Analytical Evaluation Framework

Similar documents
Analytical Evaluation Framework

Discerning the Intent of Maturity Models from Characterizations of Security Posture

The Impact of Conducting ATAM Evaluations on Army Programs

Guided Architecture Trade Space Exploration of Safety Critical Software Systems

Smart Grid Maturity Model: A Vision for the Future of Smart Grid

Frameworks for Assessing IT Systems Engineering Acquisition Issues and Proposed Approaches in Support of Public Law 111

A Mashup of Techniques to Create Reference Architectures

Agile Acquisition of Agile C2

Driving Efficiencies into the Software Life Cycle for Army Systems

Machine Learning for Big Data Systems Acquisition

Semiconductor Foundry Verification

Carnegie Mellon University Notice

Carnegie Mellon University Notice

Measure it? Manage it? Ignore it? Software Practitioners and Technical Debt

Fall 2014 SEI Research Review Aligning Acquisition Strategy and Software Architecture

Technical Debt Analysis through Software Analytics

Evolution of a Software Engineer in a SoS System Engineering World

Evaluation of Competing Threat Modeling Methodologies

Multi-Agent Decentralized Planning for Adversarial Robotic Teams

DoD Joint Federated Assurance Center (JFAC) Industry Outreach

Improving Software Sustainability Through Data-Driven Technical Debt Management

An Architecture-Centric Approach for Acquiring Software-Reliant Systems

DOC-CAREERS II Project, Final conference Brussels 2012 University-Industry Intellectual property rights: Balancing interests

UNCITRAL Third International Colloquium on Secured Transactions Session on Contractual Guide on IP Licensing (Vienna, March 3, 2010)

COLLABORATIVE R&D & IP ISSUES IN TECHNOLOGY TRANSFER IN UNIVERSITY SYSTEM

Finding Patterns of Emergence in Science and Technology Evaluation Implications

Agilent E4980A Precision LCR Meter. Dielectric Constant Measurement Program Operation Manual

OSATE overview & community updates

International development

GUITAR PRO SOFTWARE END-USER LICENSE AGREEMENT (EULA)

A POLICY in REGARDS to INTELLECTUAL PROPERTY. OCTOBER UNIVERSITY for MODERN SCIENCES and ARTS (MSA)

LTE-U Forum: Alcatel-Lucent, Ericsson, Qualcomm Technologies Inc., Samsung Electronics & Verizon. LTE-U SDL Coexistence Specifications V1.

4590 Tank Side Monitor. Service Manual. Mark/Space Communication Protocol. Software Version v2.03 SRM009FVAE0808

AN Energy Harvesting with the NTAG I²C and NTAG I²C plus. Application note COMPANY PUBLIC. Rev February Document information

Finding Discipline in an

Derwent Innovation Legal Status: Predictive Data on Derwent Innovation

Comics as Contracts 2016/04/05 1

Module 1 - Lesson 102 RDT&E Activities

European Ground Systems Common Core

Defend against infringement suits

Patent Agenda. Egyptian National Group of AIPPI

Science of Science & Innovation Policy and Understanding Science. Julia Lane

MEDICINE LICENSE TO PUBLISH

AN PN7150X Frequently Asked Questions. Application note COMPANY PUBLIC. Rev June Document information

Committee on Development and Intellectual Property (CDIP)

Why patents DO matter to YOUR business

Practical Strategies for Biotechnology and Medical Device Companies to Manage Intellectual Property Rights

SPECIFICATIONS SUBJECT TO CHANGE WITHOUT NOTICE

UM0791 User manual. Demonstration firmware for the DMX-512 communication protocol receiver based on the STM32F103Zx. Introduction

Committee on Development and Intellectual Property (CDIP)

University IP and Technology Management. University IP and Technology Management

Texas Instruments/Apple 343S0538 Touch Screen Controller with F Die Markings

A Model Problem for an Open Robotics Controller

What s in the Spec.?

IP and Technology Management for Universities

ISO INTERNATIONAL STANDARD

TED-Kit 2, Release Notes

ITRI. WirelessMAN- Advanced T ITRI Specification ( ) ITRI Proprietary. Copyright 2013 ITRI. All Rights Reserved.

UM10950 Start-up Guide for FRDM-KW41Z Evaluation Board Bluetooth Paring example with NTAG I²C plus Rev February

Innovation, Intellectual Proper ty Rights and Indian Railways

Technical Brief. NVIDIA HPDR Technology The Ultimate in High Dynamic- Range Imaging

PN7120 NFC Controller SBC Kit User Manual

Hong Kong. Patent Application. Hong Kong Trademark & Design Protection Agency Ltd. HKT&DPA Ltd All Rights Reserved.

Wide-area Motion Imagery for Multi-INT Situational Awareness

Marvell 88E6046-TAH1 Four Port Fast Ethernet Plus Two Port Gigabit Ethernet Switch

The EDR Aerial Photo Decade Package

Getting Started. Spectra Acquisition Tutorial

CBRS Commercial Weather RADAR Comments. Document WINNF-RC-1001 Version V1.0.0

Samsung SDP1301 DTV SERDES Interface

Building a Competitive Edge: Protecting Inventions by Patents and Utility Models

Analogy Engine. November Jay Ulfelder. Mark Pipes. Quantitative Geo-Analyst

ESA. European Seed Association. Community Plant Variety Rights System views of the European seed industry

