Title: Doctor of Technology Thesis A Generic Security Evaluation Method for Open Distributed Systems. By Ann Frisinger (KTH-Royal Institute of Technology) March 2001.
1Doctor of Technology ThesisA Generic Security
Evaluation Method for Open Distributed
Systems.By Ann Frisinger(KTH-Royal Institute
of Technology) March 2001.
2Plan of my presentation
- Structure
- Thesis overviewchapter by chapter.
- The research problem.
- Thesis objective
- Method used.
- Discussion of issues related to course literature.
3Introduction
- The Thesis has the following
- 10 pages Abstract (1 page)
- Acknowledgement (1 page),
- Table of contents (5 pages)
- List of figures (1 page)
- List of tables (2 pages).
- 150 pages Four parts (I IV)
- Part I - What to do and How (47 pages)
- part II - Action Research Define method,
perform NED evaluations - (78 pages)
- Part III- Action Research Bridge solution to
other sectors (36 pages) - Part IV- Reflect and Conclude (5 pages).
4Introduction cont
- 7 pages Bibliography and References.
- 112 pages Appendices .
- The Thesis has 274 pages in total, out of which
112 have - been used up by the appendices.
- It contains a total of
- 40 figures, which have been used for elaboration
of various aspects. - 89 tables (word tables) used for communicating
evidence visually. - 112 different references for citing.
5Thesis overview chapter by chapter
- Part I What to do and How
- In chapter 1 she introduced the work performed in
this thesis. - Chapter 2 describes in more details the research
method and theoretical foundations.The research
method was developed based on studies of
paradigms and structures, approaches and
methodologies, theories and tools for information
systems and IT security.The objective of the
thesis was achieved by executing the research
method and thus performing various stages and
steps.
6Thesis overview chapter by chapter, cont.
- Part I What to do and How
- Forming a secure IT system is not a one-time
event, neither is it possible to find a black
box of IT technology that solves all problems.
IT security must be achieved by executing a
continuous security management process.This
process is addressed in chapter 3. - She set a the scenery for security evaluations
and risk analysis to see where it fits into the
security management process and show why it is
important. - She presented causes for incidents, both
intentional as well as accidental.Those are the
incidents that may occur in any information
system however, many are even more likely to
happen in an Open Distributed emergent
environment.
7 Part I What to do and How cont
- In chapter 4 they reviewed work related to
security evaluation - methods.The aim of the chapter was to find what
are the - existing approaches.
- What are the challenges in this field,
- What are the shortcomings of the existing
approaches,or what can be reused from them, are
there any frameworks or methods that wholly or
partly help us to reach the thesis objective.? - They found that no existing approach could fully
help them to reach their objective hence a new
approach/method had to be developed and the
requirements for which are partly covered in this
chapter.
8Part II-Action research define method,perform
NED evaluations
- Chapter 5 summarizes the work performed in stage
1 of this thesis work FRI98, i.e. describes
the initial security evaluation method, shows how
it was used to perform a security evaluation of
system NED, and present the results thereof. This
relates to steps 1.3-1.6 in the research method. - Chapter 6 presents an approach to standardize the
security analysis method it analyses and refines
the method presented in stage 1. This relates to
step 2.2 in the research method. - Chapter 7 presents how users security
requirements were collected, analyzed,
prioritized and finally summarizes the result of
that study.The outcome was a component that they
used when estimating costs in reevaluation of
NED. This relates to step 2.3 in the research
method.
9ContPart II-Action research define
method,perform NED evaluations
- Chapter 8 shows how new NED incident records
were collected and presents the results from the
data collection. The result from the incident
records collection was used in the reevaluation
of reference system NED. This relates to step 2.4
in the research method. - In chapter 9 they perform a security reevaluation
of the reference system NED using the new
incident related to experience and the
information about users security requirements.
This relates to step 2.5 in the research method.
10Part III-Action research bridge solution to
other sectors
- Chapter 10 shows how they performed a test pilot
for studying the X-ifying factors that differ
from the industry to industry. This relates to
step 2.6 in the research method. - Part IV- Reflect and conclude
- Chapter 11 reflects on the method. This relates
to step 2.7 . - Chapter 12 conclusions, summarizes the work that
has been presented and discusses the thesis
contribution.. It also highlights some challenges
that follow from this work and propose areas for
further research.
11The research problem
- Problem statement and motivation.
- We approach the environment of global networks
with open distributed - systems, where organizations offer services which
are some specific - integration of communications,computing and
media. We call the system - operating in this environment system X. For
this system we need to - have an opinion on how to safeguard it. That can
be achieved by - performing a security evaluation with risk
analysis. However, current risk - analysis methods are inadequate because they are
not focusing the - emergent character of an open distributed system
environment where the - system also , at least partly, is in a virtual
stage (i.e. premature or in early - development stage )
12The reference system NED
- Global networking is growing fast. Currently
there is an explosive growth in intranet
investments where organizations build
infrastructures for for intra information and
exchange of services. Companies connect their
internal networks to international networks (e.g
internet) for global information and services
exchange and commerce, so do academic
institutions. With todays network devices it is
possible to reach network resources inside or
outside the local enterprise. - In summary, NED (network education) has the
following - Offers time and place independent education over
the network. - Combines traditional education material with
audio, video and graphics, - Uses existing communications,computing and media
technology, - Operates in a global space, parts of NED are
owned by- thus can be controlled by- the
education system, but most most parts are shared
globally.
