Doctor of Technology Thesis A Generic Security Evaluation Method for Open Distributed Systems. By Ann Frisinger (KTH-Royal Institute of Technology) March 2001.

1
Doctor of Technology ThesisA Generic Security
Evaluation Method for Open Distributed
Systems.By Ann Frisinger(KTH-Royal Institute
of Technology) March 2001.
2
Plan of my presentation

• Structure
• Thesis overviewchapter by chapter.
• The research problem.
• Thesis objective
• Method used.
• Discussion of issues related to course literature.

3
Introduction

• The Thesis has the following
• 10 pages Abstract (1 page)
• Acknowledgement (1 page),
• Table of contents (5 pages)
• List of figures (1 page)
• List of tables (2 pages).
• 150 pages Four parts (I IV)
• Part I - What to do and How (47 pages)
• part II - Action Research Define method,
  perform NED evaluations
• (78 pages)
• Part III- Action Research Bridge solution to
  other sectors (36 pages)
• Part IV- Reflect and Conclude (5 pages).

4
Introduction cont

• 7 pages Bibliography and References.
• 112 pages Appendices .
• The Thesis has 274 pages in total, out of which
  112 have
• been used up by the appendices.
• It contains a total of
• 40 figures, which have been used for elaboration
  of various aspects.
• 89 tables (word tables) used for communicating
  evidence visually.
• 112 different references for citing.

5
Thesis overview chapter by chapter

• Part I What to do and How
• In chapter 1 she introduced the work performed in
  this thesis.
• Chapter 2 describes in more details the research
  method and theoretical foundations.The research
  method was developed based on studies of
  paradigms and structures, approaches and
  methodologies, theories and tools for information
  systems and IT security.The objective of the
  thesis was achieved by executing the research
  method and thus performing various stages and
  steps.

6
Thesis overview chapter by chapter, cont.

• Part I What to do and How
• Forming a secure IT system is not a one-time
  event, neither is it possible to find a black
  box of IT technology that solves all problems.
  IT security must be achieved by executing a
  continuous security management process.This
  process is addressed in chapter 3.
• She set a the scenery for security evaluations
  and risk analysis to see where it fits into the
  security management process and show why it is
  important.
• She presented causes for incidents, both
  intentional as well as accidental.Those are the
  incidents that may occur in any information
  system however, many are even more likely to
  happen in an Open Distributed emergent
  environment.

7
Part I What to do and How cont

• In chapter 4 they reviewed work related to
  security evaluation
• methods.The aim of the chapter was to find what
  are the
• existing approaches.
• What are the challenges in this field,
• What are the shortcomings of the existing
  approaches,or what can be reused from them, are
  there any frameworks or methods that wholly or
  partly help us to reach the thesis objective.?
• They found that no existing approach could fully
  help them to reach their objective hence a new
  approach/method had to be developed and the
  requirements for which are partly covered in this
  chapter.

8
Part II-Action research define method,perform
NED evaluations

• Chapter 5 summarizes the work performed in stage
  1 of this thesis work FRI98, i.e. describes
  the initial security evaluation method, shows how
  it was used to perform a security evaluation of
  system NED, and present the results thereof. This
  relates to steps 1.3-1.6 in the research method.
• Chapter 6 presents an approach to standardize the
  security analysis method it analyses and refines
  the method presented in stage 1. This relates to
  step 2.2 in the research method.
• Chapter 7 presents how users security
  requirements were collected, analyzed,
  prioritized and finally summarizes the result of
  that study.The outcome was a component that they
  used when estimating costs in reevaluation of
  NED. This relates to step 2.3 in the research
  method.

9
ContPart II-Action research define
method,perform NED evaluations

• Chapter 8 shows how new NED incident records
  were collected and presents the results from the
  data collection. The result from the incident
  records collection was used in the reevaluation
  of reference system NED. This relates to step 2.4
  in the research method.
• In chapter 9 they perform a security reevaluation
  of the reference system NED using the new
  incident related to experience and the
  information about users security requirements.
  This relates to step 2.5 in the research method.

