Cybersecurity depends on the distributed nature of the Internet as well as on a responsible digital culture from the user's side. The weakest link in the information security chain is the user.
Programs for Digital Literacy must include training information about digital rights and duties of citizens.
A change of perspective: from computing to biology
• Malware is becoming more intelligent, harder to trace
• Virus design now is performed by emulating the selection, variation and mutation principles of natural evolution
• Phylogeny becomes a meaningful concept
• Coordination protocols between malware artifacts also exploit information theoretical limits to provide resilience
A change of perspective: from computing to biology
Biology Computing
DNA sequences Bit sequences
Chemical signaling Data signaling
Natural selection Artificial selection
DNA recombination Binary reorganization
Many infected cells Many infected files
Hypermutation Random bit flipping
Non-coding regions Dummy machine code
A change of perspective: from computing to biology
• The latest approaches in cybercrime analysis resemble closely research in systems biology
• Many of the tools already exist and can be readily applied– Data
mining and pattern matching
– Supercomputing
– Advanced visualization
– Virtual environments and simulation
ARTCA
• An OAS-sponsored collaborative research network• Involves many significant collaborators• Hemispheric collaboration as key activity for the
Americas• The goal: joint research proposals involving multiple
international partners and top-level collaborators
Conclusions
• The technological landscape of cybersecurity changes constantly
• Many of the scientific tools required to analyze biological systems apply to cybercrime issues
• CoE and OAS provide a solid cooperation platform, including the possibility to develop regional projects
• Central America is in a great positio n to develop research in information security using the latest technological tools
Top Related