C3E Idea Detail - Neighborhood Assessment


Submitted by Luanne Burns

Title: Neighborhood Assessment

 

Problem:

The threat posed to an individual user, computer, or mobile device varies as a function of location and time (e.g., accessing the internet over a public wireless connection has fewer protections than a well-secured company intranet). There are, however, few clues or signals presented to users to help them decide whether they are in a “good” or “bad” computer neighborhood and few suggestions as to what actions they should take as a result. How would we determine the “badness” of a cyberspace neighborhood? How do we recognize when we have transitioned from a good cyber “neighborhood” into a bad one? What are the clues and warning signs? What signals indicate danger?

Proposal:

The government should invest in research to develop systems and algorithms that could be used to assess neighborhood trust and mission health.

 

Neighborhood 1 – Neighbor Trust Assessment- Determine the goodness/badness of a neighborhood by estimating the trustworthiness of neighbors through real time assessment along with monitoring of local bad traffic.

 

Neighborhood 2 – Mission Health Assessment – Develop systems that can measure the goodness or badness of a neighborhood by looking at a combination of mission health measures, external situation monitoring (e.g., how frequently am I subject to outside intrusion attempts), and host health assessment. 

Strengths:

  • Mission Health necessitates the translation of the project mission into measurable values. It requires self-awareness so that it can become apparent when the mission is being compromised.
  • Multiple measurement points provide input to a model of a dynamically challenging and changing environment. 
  • This information is used to develop models that identify attacks and move the system into a better environment.
  • The analyst can assess whether the system is “in a bad neighborhood” by evaluating the expected mission progress against the current state. 
  • Results in a shorter lag time to identifying that an attack has occurred, being able to recognize a “bad neighborhood” and/or circumventing an attack.
  • Using a distributed algorithm for the trust metric in combination with a mission-based health monitor would be powerful. The trust metric could be employed to perform one type of independent analysis of the external forces at work in a “neighborhood” while the health monitor could be used to evaluate the self-aware aspects of how the mission is proceeding. The combined metric could be a better measure of neighborhood value.

Weaknesses:

  • The need to identify the mission and to design the metrics is a difficult task.
  • Quantifying the mission is the prerequisite to the health monitor. 
  • Results must be formatted and usable or measurements are not meaningful. 
  • In order for this to be effective, there is a need to have a large amount of information about what is going on in the neighborhood, the network and in the mission. This can be costly in both time and data.
  • There may also be a tendency to get too information-centric. All information is not equally important and each must be evaluated for what is most essential and important to the analyses.

References:

Buckshaw D., Parnell G., Unkenhotz W., Parks D., Wallner J., & Saydjari O. (2005). Mission Oriented Risk and Design Analysis of Critical Information Systems. Military Operations Research, V10 N2, 19-38.
 
Esfandiari, B. & Chandrasekharan, S. (2001). On How Agents Make friends: Mechanisms for Trust Acquisition. In: Proceedings of the Fourth Workshop on Deception, Fraud and Trust in Agent Societies, Montreal, Canada. pp. 27--34. Acquisition”
 
Mui, L., Mohtashemi, M., & Halberstadt, A. (2002).  A Computational Model of Trust and Reputation. System Sciences.
 
Parnell, Gregory S. Parnell, “Chapter 19 Value-focused Thinking,” Methods for Conducting Military Operational Analysis: Best Practices in Use Throughout the Department of Defense, United States Military Academy at West Point and Innovative Decisions Inc.
 
Savola, R. (2007). Towards a Taxonomy for Information Security Metrics. Qop'07: Proceedings of the 2007 Acm Workshop on Quality of Protection, 28-30.
 
Schneier, B. (1999). Attack Trees: Modeling Security Threats. Dr. Dobbs Journal of Software Tools, 24, 12, 21-29. 

David Skillicorn This proposal was implicit in the way the discussion questions were posed at the workshop, but it didn't seem to me that we made much progress along this line. And the fact that the actual proposal is so short makes me think that this project is still more or less undefined.

Reply