Dependency-Aware Risk

Analysis (DARA) Model

for Information Security
Edri Yunizal 1)
Iping Supriana Suwardi 1)
Kridanto Surendro 1)
2018

School of Electrical Engineering &Informatics Bandung Institute of Technology

Methodology
• Descriptive approach
• Description general ISRA and current limitation
• Proposed investigation
• Picture possible solution
• Conclusion & suggestion

2
Asset Dependencies on ISRA
• Information  Competitive advantage
• Started as tool
• Now is essential component  every operation need
information
• Technological advances  forcing organization use new
technology  new threat
• Large amount of data  Protection
mechanism
• Loss of CIA  total failure
• Threat respond inappropriate  significant loss
• Commonly used  ISRA (information
security risk analysis)
• Process to identify and evaluate factors that can interfere with
the success of the project or the achievement of objectives

3
ISRA
• Focused on analyzing the threats and weaknesses of
the information resources and determining the
controls needed to place the risk in an acceptable
position
• Steps:
• asset valuation
• threat and vulnerability mapping
• risk calculation
• risk reporting
• consensus building
• Technique:
• FTA
• ETA
• Attack tree
• Cause & Effect Diagram
• BN
• Attack graph

4
ISRA .. (2)
• Approach:
• Quantitative 
• Mathematical approach
• Precision, automate, not require opinion, objective
• Limitation:
• Calculation on replacement, not operational cost  inappropriate financial assessment of
resource
• Accuracy depend on historical data
• Difficult when real data unavailable
• Qualitative,
• Simple calculation, less time consuming
• Limitation:
• Subjective
• Dependent on expert
• Hybrid
• Security triads
• Confidentiality  certain group certain information
• Integrity  asset remain in well defined state
• Availability  asset accessible

5
Limitation
• Limitation 
• Asset dependency complexity
• Failure asset  effect another asset
• Ex:
• Website (High Security)  On server (low security)
• Risk website  must consider effect on server risk
• Risk model that considers asset
dependence  more powerful
• Only partially: Suh and Han, Rahmad, Tatar & Karabacak,
Breier, Alpcan & Bamboos, Khanmohammadi, Schmid &
Albayrak, Loloei
• Cyclic  Muller
• ISRA need:
• Simpler
• Support cyclic

6
Previous studies
• Suh & Han  • Alpcan & Bamboos
• determine asset value based on relationship between • Graph theory, combine business, threat, and human,
asset and business function dynamic change based on interaction
• Maximum • Khanmohammadi & Houmb
• Focus on availability • Risk identified and accessed in business process level
• Rahmad  • Specific value on each organization
• Threat scenario • Schmidt & Albayrak
• Collection of catalogue • Assessment vertical and horizontal, vertical in three
• Building large catalogs level: process, service, and application, horizontal
between asset
• Tatar & karabacak
• Hiearchial valuation • Loloei & Shahriari
• Value asset independent & dependent, independent 
• Breier cost & level importance, dependence  CIA parameter
• Related graph, Asset value based on connection, • Focus on availability
combined with initial value of asset
• Difficult to apply in real world • Muller
• DARC, determine asset root and dependency value
• Support cyclic
• Complex mapping

7
Suh & Han • The IS risk analysis based on a business model

Relative importance of Assignment to business function

• Organizational Investigation business function
• Relative importance of business function
• Asset identification & evaluation
• Asset identification
• Assignment of assets to business functions Initial asset importance

• Determination of initial asset importance  =

∑ ×
• Asset dependency identification
• Determination of final asset importance 
= ( , , , …)
Final asset importance
• Threat & vulnerability assessment
• Threat probability  questionnaires, the IBM
approach, Delphi techniques, brainstorming, threat
sce- nario approach, and the statistical approaches
• ALE calculation
• Recovery time 
• Income loss  = × ⁄ ×
• ALE  = + ×

8
 • Threat Scenario Dependency-Based Model of Information Security Risk Analysis
• Modeling Asset Dependency for Security Risk Analysis using Threat-Scenario
Rahmad •
Dependency
Analisa Risiko Keamanan Informasi dengan Mempertimbangkan Dependensi Skenario
Threat dan Kontrol sebagai Pereduksi Likelihood dan Impact
Model kons eptual Threat scenario TS - TS
• Main concept catalogue
• Assets, threats, controls
• Threat-scenario
• Dependency TS
• TS – Security Dimension
• TS – TS
TS - Threat
• TS – Threat
1. Risk: 5. Weighted mean kombinasi skenario-threat TS – Security dimension
= ×
2. Skenario-threat yg relevan dg tujuan: = ( | ,… , )
6. Weighted mean kombinasi threat tereduksi
= | , …,
3. Weighted-mean skenario-threat yg relevan:
= | ,… ,
| ,… , 7. Threat tereduksi
∑ × ( ) = × (1 − ( ))
=
∑
4. Skenario-threat
= ( | , ) Efektifitas kontrol
9. = | ,… ,