10
Part III-Action research bridge solution to
other sectors

• Chapter 10 shows how they performed a test pilot
  for studying the X-ifying factors that differ
  from the industry to industry. This relates to
  step 2.6 in the research method.
• Part IV- Reflect and conclude
• Chapter 11 reflects on the method. This relates
  to step 2.7 .
• Chapter 12 conclusions, summarizes the work that
  has been presented and discusses the thesis
  contribution.. It also highlights some challenges
  that follow from this work and propose areas for
  further research.

11
The research problem

• Problem statement and motivation.
• We approach the environment of global networks
  with open distributed
• systems, where organizations offer services which
  are some specific
• integration of communications,computing and
  media. We call the system
• operating in this environment system X. For
  this system we need to
• have an opinion on how to safeguard it. That can
  be achieved by
• performing a security evaluation with risk
  analysis. However, current risk
• analysis methods are inadequate because they are
  not focusing the
• emergent character of an open distributed system
  environment where the
• system also , at least partly, is in a virtual
  stage (i.e. premature or in early
• development stage )

12
The reference system NED

• Global networking is growing fast. Currently
  there is an explosive growth in intranet
  investments where organizations build
  infrastructures for for intra information and
  exchange of services. Companies connect their
  internal networks to international networks (e.g
  internet) for global information and services
  exchange and commerce, so do academic
  institutions. With todays network devices it is
  possible to reach network resources inside or
  outside the local enterprise.
• In summary, NED (network education) has the
  following
• Offers time and place independent education over
  the network.
• Combines traditional education material with
  audio, video and graphics,
• Uses existing communications,computing and media
  technology,
• Operates in a global space, parts of NED are
  owned by- thus can be controlled by- the
  education system, but most most parts are shared
  globally.

13
NED cont

• Is partly a virtual systemNED can be built from
  a variety of components for which the technology
  already exists, although they have not been
  integrated into one complete system.
• The increased use of computers for education
  purposes at academic institutions has given focus
  on security issues in various shapes. The use of
  new education systems has raised increased
  concern that the privacy of people might be
  jeopardized, that the content of course materials
  might be revealed to unauthorized people, and
  concerns how to keep systems available for every
  one with a need-to-know at all times.

14
How the solution was bridged to other sectors

• In the research, NED was used as a test bed and
  reference system during the development of the
  method, and to teach us how to NED-ify
  calculations of probabilities and costs in the
  risk analysis., When approaching systems in other
  sectors, for instance system X the assumption was
  that they find certain X-ifying criteria. This
  was tested in a pilot study and the preliminary
  results in the survey, showed there can exist
  X-ifying factors that differ from industry to
  industry.

15
Thesis objectives

• The objective with the thesis work was to develop
  a generic security evaluation method for open
  distributed systems.
• The method should be generic enough to handle all
  types of systems, real as well as virtual.
• It should also enable successive evaluations,
  invite feedback from the past and adjust systems
  over time.
• Thus, the objective was to provide a
  generic,systematic and systemic learning method
  for performing security evaluations of a virtual
  or real system in ODE.

16
Method used to reach the stated objective

• This reported research, was carried out in two
  stages of which stage 1 was presented in a
  licentiate thesisFRI98.Stage 2 includes the
  generalizations and refinements of the method
  from stage 1 for the reference system and also
  discusses and presents how to extend the findings
  into other sectors. The research method and
  theoretical foundations are presented in detail
  in chapter 2.

17
Method used to reach the stated objective cont

• Stage1 With objective to provide a prioritized
  set of security requirements for system NED.
• 1.1 Studied NED related work.
• 1.2 Studied security and risk analysis related
  work
• 1.3 Developed an initial security evaluation
  method for NED
• 1.4 Specified the NED process
• 1.5 Identified the NED assets.
• 1.6 Performed an initial security evaluation on
  system NED.

