Understanding the Unit of Security in Information Systems

Slide Note
Embed
Share

Exploring the concept of the unit of security in information systems, this talk delves into formal perspectives, software security assessments, and the re-identification risk of pseudonymised data. It clarifies that the unit of functional composition differs from the unit of security, emphasizing the complexity of security decomposition compared to functional decomposition.

karri
karri Follow

Uploaded on Oct 06, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. WHAT IS THE UNIT OF SECURITY? EERKE BOITEN, UNIVERSITY OF KENT, UK @ FOSAD 2016

  2. The objectives of this talk are: Starting the day, starting FOSAD More questions than answers Main example s background grabs foreground Getting it wrong in creative & interesting ways Inspire you, and me META

  3. Aiming to Security Predict Measure Manage Control from a formal perspective (abstract description, formal semantics, formal proof & logic) ISO27001[ ]information security as an organisational function needs to be measured against performance targets [Calder & Watkins 2015] PROBLEM TO BE ADDRESSED

  4. Software security assessment is as scientific as wine-tasting (paraphrasing Wayne Jansen: Directions in Security Metrics Research , NIST 2009) PROBLEM TO BE ADDRESSED

  5. REAL EXAMPLE: WHAT IS THE RE-IDENTIFICATION RISK OF PSEUDONYMISED HOSPITAL EPISODE STATISTICS?

  6. A monoid (S,,1) satisfies a,b,c S: a b S (a b) c = a (b c) a 1 = a = 1 a 1 is the unit of the monoid [semigroup with identity] WHAT IS THE UNIT OF SECURITY? V.0

  7. Unit of composition in (pipeline) systems or functional programs: in out in=out Unfortunately NOT unit of security in such programs: a wire is an attack surface! UNIT OF FUNCTIONAL COMPOSITION

  8. S ; T Already dubious in some concurrency settings. sequential composition, unit is skip (do nothing) skip ; S = S Security context: NOP-stacks make a difference! UNIT OF COMPOSITION IN SEQUENTIAL PROGRAMS

  9. Theres no unit of security! (More precisely: the unit of functional composition isn t a unit of security.) More practically: functional decomposition may not be security decomposition [and UC is complex] 1st point of caution DELIBERATE MISINTERPRETATION!?

  10. choose x allows all possible values for x, so it is refined by x := secret Can be prevented by secrecy-preserving refinement (J rjens, Morgan) However, if the non-determinism arises from abstract principles like concurrency = arbitrary interleaving , a scheduler that creates a side channel is also a refinement. 2NDPOINT OF CAUTION: THE REFINEMENT PARADOX

  11. The practical consequence of this is: Not all security problems can be predicted from an abstract specification Related: how is any measurement impacted by patching? (Don t say we shouldn t.) 2NDPOINT OF CAUTION: THE REFINEMENT PARADOX

  12. 3RDPOINT OF CAUTION: GIGO

  13. 1-5 likelihood x 1-5 impact. Quantitative: probability x cost. the time cost of accuracy quite often outweighs the benefits for the organisation [Calder & Watkins 2015] E.G. FORMS OF RISK ASSESSMENT

  14. Information Theory based: amount of information (leaked/preserved); bandwidth Probability (of failure) Variants of specification languages, model checking In provable security: negligible f of security parameter Attack trees Measuring attack surface (~ code complexity metrics, e.g. # in/outgoing method calls) Human interface of security management: incidents, training effects, SOME SECURITY-RELATED SYSTEM MEASUREMENTS [QASA 2013-2015, ]

  15. [Im not a natural sciences historian BUT] Part of the success of physics is that it isn t just about generating numbers It s also about units of measurement These give an immediate sanity check on formulas Programmers may view these as type checks Which camp are you in? C or Haskell? WHAT IS THE UNIT OF SECURITY?

