Security Specification & Assessment

Question 1

What is meant by Security Specification? (Recap)

Answer 1

Meaning: A security specification is a set of guidelines that outline how to implement security measures to protect data and ensure confidentiality and integrity.

Note: In common with safety requirements specification – concern is to avoid something bad
happening.

Four Major Differences:
* Safety problems are accidental – the software is not operating in a hostile environment. In security, you must assume that attackers have knowledge of system weaknesses.

• When safety failures occur, you can look for the root cause or weakness that led to the failure.
  When failure results from a deliberate attack, the attacker may conceal the cause of the failure.
• Shutting down a system can avoid a safety-related failure. Causing a shut down may be the aim
  of an attack.
• Safety-related events are not generated from an intelligent adversary. An attacker can probe
  defences over time to discover weaknesses.

Question 2

Security Notions (Recap)

Answer 2

• Asset: something of value that has to be protected
• Attack: an exploitation of a system’s vulnerability where an attacker has the goal of causing damage to one or more assets.
  
  • Two types: outside attack
    (external) and inside attack
    (authorised insider)
  • Exposure: possible harm or
    loss to a computing system
• Threat: circumstances that have potential to cause harm or loss
• Vulnerability: a weakness

Question 3

Name and describe the types of security threats?

Answer 3

Interception Threat:
- Allow an attacker to gain access
to an asset (wiretapping,
eavesdropping, etc.)

Interruption Threat:
- Allow an attacker to make the
system unavailable for
some time (denial of service
attack)

Modification Threat:
- Allow an attacker to tamper
with an asset (e.g.,
destroy or change data)

Fabrication Threat:
- Allow an attacker to insert false
information (email spoofing, log
fabrication, etc.)

Question 4

Name three types of control measures?

Answer 4

• Avoidance
  
  • components not connected to
    the internet, data encryption
• Detection and neutralisation
  
  • detect unusual patterns of
    activity
• Exposure limitation and recovery
  
  • automated backup strategies

Question 5

Security and Dependability relations (Notes)

Answer 5

• Reliability
• Availability
• Safety
• Resilience (ability to resist and
  recover from damaging events, specially in the context of a cyber attack).

Question 6

What is an Attack Tree?

Answer 6

Meaning: A diagram that represent an attacker’s goals by exploiting vulnerabilities.

Note: Are used to describe security weaknesses of a system.

Example shown in lecture week 8 slide 10.

Question 7

What are the limitations of an Attack Tree?

Answer 7

1. We only see the attacker’s point of view.
2. There are no defensive measures shown in the diagram
3. There is no attacker/defender interactions visible in the diagram.
4. There is no evolutionary aspects involved in the attack tree.

Question 8

What is an Attack-Defence Tree?
How does it improve on the Original Attack Tree?

Answer 8

Meaning: An attack-defence tree extends the attack tree with refined or countered defensive actions.

Note: A diagram that shows how an attacker might try to attack a system vulnerability and how a defender (system security) can protect it.

Question 9

Notes on Quantitative Analysis on Attack-Defence Trees

Answer 9

Of an attack-defence scenario:
* What is the minimal cost of an attack?

• What is the expected impact of a considered attack?
• Is special equipment required to attack?
• How long does it take to secure a system, when the attacker has a limited budget?
• How does the scenario change if A and D are affected by a power outage?

Question 10

What is the main benefit in using an Attack Defence Tree / Diagram?

Answer 10

They provide information on security metrics allowing engineers to make decisions:
where to invest their security budget, which security solution to implement.

Note: ADDs supports the analysis of various metrics and strategies.

Question 11

Notes on Keyless Entry in Vehicles

Answer 11

Key issues:

• Fob and Car are constantly communicating
• Relay attacks amplify signal from key fob to trick car into thinking the owner is nearby
• Also some hacks can occur by directly plugging into the On board diagnostics port (used for running diagnostics on the car by the manufacturer) to hack into the car, reprogram keys, etc.
• This is located on/underneath the car itself

Preventative Measures:
* Storing your key in a metal box
or a Faraday pouch

• Physical preventative measures such as an anti-steering lock
• 2FA (ensuring that another code has to be entered before the car actually starts)
• Blocking the OBD port itself, etc.

Question 12

Summary on Topic (Security Specification and Assessment)

Answer 12

• Having ways to analyse and understand the effect of countermeasures is important in the presence of limited resources
• Different security models have been explored in the literature to identify ways of prioritising security measures, reasoning about cost, time and the
  probability of success of an attack
• Using strategies helps to identify what counter measures are more effective, etc