New Directions in Security

« links for 2008-08-05... | Main | links for 2008-08-06... »

Adaptive Security and Security Architecture

Wednesday Aug 06, 2008

Abstract

This article discusses a new perspective of security architecture that is capable of not only reducing threats but anticipating threats before they are manifested. The proposed approach is called adaptive security. Adaptive security will be discussed using biological and ecosystems metaphors as these provide interesting parallels to the issues, threats and countermeasures applicable to IT systems. And considering their longevity, survivability and adaptability, both biological and ecological systems are good examples of successful systems. We propose that data processing systems be designed with adaptive security elements to exhibit more biological and ecological oriented responses in recognizing and addressing threats.

Introduction

Dan Geer et al summarize the problem we face: "The central enemy of reliability is complexity..... Prevention of insecure operating modes in complex systems is difficult to do well and impossible to do cheaply: The defender has to counter all possible attacks; the attacker only has to find one unblocked means of attack." Putting aside the issue of cost effectiveness, the key element to be addressed using adaptive security is the notion that one should attempt to counter all possible attacks to the extent that a threat response is cost effective. Put another way, we are in the risk management business and not risk avoidance. Thus our goal is really to ensure availability and not avoid every risk. To summarize the common problems that adaptive security may address are:

As complexity of systems increases their security and integrity decrease.
A monoculture of systems will allow a pandemic to spread quickly.
Offensive worms and adversarial attacks are developed faster than the development of defensive responses.

Objective of Adaptive Security

The objective of adaptive security is to enable applications, systems, networks and IT infrastructures the ability to self configure, self detect, self optimize and self heal, in order to protect against corruption of data and processing resources. Exhibiting these characteristics exemplifies, autonomy, trustworthiness and reduces complexity; and the greater the level of control over systems the more trust we can assign to them. Further, through the use of common and consistent security standards, configurations and systems management we can address complexity. This objective of adaptive security is realized by:

Reducing threat amplification. (reduce the potential of cascading failures)
Reducing attack surface. (make the target smaller)
Reducing attack velocity. (slow the attack)
Ensuring the availability of data and processing resources.
Ensuring correctness of data and reliability of processing resources.

Biological systems react to threats by adapting or dying. Biological system responses are typically focused at a microscopic level via various capabilities including immunological responses. The immunological capabilities of biological systems are autonomic in nature and have the ability to recognize and remember threats and to mount a rigorous attacks each time the threat is encountered. The ability to adapt to threats (as compared to a fixed and immutable response) is significant in that we are not aware of every type of threat yet we must be prepared for new attack as they present themselves.

Ecological systems on the other hand function at a macroscopic level. Ecological systems are comprised of many different disparate elements including individual biological entities. They react to threats by relying upon the diversity and autonomy of the elements that make up the ecosystem as well as their ability to adapt. This has the affect of spreading the risk presented by a threat to the larger ecosystem and increases its overall survivability. Diversity also enables us to address the threats poised by a monoculture. (A monoculture can be susceptible to an attack where a single threat can quickly affect multiple systems because they would all have the same susceptibility.)

Adaptive Security

Taking the qualities of both biological and ecological systems, namely adaptation, autonomy, diversity and survivability we can emulate these within the context of a Systemic Security framework. Adaptive security is a natural extension to this framework and offers a long-term vision for how IT systems will be designed, implemented and managed in the future. Recognizing the complex nature and relationships of modern IT systems, adaptive security has been designed to leverage architectural and operational best practices from a variety of IT disciplines in order to more easily integrate security and integrity into modern IT infrastructures. The different adaptive security architectural principles will be discussed in a follow-on article but examples of these would include diversity, resilience, fault tolerance and robustness. Note how these examples map to basic service levels that we are already familiar with as well as typical architectural characteristics that we already use.

Conclusion

The study of biologic and ecologic systems enables computer scientists to consider new and different means for designing, developing and managing security controls. This is especially critical as IT systems become increasingly complex. Given the rich threat environment that most organizations now operate in, we must consider new methods and mechanisms to proactively address those threats. Adaptive security is one such approach and has the advantage of not only addressing existing threats but also anticipating new threats and enabling security control mechanisms to modify their behavior before the new threats are able to manifest themselves to a critical level.

References

Security Architecture and Adaptive Security. J. Weise 2008 (ISSA Journal)
monoculture on the back of the envelope. D. Geer 2005
Artificial Immune Systems: A New Computational Intelligence Approach. L. de Castro 2002