  16. Specific focus: not security assessment in general, but privacy impact assessment High level but usually informal Two types of risks: inherent from the data, plus consequences of getting security wrong DATA PRIVACY MEASUREMENT

  17. What different measurements might you do on a [relational] database? What would the relevant units of measurement be? What would these measurements be good for? EXERCISE FOR THE BREAK

  18. Data science and data ethics: what can we do, and what should we do with data? Unique form of ethics: data is concrete, observable, objective. Making what we do with the data, and what impact that has concrete, observable, objective and measurable: data physics (and data ethics can then base decisions on this) DATA PHYSICS & DATA ETHICS

  19. What different measurements might you do on a [relational] database? What would the relevant units of measurement be? What would these measurements be good for? WHAT IS THE UNIT OF PRIVACY?

  20. Different ways of putting privacy protections around: Results User Sensitive database Queries MODULATING SENSITIVE DATA USE

  21. hidden from user possibly hidden from user Results We could talk about measurement here too. possibly = decision User Sensitive database Queries SAFE HAVEN

  22. hidden from user system-modified (or withheld) Results User Sensitive database Queries DIFFERENTIAL PRIVACY

  23. distort (lose/change information) Results User Sensitive database Anonymised database De-identify Queries SHARE DE-IDENTIFIED DATABASE

  24. quasi-identifier tuple: a set of attributes that together uniquely identifies a data subject [would be key if not longitudinal!] k-anonymity: for any value of quasi-identifier tuple, we have (0 or) k matching entries in the table l-diversity: [and within such group of entries] we find l different values for a collection of sensitive attributes t-closeness: [and within such a group] distributions of sensitive attributes are within a bound t of its distribution over the entire population MEASUREMENTS ON AN ANONYMISED DATABASE

  25. Elide field: replace [quasi-identifier] value by null [unit v.2] Generalise field: replace [quasi-identifier] value by a set of values (wider locality, age range, ) Pseudonymise: replace every value for candidate key by a meaningless value. [Hash; random oracle] Delete: remove info about extremely rare values (& other measures which actually falsify information more broadly Statistical Disclosure Control) WHAT CAN WE DO TO ANONYMISE ?

  26. Re-identify: recover candidate key value for tuple(s), e.g. link pseudonym to identity, e.g via other table. Identify: match pseudonym with pseudonym in other table Recover sensitive attribute: find out value of sensitive attribute for a given identity Specialise: (partially) undo generalisation & probabilistic versions of all of these: partial information, e.g. re-identification up to k ATTACKS AGAINST ANONYMISED

  27. Which attack!? k-anonymity (etc) is same as non-pseudonymised insight: pseudonymisation defends against use of external information, either directly in queries or through join with other tables what are the quasi-identifiers? in a longitudinal database, everything , and info across rows SO THE RISK FOR PSEUDONYMISED HES?

  28. width of table: more info/key is more specific number of tuples, vs. size of population functional dependencies how many of the 33 bits of identity? distortion from information quality external information that can re-identify HARM of sensitive attributes (expectations rather than probabilities?) COST of attacks WHAT ELSE TO MEASURE? IN WHAT UNITS?

  29. The copy-sharing model is reality and in terms of current climate ( open , big ) likely to remain dominant We need to get better at judging the risks associated with the data we expose Re-identification is wider than just showing anonymization is broken: it is privacy-intrusive deduction Is all this a convincing justification for a data physics research agenda yet? A SOMEWHAT DISAPPOINTING END

Related


Information Systems in Organizations: Overview and Implementation

Information Systems in Organizations: Overview and Implementation

aub_and
Understanding Information Systems in Organizational Management

Understanding Information Systems in Organizational Management

bode
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Certification and Training in Information Security

Certification and Training in Information Security

buck
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

joso_597
Understanding Security in World Politics

Understanding Security in World Politics

eisenberg_k
Understanding Computer Security Principles and Practices

Understanding Computer Security Principles and Practices

jos_o
Understanding HTTP Security Headers for Web Apps

Understanding HTTP Security Headers for Web Apps

pembroke_l
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov
UIC Security Division Overview and International Activities

