WACREN CONFERENCE 2018 Togo, Lomè CYBERSECURITY AS A SERVICE: THE POC TOOL/PLATFORM FOR DESIGN AND IMPLEMENTATION ELISABETTA ZUANELLI UNIVERSITY OF ROME “TOR VERGATA” PRESIDENT OF CRESEC (WWW.CRESEC.COM )
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
WACREN CONFERENCE 2018 Togo, Lomè
CYBERSECURITY AS A SERVICE: THE POC TOOL/PLATFORM FOR DESIGN AND IMPLEMENTATION
E L I SA B E T TA Z UA N E L L I
U N I V E RS I T Y O F RO M E “ TO R V E RG ATA”
P R ES I D E N T O F C R ES EC ( W W W.C R ES EC .CO M )
The state of the art Theoverwhelmingincreaseofcybera-acksinallfieldsofInternetinterac6ons:cloud,ecommerce,IoT,searchengines,appsformobile,etc.
Amongotherdomains,agrowthof138%inthedomainofonlineresearchandeduca6oninthefirstsemester2017.
ZUANELLIWACREN2018 2
Cybersecurity as a service: a framework Aframeworkfortheinterpreta6onoftheglobalcybersecuritychallengesdealingwithvulnerabili6esandthreats,ononeside.
Ontheother,thedefini8onofpropertoolsforpreven8on,detec8onandresilia8onofcyberaOacksbydefininganewapproachtocybersecurity.
Cybersecurity as a service is here meant as amul8faceted protec8ondesigninthetechnologicalapproachanddevelopmentofonlineservicesinthecyberspacecontext.
ZUANELLIWACREN2018 3
The approach
Cybersecurity as a service asks for a brand new design andimplementa8on of Internet infrastructures and services to berequiredof vendorsonone side forasset technologies supplied toclients.On the other, cybersecurity as a service implies the capability ofcompanies and ins8tu8ons to manage cyber risks and performassessment and evalua8on according to structured analy8csparametersthatcanmanageconspicuousamountsofdata.
ZUANELLIWACREN2018 4
The content parameters
Typological lists of cybersecurity variables such as domains ofaOacks,mechanismsofaOack,incidentslists,etc.
Cybersecurity analy8cs tools such as cybersecurity domainontologies and pragma6c domain plaTorms capable of control oftechnologicalassets,vulnerabili6es,threats,events,incidents,etc.
ZUANELLIWACREN2018 5
A cybersecurity Wacren project
An ASREN/WACREN knowledge cybersecurity pla]orm a synthesis of the state of the art in cybersecurity as a structured data base for collabora^on and
interpreta^on
Ø vendors(cybersecuritybydesigninthedevelopmentofdevices):i.e.OOSS,programs,applica8onsindifferentdomains:i.e.cloud,IoT,plaForms,mobileappsØ IXP,DNS,Routers,etc.;Ø cybersecurityan8malwaresuppliers/vendors:i.e.Kaspersky,Symantec,etc.;Ø cybersecurityassessmentforanalystscompanies(SIEMSOC,Csirts,etc.); andØ asharedontologyofcybersecurityasaserviceimplyingseman8ccontrolledvocabularies,listsandenumera8onsofconceptualen88esofthephenomena,etc.;Ø thesharingknowledgeandautoma8ontoolsforbigdataanaly8csasprovidedbyAIandmachinelearning;
ZUANELLIWACREN2018 6
cybersecurity as a service
predic8veanalysis
tools design
taxonomies/classifica8ons/ontologies
domainontology pragma6contology
threats/vulnerabili8es
aOacks/incidents bigdataanaly6cs/AI
knowledgerepositories
opera6onalexchangetools cybersecuritylists
riskassessmentan8malwareremedia8on
InternetinfrastructureDNS/IXP/Apps
productsservices
designtools
preven6ondetec6onresilia6on
ZUANELLIWACREN2018 7
Cybersecurity ontology: Big data and AI technologies
“Middle-out”approach:boOom-upandtop-downsources,par6allyusedandfunc6onallyredefinedbythemodelandthetechnologicaldevelopment
Upperontologyandmid-levelontologyunderlyingthecybersecurityontologyasdomainontology
Func6onal/pragma6contologyasrelateddevelopmentofthecybersecuritydomain
ZUANELLIWACREN2018 8
ZUANELLIWACREN2018 9
CVE (SR-13/03/2018)/MITRE
)Incident TXT HTML XML
CVE-2018-7580 Name:CVE-2018-7580Status:CandidateURL:hOp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7580Phase:Assigned(20180301)Category:**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.CurrentVotes:None(candidatenotyetproposed)
<fontsize=+2><b>Name:CVE-2018-7580</b></font><p><p><b>Descrip6on:</b><br>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.<p><b>Status:</b>Candidate<br><b>Phase:</b>Assigned(20180301)<br><p><b>Votes:</b><pre></pre>
<itemseq="2018-7580"name="CVE-2018-7580"type="CAN"><status>Candidate</status><phasedate="20180301">Assigned</phase><desc>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.</desc><refs></refs><votes></votes><comments></comments></item>
CVE-2018-7581 Name:CVE-2018-7581Status:CandidateURL:hOp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7581Phase:Assigned(20180301)Category:**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.CurrentVotes:None(candidatenotyetproposed)
<fontsize=+2><b>Name:CVE-2018-7581</b></font><p><p><b>Descrip6on:</b><br>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.<p><b>Status:</b>Candidate<br><b>Phase:</b>Assigned(20180301)<br><p><b>Votes:</b><pre></pre>
<itemseq="2018-7581"name="CVE-2018-7581"type="CAN"><status>Candidate</status><phasedate="20180301">Assigned</phase><desc>\ProgramData\WebLogExpert\WebServer\WebServer.cfginWebLogExpertWebServerEnterprise9.4hasweakpermissions(BUILTIN\Users:(ID)C),whichallowslocaluserstosetacleartextpasswordandloginasadmin.</desc><refs><refurl="hOps://www.exploit-db.com/exploits/44270/"source="EXPLOIT-DB">44270</ref><refurl="hOp://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt"source="MISC">hOp://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt</ref><refurl="hOp://packetstormsecurity.com/files/146697/WebLog-Expert-Web-Server-Enterprise-9.4-Weak-Permissions.html"source="MISC">hOp://packetstormsecurity.com/files/146697/WebLog-Expert-Web-Server-Enterprise-9.4-Weak-Permissions.html</ref></refs><votes></votes><comments></comments></item>
ZUANELLIWACREN2018 10
The Pragmema cybersecurity ontology: POC
Ø theunivocalapplica8onoftherepresenta6onconcepts,en66esandrela6onsasconceivedinupperandmid-levelontologyØ cons8tuents:cybersecuritydomainontology,cybersecuritypragma6contology,cybersecurityknowledge,seman6cvocabularyØ differentlevelen88es,seman8candpragma8crela8ons
ZUANELLIWACREN2018 11
ZUANELLIWACREN2018 12
The logical seman^c rela^ons network: cybersecurity domain ontology and pragma^c ontology
ZUANELLIWACREN2018 13
The POC PLATFORM: a cybersecurity ontology for big data analy^cs and services
ZUANELLIWACREN2018 14
The integra^on of knowledge and applica^ons in the cybersecurity domain
Cybersecurityasaservice
Alongwaytogo…
ZUANELLIWACREN2018 15
Related Documents