10. = | , …,

11. = | , …,
Control combination effectivity:
× + × + × + × + × ( ) 12. = | , …,
=
+ + + +
13. = | , …,
9
 • An Hierarchical Asset Valuation
Tatar & Karabacak Method for Information Security Risk
Analysis

• Identification Nomor
seri
Nama
perangkat
keras
Pemilik Lokasi
fisik
Nilai
Confidentiality
Nilai
Integrity
Nilai
Availability

H1 Fileserver Paul Ruang

• Hardware Server

Nomor Nama Pemilik Perangkat Nilai Nilai Nilai

• Software seri Softwar
e
Keras
pemroses
Confidentialit
y
Integrity Availability

S1 Sistem Paul H1

• Information Perangkat
Keras S2
operasi
Software Paul H1
Identifikasi resource

Penilaian resource
enkripsi

• Valuation Nomor
seri
Nama
Informas
i
Pemilik Perangkat
lunak
pemroses
Nilai
Confidentialit
y
Nilai
Integrity
Nilai
Availability

• Information Perangkat
Lunak
I1

I2
Data
Pribadi
Data gaji
Ann

Ann
S2

S2
4

5
4

5
4

• Software Nomor Nama Pemilik Perangkat Nilai Nilai Nilai

seri Softwar Keras Confidentialit Integrity Availability

• Hardware S1
e
Sistem
operasi
Paul
pemroses
H1
y
3 3 5

Informasi S2 Software Paul H1 5 5 4

enkripsi

Nomor Nama Pemilik Lokasi Nilai Nilai Nilai

seri perangkat fisik Confidentiality Integrity Availability
keras
H1 Fileserver Paul Ruang 5 5 5
Server

10
 • Asset Valuation Method for Dependent Entities
Breier • Assets Dependencies Model in Information Security
Risk Management

• Organization
model
• Risk values
• Component
dependency value
• Adjustment risk
values

11
 • A quantitative framework for
Schmidt & Albayrak dependency-aware
organizational IT Risk
Management

• Risk = E(T)E(V )E(C)

• E(T)  threat
• E(V )  vulnerability
• E(C)  cost
• G=(V,A)
• ∈  vertices asset
• = , ∈  arc dependency

• Virtual value
• = +∑ ∑ ∈ ( , ) 1 ∏ ∈
• Path on process v

12
 • Dynamic Risk Analyses and Dependency-Aware Root Cause Model for Critical Infrastructures

Muller •

•
Risk Monitoring and Intrusion Detection for Industrial Control Systems

Efficiently computing the likelihoods of cyclically interdependent risk scenarios

• CIA for complete value

• Support cyclic

13
Eusgeld System-of-systems approach for interdependent critical
infrastructures

• Modular concept in
Risk Analysis
• Consist of 3 levels:
• System of system
• CI
• System
• Still in conceptual
mode
• Compound node  promising
• Produce combination attack graph
in cyclic form

14
Omer & Schill Automatic management of cyclic dependency
among web services

• Direct dependency with cycle

• Direct dependency with
compound node

15
DARA’s Idea
• Risk dependency on CI 
Faster, Rinaldi (CI) vs Sendi
(IS)
• Cyclic  Muller
• Broader coverage  IS risk analysis
• HLA Eusgeld (CI)
recommended by Ouyang 
Conceptual
• Complexity more clearly
• Allow vertical & horizontal
• Compound Node  Omer &
Schill
• Threat scenario (Rahmad)  speed up
process
• Easy to read

16
DARA’s Model
• Risk(Threat,Asset)=Lik
elihood(Threat)⊗Impac
t(Threat,Asset)
• Fenz  vulnerability,
intermediate node for
mapping threat
• Priority  likelihood

⊆ ×
A  set of all asset
S  {C, I, A} 17
Conclusion & Future work
• Conclusion
• Asset dependencies  Biggest challenge in risk
analysis
• Qualitative  Depend on expert
• Quantitative  Cost benefit, easily understood
• Attack graph  Flexibility, support cyclic
• Future work 
• Evaluation proposed model
• Compare speed and readability

18
Thank You