18
Method used to reach the stated objective cont

• Stage 2 with objective as stated above i.e that
  of this thesis,
• 2.1 Collect the information about current
  security evaluation methods and investigate what
  the needs are and what is feasible to do.
• 2.2 Generalize and refine the security evaluation
  method of stage 1
• 2.3 Studied users security requirements in
  reference system NED.
• 2.4 Collect incident records for reference system
  NED.
• 2.5 performed a security reevaluation on
  reference system NED using the new incident
  experience base,information about users security
  requirements with improved security evaluation
  method.
• 2.6 Studied characterizing security factors,
  X-ifying factors, between industries.
• 2.7 Reflected on the method and refine it.

19
Audience

• This work address the audience of security
  managers, IT- architects, security administrators
  and decision makers in organizations ( e.g
  training institutes) interested in making
  security evaluations on their real or virtual,
  and perhaps open distributed systems.
• Note Your writing will reflect judgments you
  have made about your readers knowledge
  understanding,but most importantly what you want
  them to recognize as significant in your
  research.And your readers will judge you by how
  accurately you judge them.You should know how
  much background they need offer your findings
  in a way that speak for their interests.By so
  doing you will be credible to hold up your side
  of the conversation.

20
Terminologies introduced

• The work has new or/and ambiguous terminologies,
  all of these have been addressed adequately.

21
A word about the Introduction part of this
thesis

• As a writer,the most important expectations you
  create are in the research problem you pose.Hence
  in the first few sentences you must convince your
  readers that you have discovered a research
  problem worth their considerations and that you
  may even have found its solution. An introduction
  should never leave them wondering why I am I
  reading this?!!!
• In this thesis,the introduction part has been
  well presented, it covers, in summary form,all
  the the issues which have been addressed in the
  thesis.(rm)

22
A word about, cont

• Apart from what we have seen above, a shared
  rhetorical pattern that readers look for in all
  Introductions has a common structure that
  includes at least two elements
• --a statement of the research problem, including
  something we dont know or fully understand and
  the consequences of that lack of knowledge if it
  is left unsolved.
• --a statement of response to that problem, either
  as a general idea of its solution or as a
  sentence or two that promises one.
• Sometime readers need more than that, by
  expecting to see
• --a sketch of the context of understanding that
  the problem challenges.
• Thus we have
• context ? problem
  ?response.

23
A word about, cont

• Relating to the introduction part provided in the
  thesis, we can identify the pattern above as
  follows
• As the rise of global networking and information
  
• systems change characteristics, becoming open,
• distributed, mobile and integrating
  communication,computing
• media technology,
  CONTEXT
• there is also a need for security evaluation
  methods that can
• handle the new environment with new actors,new
  rulesnew waysPROBLEM
• We will in this thesis propose a generic method
  for performing
• Security in open distributed systems.
• Although generic it will also
  RESPONCE

24
Communicating evidence visually

• Readers will judge the quality of your research
  by significance of your claim and the power of
  your argument. But before they can make the
  judgment they must understand what you have
  written.But when data consists of discrete
  itemsnumbers,lists,names, objects,or even
  concepts legitimately reduced to few words, you
  can help your readers understand that data and
  thus your argument in other ways visually.
• The author of this thesis has legitimately used a
  lot of tables
• to effect what has been said above.

25
Thesis contributions

• In short the thesis has contributed the
  following
• A generic security evaluation method for open
  distributed systems.
• An approach for how to X-ify, i.e.integrate
  whatever objective and subjective data available
  in a risk analysis with the aim of making the
  best possible decision about probabilities and
  costs.
• A demonstration of how the method can be used to
  evaluate the security in the reference system NED
  and how to NED-ify in the risk analysis.
• A comparison of X-ifying factors in different
  industries.
• Analysis of NED users security requirements and
  an approach for how users security requirements
  could be used to estimate costs in a risk
  analysis.
• New NED incident related experience collected by
  a new NED reporting system.
• A prioritized set of NED security requirements.