PROTOS-MATINE

The PROTOS-MATINE system and dependency analysis methodology and tool set developed by OUSPG (Oulu University Secure Programming Group) is used to identify critical components and dependencies in analysed systems by combining different information sources (system specific and public, technical as well as social information sources) and visualizing the results. PROTOS-MATINE has been applied to many different application areas, including protocol dependency analysis, software dependency analysis and the analysis of complex system dependencies,like networks and critical infrastructures. The analysis is supported by the ?GraphingWiki [7], a tool collect information and establish and visualize the context of data.

The main goals of the PROTOS-MATINE dependency analysis methodology can be summarized as follows:

In [1], Eronen and Laakso present a methodology to discover vulnerabilities in protocols using dependency analysis. Protocols are the basis for higher level systems and vulnerabilities in the protocols can compromise those systems and put them at risk. During their research, it was uncovered that many implementations of the same protocol share the same vulnerabilities. Four different types (meta levels) of possible protocol vulnerabilities were discovered:

By visualizing the dependencies of a protocol (e.g. sub-protocols or encoding/encryption schemes) and linking this information with known vulnerabilities, possible vulnerabilities in the protocol can be uncovered. The proposed information sources for researching protocol dependencies are:

In [2], Eronen and Röning introduce the tool ?GraphingWiki, a semantic extension of MoinMoin wiki, to allow the visualization of data by adding information (or knowledge) and set it in context to each other by adding descriptive additional information. Information can be automatically gathered from various sources like technical specifications or it can be added or supplemented manually by adding expert knowledge. Furthermore, ?GraphingWiki includes logic reasoning capabilities for discovering relations among added information. Visualization is done in graph-based form, where the nodes represent the added data and the edges represent the relations among the data. As a use-case scenario, protocol dependency analysis is given. Each networked system depends on various protocols which themselves depend on lower level protocols. Identification of those dependencies is crucial for vulnerability analysis. One information source for identifying protocol dependencies are standards, containing for example information about status types, relation with other standards or involved protocols. The desired information in standards can be extracted for example using scripts, or where automatic extraction is not possible via manual input. After information gathering, the desired model for protocol dependencies can be extracted from the available information via logic reasoning and/or expert input.

In [3], Eronen et al. present a case study in the context of antivirus vulnerability identification based on dependency analysis. The used dependency analysis methodology is the PROTOS-MATINE method, with its focus on gathering information from all possible information sources (written sources as well as expert interviews) and visualization using the tool ?GraphingWiki. The main information sources in this case study were expert interviews, specifications, market situation, historical data, public vulnerability data and usage scenarios. As a result of the case study, besides finding out that existing implementation level vulnerabilities can make antivirus software ineffective against malware, it was discovered that many vulnerabilities in antivirus software are related to used archive formats which are common among many antivirus products. It is stated that the PROTOS-MATINE approach of information gathering and visualization was crucial in uncovering this critical dependency.

In [4], Pietikäinen et al. utilize the PROTOS-MATINE methodology of dependency analysis and ?GraphingWiki for dependency visualization in the context of providing a security audit in an active large-scale VoIP system. Information sources in the context of PROTOS-MATINE related to this case study were expert interviews, network documentation and network measurements. The incentive of this approach is that a visualization of system structure containing all elements as well as their dependencies can help identifying structural weaknesses in the system. Furthermore, the structure of a system is often not as well understood by the people operating the system as it should be. A visualization of the system combining multiple information sources can help to avoid misunderstandings and thus strengthen security in certain scenarios. As a result of the case study it was shown that there was a mismatch between system documentation and actual implementation which could only be discovered by combining expert interviews with the documentation of the system. It was also uncovered that organizational guidelines (e.g. the use of secure passwords) are sometimes not followed in practice. A structural flaw that was detected during analysis was a substantial dependency of the system to one single system administrator who is responsible for all other administrators. The PROTOS-MATINE methodology as well as ?GraphingWiki have proven valuable for conducting security audits in large-scale systems.

The work presented in [5] shows how the PROTOS-MATINE method can be utilized and adapted to analyse and identify critical components in critical infrastructures. Current and ongoing work tries to establish PROTOS-MATINE and ?GraphingWiki in the field of complex system dependency analysis [6] in the area of critical infrastructures.

?GraphingWiki is currently in active use by several actors for analysis and situational awareness related application areas, for example vulnerability coordination and threat intelligence management.

References

[1] Juhani Eronen and Marko Laakso. A case for protocol dependency. In IEEE International Workshop on Critical Infrastructure Protection, pages 22–32. IEEE Computer Society, 2005.

[2] Juhani Eronen and Juha Röning. Graphingwiki - a semantic wiki extension for visualising and inferring protocol dependency. In Proceedings of the First Workshop on Semantic Wikis – From Wiki To Semantics. ESWC2006, June 2006.

[3] J Eronen, K Karjalainen, R Puuperä, E Kuusela, K Halunen, M Laakso, and J Röning. Software vulnerability vs. critical infrastructure - a case study of antivirus software. International Journal on Advances in Security, 2(1):72–89, 2009.

[4] P. Pietikäinen, K. Karjalainen, J. Eronen, and J. Röning. Socio-technical security assessment of a voip system. In The Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010), July 2010.

[5] Thomas Schaberreiter, Kati Kittilä, Kimmo Halunen, Juha Röning, and Djamel Khadraoui. Risk assessment in critical infrastructure security modelling based on dependency analysis (short paper). In 6th international conference on critical information infrastructure security (CRITIS 2011), 2011.

[6] Schaberreiter, T. (2013). A Bayesian network based on-line risk prediction framework for interdependent critical infrastructures. Acta Universitatis Ouluensis C 466, 2013, University of Oulu, Oulu, Finland. http://jultika.oulu.fi/Record/isbn978-952-62-0212-9.

[7] https://bitbucket.org/clarifiednetworks/graphingwiki/wiki/Home