Professional Documents
Culture Documents
Protecao Infra
Protecao Infra
Cyber security
Cyber Threat Prevention
● Completely unique field of research ● Set of challenges
Michele Nogueira, Ph.D. ○ Cyber space is abstract
Computer Security Science Center (CCSC)
○ Hard science of physical system behavior
○ Social science of human behavior and response ○ Mathematical and physical-like foundations
○ Formal science of data encoding and information ○ Multiple perspective of cyber space
representation ○ Understanding of software, interfaces and
artifacts
○ Humans have avatar in cyber space, not easy to
sense all relevant information
2 3
Attack types Handling Attacks
Challenges in Achieving Security in Cyber Space
Passive vs. Active Attacks
● Denial of Service
● Deliberate source of potential ● Attempt by a threat to gain ● Malware
danger/harm unauthorized access ● Phishing
● Harm: Adverse impact to system ● Service, data, resources ● SPAM
operation or system resources, ● Exploits specific vulnerabilities
including data, ● Series of attacks for a specific
● Someone or group with the aim of period: campaign
harming the system
7 8 9
Denial of Service Denial of Service Malwares
www.ccsc-research.org www.ccsc-research.org
ccsc@ufpr.br 10 ccsc@ufpr.br 11 12
Malwares Phishing SPAM
13 14 15
Achieving Security in Cyber Space Cyber Security Controls Cyber Security Controls
Security Controls Tools and Techniques Must reflect a policy
16 17 18
Cyber Security Controls Cyber Security Controls Cyber Security Controls
Must reflect a policy Policy Tools and Techniques
19 20 21
Cyber Security Defenses Cyber Security Defenses
Subfields Cyber Security Controls
Main types
● Patterns and behaviors of attacks to detect/predict
Attack detection and
DEFENSE 01 prediction ●
their occurrence
Statistical methods, IA, machine learning
LINES
● Antivirus and IDS
● Security Services
● Focus on attributes of security
Cryptography Authentication
Access
Control IDS = Intrusion Detection Systems
05 Risk Management
●
●
Quantifying the value of cyber security to an
operation
How the prevention/mitigation affect risk
Fonte: SAMNAR: A survivable architecture for wireless self-organizing networks M. Nogueira 22 06 Cryptography
●
●
●
Algorithms and protocols
Cryptanalysis
Formal proofs and information theoretic
23 24
Lima. PhD's thesis, University of Paris 6, LIP6, Paris, France.
Cyber Security Controls Cyber Security Controls Cyber Security Controls
Security Services Security Services - Examples Security Mechanisms
28 29 30
Source: SingularityHub.com
Vantagens para atacantes em infectar dispositivos da Differences from conventional malwares and mobile
Advantages for attackers to infect IoT devices
IoT: Informações obtidas malwares? Diversity
Diversity
31 32 33
Differences from conventional malwares and mobile Differences from conventional malwares and mobile Differences from conventional malwares and mobile
malwares? Quantity malwares? Quantity malwares? Mobility
Fonte: How can botnets cause storms? Understanding the evolution and impact of mobile
34 35 botnets. IEEE INFOCOM 2014 paper. 36
Security Intelligence Finally, the importance of the standards…
37 38 39
Summary Reading Suggestion - Standards
www.ccsc-research.org www.ccsc-research.org
ccsc@ufpr.br 40 ccsc@ufpr.br 41