Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, October 29, 2010

On Situational Awareness in Enterprises

“Situational Awareness” is an area that I am interested in exploring, in particular in the context of enterprises. How can an organisation be reasonable reassured that its risk posture is appropriate and the relevant threats are mitigated?

Indeed both risk assessment and the deployment of suitable control points are key to deal with risks. However situations can change, new threats can materialise or the controls that are put in place could actually be ineffective.

To close the loop, organisations usually invest in monitoring and event management controls to get a “picture” of what is actually going on.

However, how much is this “picture” an accurate representation of the reality? Are the relevant pieces of “intelligence” taken into account? What are their impacts in the overall risk assessment? Which key areas and elements should be cover? Which correlations are necessary to distillate meaningful information? Which investments are required to achieve all this?

Security Incident and Event Management (SIEM) tools and solutions can indeed help, from a technical perspective. But strategic decisions still need to be made (by Risk Managers, CIOs, CTOs, CISOs, etc.). These decisions are usually made in an economic framework.

How to provide decision support in terms of which investments to make, which monitoring areas to cover, which inferences and data correlations to look for, which trade-offs to consider (e.g. costs vs productivity vs risk exposure)?

I am interested in exploring how the HP Labs Security Analytics approach (i.e. applying modelling and simulation to provide decision support) can help in this space, by introspecting current strategic decision making activities and the involved processes, as well as exploring suitable trade-offs and the impact of existing controls, such as SIEM tools.

In this context, I am looking for public case studies, information/documents illustrating the current “assurance processes”, criteria adopted to deploy SIEM tools, as the key decision making steps adopted in this area.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Presentation at ICST CloudComp 2010: Information Stewardship in the Cloud

I recently attended CloudComp 2010 and presented the following paper:

“Information Stewardship in the Cloud: a model based approach
David Pym, Martin Sadler, Simon Shiu, Marco Casassa Mont”

Thanks for your interest and asking for a copy. My presentation is now available online. Here is the abstract of the paper:

“Managing the information stewardship lifecycle is a challenge. In the context of cloud computing, the stakeholders in cloud ecosystems must also take account of the demands of the information stewardship lifecycles of other participants in the ecosystem. We describe a modelling framework incorporating tools from mathematical systems modelling, economics, and policy/user modelling suitable for supporting reasoning and decision making in cloud ecosystems, and so provides a basis for developing model-based service level agreements.”

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Friday, October 22, 2010

On Providing Assurance within Organisations …

I am interested in exploring how organisations effectively tackle the “assurance” angle, i.e. how they can assess the degree of compliance to their (security and business) policies and which evidence they need to assess how loosely they meet their governance objectives.

I believe this is a complex, multi-facet problem as it involves:

  • Organisational policies
  • Potential threats and related risks
  • Processes and controls put in place to mitigate these risks
  • Areas that are anyway vulnerable and need further monitoring and introspection
  • Technologies and solutions to log, monitor/audit and correlate various information collected within (and potentially across) the IT stack of the organisation
  • Relevant metrics to convey issues and problems to a variety of stakeholders, including IT managers, security and risk managers, business managers, etc.
Indicatively, the above steps are part of a loop that requires periodic reassessment and modification of policies and strategies, as the environment (people, technologies, objectives and threats) are in continuous evolution.

I am looking for case studies, documents and public material providing instances of how the overall process is actually carried out within organisations.

In particular, I am interested in better understanding the decision making process (carried out by strategic decision makers such as CIOs, CISOs) that is at the base of adopting monitoring controls, in particular “Security Incident Event Management (SIEM)” solutions.

Here are a few specific questions I am interested to explore:

  • Which areas are usually perceived being at risk and require further monitoring?
  • How trade-offs between investments and costs are actually dealt with by the various stakeholders?
  • Which evidence is usually provided to the stakeholders to reassure them that specific risks are mitigated by monitoring specific areas (e.g. with SIEM tools)?

Ideally, I’d like to investigate the economic framework. trade-offs and the decision making process that is at the base of making investments in SIEM solutions and how Security Analytics (decision support by means of modelling and simulation) can help in this space …


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Attending and Presenting at CloudComp 2010

I am going to attend CloudComp 2010 and present the following paper:

“Information Stewardship in the Cloud: a model based approach
David Pym, Martin Sadler, Simon Shiu, Marco Casassa Mont”

Here is the abstract of the paper:

“Managing the information stewardship lifecycle is a challenge. In the context of cloud computing, the stakeholders in cloud ecosystems must also take account of the demands of the information stewardship lifecycles of other participants in the ecosystem. We describe a modelling framework incorporating tools from mathematical systems modelling, economics, and policy/user modelling suitable for supporting reasoning and decision making in cloud ecosystems, and so provides a basis for developing model-based service level agreements.”

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

EnCoRe General meeting

I am just back from the EnCoRe General meeting. It has been a very good meeting with interesting discussions and plans to move forward.

In particular HP Labs gave an update of the EnCoRe Architecture V2, and extension of the first version, aiming at providing new capabilities to improve the management of consent and revocation, in dynamic multi-party domains (e.g. in the Cloud). Extensions include:
- Negotiation capabilities
- Internal and external workflows to deal with data disclosure and privacy management, driven by policies
- Obligation Management
- Sticky policies

More to come …

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Core Gnosis System Available for Download

The Core Gnosis system is now available for download, here.

“Executable modelling languages are important tools in science and engineering. They provide methods for exploring of systems that are too complex to be usefully described in simple, analytical terms.
It is very often difficult to validate such models of complex systems, and there are important questions about faithfulness of representation of the underlying system and of the degree to which such models can be predictive. A possible source of errors lies in the modelling language itself, because (contrary to the beliefs of many) languages are themselves complicated artifacts. It is very important to use a modelling language which is well-understood, both by its authors and by its users. This points towards the disciplined use of small, expressive, languages that have a formal semantics, that are implemented with a high-degree of integrity, and which employ constructs that naturally support the modelling idiom.
A landmark achievement was the construction of process modeling languages, particularly Simula (which extends Algol for modelling), which use the notion of concurrent processes to structure models. This was distilled into a small, expressive language called Demos by Birtwistle, which emphasizes the disciplined use of further structure, namely resource, by the processes.
In fields such as program logic, programming language semantics, and concurrency, the introduction of mathematical semantic methods has led to significant insights in expressiveness and improved reliability properties.
In the field of modelling and simulation, however, semantics has made relatively little impact. One significant and elegant exception to this situation is the work of Hillston and her colleagues, in which a process calculus is enriched with stochastic components, together with an account of its stochastic properties in terms of Markov chains. Hillston et al’s framework has been explored in detail, has tool support, and has been deployed in wide range of examples. Our approach differs in that we separate system semantics and modelling language, interpreting the latter in the former.
While the notion of process has been explored in some detail by the semantics community, concepts like resource have almost always been treated as second class. There are many advantages to doing this, from the point-of-view of a theorist. We take the opposite view. That is, we try to see what can be gained by developing an approach in which the structures present in applied modeling languages are given a rigorous treatment as first-class citizens in a theory. This has allowed us to develop our own disciplined approach to applied modelling and an associated tool Core Gnosis”

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---