13NED cont
- Is partly a virtual systemNED can be built from
a variety of components for which the technology
already exists, although they have not been
integrated into one complete system. - The increased use of computers for education
purposes at academic institutions has given focus
on security issues in various shapes. The use of
new education systems has raised increased
concern that the privacy of people might be
jeopardized, that the content of course materials
might be revealed to unauthorized people, and
concerns how to keep systems available for every
one with a need-to-know at all times.
14How the solution was bridged to other sectors
- In the research, NED was used as a test bed and
reference system during the development of the
method, and to teach us how to NED-ify
calculations of probabilities and costs in the
risk analysis., When approaching systems in other
sectors, for instance system X the assumption was
that they find certain X-ifying criteria. This
was tested in a pilot study and the preliminary
results in the survey, showed there can exist
X-ifying factors that differ from industry to
industry.
15Thesis objectives
- The objective with the thesis work was to develop
a generic security evaluation method for open
distributed systems. - The method should be generic enough to handle all
types of systems, real as well as virtual. - It should also enable successive evaluations,
invite feedback from the past and adjust systems
over time. - Thus, the objective was to provide a
generic,systematic and systemic learning method
for performing security evaluations of a virtual
or real system in ODE.
16Method used to reach the stated objective
- This reported research, was carried out in two
stages of which stage 1 was presented in a
licentiate thesisFRI98.Stage 2 includes the
generalizations and refinements of the method
from stage 1 for the reference system and also
discusses and presents how to extend the findings
into other sectors. The research method and
theoretical foundations are presented in detail
in chapter 2.
17Method used to reach the stated objective cont
- Stage1 With objective to provide a prioritized
set of security requirements for system NED. - 1.1 Studied NED related work.
- 1.2 Studied security and risk analysis related
work - 1.3 Developed an initial security evaluation
method for NED - 1.4 Specified the NED process
- 1.5 Identified the NED assets.
- 1.6 Performed an initial security evaluation on
system NED.
18Method used to reach the stated objective cont
- Stage 2 with objective as stated above i.e that
of this thesis, - 2.1 Collect the information about current
security evaluation methods and investigate what
the needs are and what is feasible to do. - 2.2 Generalize and refine the security evaluation
method of stage 1 - 2.3 Studied users security requirements in
reference system NED. - 2.4 Collect incident records for reference system
NED. - 2.5 performed a security reevaluation on
reference system NED using the new incident
experience base,information about users security
requirements with improved security evaluation
method. - 2.6 Studied characterizing security factors,
X-ifying factors, between industries. - 2.7 Reflected on the method and refine it.
19Audience
- This work address the audience of security
managers, IT- architects, security administrators
and decision makers in organizations ( e.g
training institutes) interested in making
security evaluations on their real or virtual,
and perhaps open distributed systems. - Note Your writing will reflect judgments you
have made about your readers knowledge
understanding,but most importantly what you want
them to recognize as significant in your
research.And your readers will judge you by how
accurately you judge them.You should know how
much background they need offer your findings
in a way that speak for their interests.By so
doing you will be credible to hold up your side
of the conversation.
20Terminologies introduced
- The work has new or/and ambiguous terminologies,
all of these have been addressed adequately.
21A word about the Introduction part of this
thesis
- As a writer,the most important expectations you
create are in the research problem you pose.Hence
in the first few sentences you must convince your
readers that you have discovered a research
problem worth their considerations and that you
may even have found its solution. An introduction
should never leave them wondering why I am I
reading this?!!! - In this thesis,the introduction part has been
well presented, it covers, in summary form,all
the the issues which have been addressed in the
thesis.(rm)
22A word about, cont
- Apart from what we have seen above, a shared
rhetorical pattern that readers look for in all
Introductions has a common structure that
includes at least two elements - --a statement of the research problem, including
something we dont know or fully understand and
the consequences of that lack of knowledge if it
is left unsolved. - --a statement of response to that problem, either
as a general idea of its solution or as a
sentence or two that promises one. - Sometime readers need more than that, by
expecting to see - --a sketch of the context of understanding that
the problem challenges. - Thus we have
- context ? problem
?response.
23A word about, cont
- Relating to the introduction part provided in the
thesis, we can identify the pattern above as
follows - As the rise of global networking and information
- systems change characteristics, becoming open,
- distributed, mobile and integrating
communication,computing - media technology,
CONTEXT - there is also a need for security evaluation
methods that can - handle the new environment with new actors,new
rulesnew waysPROBLEM - We will in this thesis propose a generic method
for performing - Security in open distributed systems.
- Although generic it will also
RESPONCE
24Communicating evidence visually
- Readers will judge the quality of your research
by significance of your claim and the power of
your argument. But before they can make the
judgment they must understand what you have
written.But when data consists of discrete
itemsnumbers,lists,names, objects,or even
concepts legitimately reduced to few words, you
can help your readers understand that data and
thus your argument in other ways visually. - The author of this thesis has legitimately used a
lot of tables - to effect what has been said above.
25Thesis contributions
- In short the thesis has contributed the
following - A generic security evaluation method for open
distributed systems. - An approach for how to X-ify, i.e.integrate
whatever objective and subjective data available
in a risk analysis with the aim of making the
best possible decision about probabilities and
costs. - A demonstration of how the method can be used to
evaluate the security in the reference system NED
and how to NED-ify in the risk analysis. - A comparison of X-ifying factors in different
industries. - Analysis of NED users security requirements and
an approach for how users security requirements
could be used to estimate costs in a risk
analysis. - New NED incident related experience collected by
a new NED reporting system. - A prioritized set of NED security requirements.