AN2842 Application note

Software-Intensive Systems Producibility

Qualcomm QFE1100 Envelope Tracking PA Power Supply

SHORT SUMMARY REPORT OF THE WORKSHOP ON GENETIC INVENTIONS, INTELLECTUAL PROPERTY RIGHTS AND LICENSING PRACTICES

Freescale MCIMX535DVV1C i.mx535 Mobile Applications Processor

Lewis-Clark State College No Date 2/87 Rev. Policy and Procedures Manual Page 1 of 7

ELAN Microelectronics 33221B-3B00 Touchpad Controller

Apple/Cirrus Logic 338S1081/46L01 Multi-Standard Audio Decoder

MediaTek MT6167A Smartphone Radio Frequency (RF) Transceiver

AN4269. Diagnostic and protection features in extreme switch family. Document information

Pin Tool. Assembly Guide. For Research Use Only. Not for use in diagnostic procedures. Original Instructions

Patent Law. Patent Law class overview. Module 1 Introduction

Oracle Real-Time Scheduler

AN MIFARE Plus Card Coil Design. Application note COMPANY PUBLIC. Rev April Document information

Struggles at the Frontiers: Achieving Software Assurance for Software- Reliant Systems

IEEE C802.16h-06/071. IEEE Broadband Wireless Access Working Group <

UHF variable capacitance diode. Voltage Controlled Oscillators (VCO) Electronic tuning in UHF television tuners

UM OM29263ADK Quick start guide antenna kit COMPANY PUBLIC. Document information

Agilent N2902A 9000 Series Oscilloscope Rack Mount Kit

Technical Proposal for COMMON-ISDN-API. Version 2.0. Generic Tone Generator and Detector Support for Voice Applications. Extension.

Violent Intent Modeling System

Marvell I1062-B0 Hard Drive Controller SoC

OM29110 NFC's SBC Interface Boards User Manual. Rev May

Arduino for Intro to Physical Computing Fall, 2017, J. Eric Townsend

Qualcomm Atheros AR8035 Ultra Low Power Single RGMII Gigabit Ethernet PHY

Guidelines on Standardization and Patent Pool Arrangements

Wireless Tilt Sensor User Guide VERSION 1.2 OCTOBER 2018

Freescale MCIMX6Q5EYM10AC (i.mx6q) Integrated Multimedia Applications Processor

Transcription:

Analytical Evaluation Framework Tim Shimeall CERT/NetSA Group Software Engineering Institute Carnegie Mellon University August 2011

Disclaimer NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. 2

Describing Network Analytical Capabilities Develop descriptions that support fair evaluation of current or potential capabilities to address network defense needs and operational cycles How does it fit not Is it good Input to acquisition, not decision for them Methodical and impartial, not objective Supportive of network security, but applicable somewhat beyond just network security Harvest analyst expertise Consideration of carry-over effects 3

Phase 1: A Language Model Nouns forms of data handled by the capability Inputs Processing Results Verbs primitive actions supported by the capability Data handling Process Analytic Presentational Adverbs characteristics of the capability Process Product Prepositions scope or limitations of the capability 4

Assessing Data What is the primary data handled by the capability? What is secondary data handled by the capability? What is supportive data handled by the capability? What primitive operations are associated with each? How well are the operations implemented? What is missing? 5

Example: Sourcefire IDS Primary input: Packet data Collect, Abstract, Parse, Alert, Store, Query, Export Secondary input: Network map Select, Group, Aggregate Supportive input: Signatures Import, Alert, Store, Export 6

Input/Processing/Output Input: what data does the capability consume? Sourcefire consumes network packets Process: what data is used for control or direction of the capability? Sourcefire uses signatures and network configuration information Output: what data is produced by the capability? Sourcefire produces alerts, and selective packet capture 7

Network Level of Abstraction Many capabilities are focused on particular range of protocols and behaviors IP layer: packet-based analysis, does not get into local behavior and only infers application behavior (e.g., SiLK) Application layer: message-based analysis, does not deal with transport mechanics (e.g., analysis of email patterns) 8

Assessing Operations What locus of operations forms the core functionality of the capability? What are secondary operations? What are supportive operations? How well are those operations implemented? How scoped is the intended application? Rating scheme: 0-5, plus n/a, not eval, absent 9

Summarizing Operational Gaps/Maturity Functional catego ories Balance functional maturity vs. capability gaps All tools have gaps Goal is to see how peaks and valleys match Gap Severity Maturity 10

Process Adverbs Sourcefire IDS: Operational Qualitiative Tactical Concise 11

Product Adverbs Sourcefire IDS: Not Data-diverse Immediate Responsive Interoperable Documented Supported Trained Robust No Workflow No AAA 12

Prepositions Under Conditions (e.g., edge vs. transit) At Size / scale (e.g., enclave vs. enterprise, days vs. months) Of Scope (e.g., CND vs. network ops) Within Coverage (e.g., sparse vs. complete) In time (e.g., interactive vs. batch vs. continuous) 13

Phase 2: Process Descriptions What form of reasoning should the model support? Fused-source intelligence C2/OODA? Forensic? Bayesian hypothesis testing? Abductive pattern matching? 14

Network Analysis Approaches collection observe validation orient fusion analysis decide dissemination act 15

Analysis Decomposed Forensic Vulnerability Access Exploit Impact Breadth Network Security Who What means motive opportunity sequence Analysis Contain Control Diagnose Correct Communicate Incident Response When Where Why How 16

Next Steps Expand initial visual results into fair comparisons Spider diagrams Input/Process/Output tables Network level tables Operational maturity/gaps Define requirements for evaluation process using model Team? Approach? Process? Outcomes? Threats? Tie capabilities to process needs Threshold approach (score needs to be X) Conditional approach (capability must include Y) Descriptive approach (need to support operations Z) Reasoning Support 17

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback