ebook img

Cyber-vigilance and digital trust : cyber security in the era of cloud computing and IoT PDF

244 Pages·2019·5.946 MB·English
by  TounsiWiem
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cyber-vigilance and digital trust : cyber security in the era of cloud computing and IoT

Cyber-Vigilance and Digital Trust Series Editor Guy Pujolle Cyber-Vigilance and Digital Trust Cyber Security in the Era of Cloud Computing and IoT Edited by Wiem Tounsi First published 2019 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address: ISTE Ltd John Wiley & Sons, Inc. 27-37 St George’s Road 111 River Street London SW19 4EU Hoboken, NJ 07030 UK USA www.iste.co.uk www.wiley.com © ISTE Ltd 2019 The rights of Wiem Tounsi to be identified as the author of this work have been asserted by her in accordance with the Copyright, Designs and Patents Act 1988. Library of Congress Control Number: 2019931457 British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library ISBN 978-1-78630-448-3 Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Wiem TOUNSI Chapter 1. What is Cyber Threat Intelligence and How is it Evolving? . . . . . . . . . . . . . . . . . . . . . . 1 Wiem TOUNSI 1.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2.1. New generation threats . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2.2. Analytical frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3. Cyber threat intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.1. Cyber threat intelligence sources . . . . . . . . . . . . . . . . . . . . . 9 1.3.2. Cyber threat intelligence sub-domains . . . . . . . . . . . . . . . . . 11 1.3.3. Technical threat intelligence (TTI) . . . . . . . . . . . . . . . . . . . . 13 1.4. Related work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.5. Technical threat intelligence sharing problems . . . . . . . . . . . . . . . 16 1.5.1. Benefits of CTI sharing for collective learning . . . . . . . . . . . . 16 1.5.2. Reasons for not sharing . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.6. Technical threat intelligence limitations . . . . . . . . . . . . . . . . . . . 21 1.6.1. Quantity over quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.6.2. IOC-specific limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 22 1.7. Cyber threat intelligent libraries or platforms . . . . . . . . . . . . . . . . 25 1.7.1. Benefits of CTI libraries based in the cloud . . . . . . . . . . . . . . 26 1.7.2. Reluctance to use cloud services . . . . . . . . . . . . . . . . . . . . . 26 1.8. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 1.8.1. Sharing faster is not sufficient . . . . . . . . . . . . . . . . . . . . . . 27 1.8.2. Reducing the quantity of threat feeds . . . . . . . . . . . . . . . . . . 28 vi Cyber-Vigilance and Digital Trust 1.8.3. Trust to share threat data and to save reputation concerns . . . . . . 30 1.8.4. Standards for CTI representation and sharing . . . . . . . . . . . . . 31 1.8.5. Cloud-based CTI libraries for collective knowledge and immunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 1.9. Evaluation of technical threat intelligence tools . . . . . . . . . . . . . . 36 1.9.1. Presentation of selected tools . . . . . . . . . . . . . . . . . . . . . . . 37 1.9.2. Comparative discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 38 1.10. Conclusion and future work . . . . . . . . . . . . . . . . . . . . . . . . . 39 1.11. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Chapter 2. Trust Management Systems: a Retrospective Study on Digital Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Reda YAICH 2.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 2.2. What is trust? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 2.3. Genesis of trust management systems . . . . . . . . . . . . . . . . . . . . 54 2.3.1. Access control model . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 2.3.2. Identity-based access control . . . . . . . . . . . . . . . . . . . . . . . 55 2.3.3. Lattice-based access control . . . . . . . . . . . . . . . . . . . . . . . 57 2.3.4. Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . 58 2.3.5. Organization-based access control . . . . . . . . . . . . . . . . . . . . 59 2.3.6. Attribute-based access control . . . . . . . . . . . . . . . . . . . . . . 61 2.4. Trust management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 2.4.1. Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 2.4.2. Trust management system . . . . . . . . . . . . . . . . . . . . . . . . . 64 2.4.3. Foundations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 2.4.4. Automated trust negotiation . . . . . . . . . . . . . . . . . . . . . . . . 70 2.5. Classification of trust management systems . . . . . . . . . . . . . . . . . 72 2.5.1. Authorization-based TMSs . . . . . . . . . . . . . . . . . . . . . . . . 73 2.5.2. Automated trust negotiation systems . . . . . . . . . . . . . . . . . . 81 2.6. Trust management in cloud infrastructures . . . . . . . . . . . . . . . . . 90 2.6.1. Credentials-based trust models . . . . . . . . . . . . . . . . . . . . . . 90 2.6.2. SLA-based trust models . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2.6.3. Feedback-based trust models . . . . . . . . . . . . . . . . . . . . . . . 91 2.6.4. Prediction-based trust models . . . . . . . . . . . . . . . . . . . . . . . 92 2.7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 2.8. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Chapter 3. Risk Analysis Linked to Network Attacks . . . . . . . . . . . 105 Kamel KAROUI 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Contents vii 3.2. Risk theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 3.2.1. Risk analysis terminology . . . . . . . . . . . . . . . . . . . . . . . . . 107 3.2.2. Presentation of the main risk methods . . . . . . . . . . . . . . . . . . 109 3.2.3. Comparison of the main methods . . . . . . . . . . . . . . . . . . . . 116 3.3. Analysis of IS risk in the context of IT networks . . . . . . . . . . . . . . 120 3.3.1. Setting the context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 3.3.2. Risk assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 3.3.3. Risk treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 3.3.4. Acceptance of risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 3.3.5. Risk communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 3.3.6. Risk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 3.4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 3.5. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Chapter 4. Analytical Overview on Secure Information Flow in Android Systems: Protecting Private Data Used by Smartphone Applications . . . . . . . . . . . . . . . . . . . . . . . 141 Mariem GRAA 4.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 4.2. Information flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 4.2.1. Explicit flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 4.2.2. Implicit flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 4.2.3. Covert channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 4.3. Data tainting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 4.3.1. Interpreter approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 4.3.2. Architecture-based approach . . . . . . . . . . . . . . . . . . . . . . . 146 4.3.3. Static taint analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 4.3.4. Dynamic taint analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 4.4. Protecting private data in Android systems . . . . . . . . . . . . . . . . . 149 4.4.1. Access control approach . . . . . . . . . . . . . . . . . . . . . . . . . . 149 4.4.2. Preventing private data leakage approach . . . . . . . . . . . . . . . 153 4.4.3. Native libraries approaches . . . . . . . . . . . . . . . . . . . . . . . . 157 4.5. Detecting control flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 4.5.1. Technical control flow approaches . . . . . . . . . . . . . . . . . . . . 160 4.5.2. Formal control flow approaches . . . . . . . . . . . . . . . . . . . . . 162 4.6. Handling explicit and control flows in Java and native Android appsʼ code . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 4.6.1. Formal specification of the under-tainting problem . . . . . . . . . . 164 4.6.2. Formal under-tainting solution . . . . . . . . . . . . . . . . . . . . . . 166 4.6.3. System design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 4.6.4. Handling explicit and control flows in Java Android appsʼ code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 viii Cyber-Vigilance and Digital Trust 4.6.5. Handling explicit and control flows in native Android appsʼ code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 4.6.6. Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 4.6.7. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 4.7. Protection against code obfuscation attacks based on control dependencies in Android systems . . . . . . . . . . . . . . . . . . . . . . . . . 188 4.7.1. Code obfuscation definition . . . . . . . . . . . . . . . . . . . . . . . . 188 4.7.2. Types of program obfuscations . . . . . . . . . . . . . . . . . . . . . . 189 4.7.3. Obfuscation techniques . . . . . . . . . . . . . . . . . . . . . . . . . . 189 4.7.4. Code obfuscation in Android system . . . . . . . . . . . . . . . . . . 190 4.7.5. Attack model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 4.7.6. Code obfuscation attacks . . . . . . . . . . . . . . . . . . . . . . . . . 192 4.7.7. Detection of code obfuscation attacks . . . . . . . . . . . . . . . . . . 194 4.7.8. Obfuscation code attack tests . . . . . . . . . . . . . . . . . . . . . . . 195 4.8. Detection of side channel attacks based on data tainting in Android systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 4.8.1. Target threat model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 4.8.2. Side channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 4.8.3. Propagation rules for detecting side channel attacks . . . . . . . . . 203 4.8.4. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 4.8.5. Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 4.9. Tracking information flow in Android systems approaches comparison: summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 4.10. Conclusion and highlights . . . . . . . . . . . . . . . . . . . . . . . . . . 215 4.11. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 List of Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Introduction This book starts by dealing with cyber threat intelligence in Chapter 1. Cyber threat intelligence is an actionable defense and evidence-based knowledge to reduce the gap between advanced attacks and organization defense means in order to aid specific decisions or to illuminate the risk landscape. This chapter classifies and makes distinctions among existing threat intelligence types and focuses particularly on technical threat intelligence issues and the emerging research, trends and frameworks. Since threat data are sensitive, organizations are often reluctant to share threat information with their peers when they are not in a trusted environment. Trust, combined with new cloud services, is a solution to improve collective response to new threats. To deepen this approach, the second chapter of this book addresses digital trust and identifies mechanisms underlying trust management systems. It introduces basic concepts of trust management and classifies and analyzes several trust management systems. This chapter shows how trust management concepts are used in recent systems to address new challenges introduced by cloud computing. When threats are not well addressed, any vulnerability could be exploited and could generate costs for the company. These costs can be of human, technical and financial nature. Thus, to get ahead of these threats, a preventive approach aiming to analyze risks is paramount. This is the subject of the third chapter of this book, which presents a complete information system risk analysis method deployed on various networks. This method is Introduction written by Wiem TOUNSI x Cyber-Vigilance and Digital Trust applicable to and is based on network security extensions of existing risk management standards and methods. Finally, a detective approach based on both dynamic and static analysis is defined in the fourth chapter to defend sensitive data of mobile users, against information flow attacks launched by third-party applications. A formal and technical approach based on a data tainting mechanism is proposed to handle control flow in Java and native applications’ code and to solve the under-tainting problem, particularly in Android systems. 1 What is Cyber Threat Intelligence and How is it Evolving? 1.1. Introduction Today’s cyberattacks have changed in form, function and sophistication during the last few years. These cyberattacks no longer originate from digital hacktivists or online thugs. Held by well-funded and well-organized threat actors, cyberattacks have transformed from hacking for kicks to advanced attacks for profit which may range from financial aims to political gains. In that aim, attacks designed for mischief have been replaced with dynamic, stealthy and persistent attacks, known as advanced malware and advanced persistent threats (APTs). The reason is due to the complexity of new technologies. As a system gets more complex, it gets less secure, making it easier for the attacker to find weaknesses in the system and harder for the defender to secure it (Schneier 2000). As a result, attackers have a first-mover advantage, by trying new attacks first, while defenders have the disadvantage of being in a constant position of responding, for example better anti-virus software to combat new malwares and better intrusion detection system to detect malicious activities. Despite spending over 20 billion dollars annually on traditional security defenses (Piper 2013), organizations find themselves faced with this new generation of cyberattacks, which easily bypass traditional defenses such as traditional and next-generation firewalls, intrusion prevention systems, anti-virus and security gateways. Those defenses rely heavily on static malware signatures or lists of pattern-matching technology, leaving them extremely vulnerable Chapter written by Wiem TOUNSI. Cyber-Vigilance and Digital Trust: Cyber Security in the Era of Cloud Computing and IoT, First Edition. Edited by Wiem Tounsi. © ISTE Ltd 2019. Published by ISTE Ltd and John Wiley & Sons, Inc.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.