UIC Security Division Overview and International Activities

hadri
Automating Security Operations Using Phantom

Automating Security Operations Using Phantom

gwe_sad
Understanding Security Categorization of Information Systems

Understanding Security Categorization of Information Systems

agustin
Understanding Information Security Basics

Understanding Information Security Basics

ryley
Security Foundations for Future Systems Engineering (FuSE) Initiative Presentation

Security Foundations for Future Systems Engineering (FuSE) Initiative Presentation

hirs_sif
Introduction to Network Security Course

Introduction to Network Security Course

orom
Role-based Access Control Policies and Security Properties Overview

Role-based Access Control Policies and Security Properties Overview

shma570
Overview of Social Security and Health Care System in Turkey

Overview of Social Security and Health Care System in Turkey

violeta
Comprehensive Guide to Designing Physical Security and Security Planning by Susan Lincke

Comprehensive Guide to Designing Physical Security and Security Planning by Susan Lincke

jes_mcg
Comprehensive IT & Security Solutions for Home and Business Needs

Comprehensive IT & Security Solutions for Home and Business Needs

aziza
Understanding Embedded Systems and Cyber-Physical Systems

Understanding Embedded Systems and Cyber-Physical Systems

ros_hag
Understanding Security Threats and Countermeasures

Understanding Security Threats and Countermeasures

grob_aid
Understanding Information Security Policies for Effective Cybersecurity

Understanding Information Security Policies for Effective Cybersecurity

ritenour_s

More Related Content

Innovative ATM Protection System by 3SI Security Systems
Innovative ATM Protection System by 3SI Security Systems
Comprehensive Overview of Information Security Fundamentals
Comprehensive Overview of Information Security Fundamentals
International Approaches to Enhance Nuclear Safety and Security
International Approaches to Enhance Nuclear Safety and Security
Understanding Security Onion: Network Security Monitoring Tools
Understanding Security Onion: Network Security Monitoring Tools
Understanding Transport Layer Security (TLS)
Understanding Transport Layer Security (TLS)
Understanding Provable Security Models in Cryptography
Understanding Provable Security Models in Cryptography
Securing Information Systems: Threats, Controls, and Solutions
Securing Information Systems: Threats, Controls, and Solutions
Unit Name Details and Specifications
Unit Name Details and Specifications
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
Enhancing Security Definitions for Functional Encryption
Enhancing Security Definitions for Functional Encryption
TSA Updates on Security Training Rule for OTRB Companies
TSA Updates on Security Training Rule for OTRB Companies
AEP Enterprise Security Program Overview - June 2021 Update
AEP Enterprise Security Program Overview - June 2021 Update
Evolving Security Practices in DevOps: A Holistic Approach
Evolving Security Practices in DevOps: A Holistic Approach
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Managing Application Security in Large Organizations: Insights and Best Practices
Managing Application Security in Large Organizations: Insights and Best Practices
IPv6 Security and Threats Workshop Summary
IPv6 Security and Threats Workshop Summary
Exploring Web Hosting Security: Principles, Layers, and Monitoring
Exploring Web Hosting Security: Principles, Layers, and Monitoring
Importance of Security in Web Development
Importance of Security in Web Development
Information Security and Machine-Level Security Concepts
Information Security and Machine-Level Security Concepts
Virginia Department for Aging and Rehabilitative Services Cyber Security Policies
Virginia Department for Aging and Rehabilitative Services Cyber Security Policies
Understanding Network Security Vulnerabilities and Attacks
Understanding Network Security Vulnerabilities and Attacks
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
Comprehensive Information Security Planning and Principles Overview
Comprehensive Information Security Planning and Principles Overview
Network Security Fundamentals and Today's Security Challenges
Network Security Fundamentals and Today's Security Challenges