Engineering and Physical Sciences Research Council (EPSRC) grant will be used to carry out research in the layers of defence to assist computer systems or organisations against malicious attacks.
City University London's Centre for Software Reliability (CSR), has won a £563,089 Engineering and Physical Sciences Research Council (EPSRC) research grant to model and test layers of “defence in depth”, namely, AntiVirus products, Intrusion Detection Systems (IDS), Firewalls and the implicit layers for defence created by the inherent robustness to attack of the applications and platforms being attacked (e.g. diverse operating systems and applications).
Titled “Diversity and Defence in Depth for Security – A Probabilistic Approach (D3S)”, the three-year research project will be led by Principal Investigator (PI) Dr Ilir Gashi and co-investigators, Professor Lorenzo Strigini, Dr Andrey Povyakalo, Professor Bev Littlewood and Professor Robin Bloomfield.
Dr Gashi, whose main research interest is in the assessment and evaluation of the dependability and security of systems, especially those built out of off-the-shelf software components, said organisations need to have a clear idea of the diversity of defence layers required for their organisations: “It is crucial that these defences be diverse in order to detect and/or prevent intrusion attempts.
As in security in general, there is a need to support decisions through quantitative approaches and seeking answers to questions such as: ‘Should a given available budget be spent on a specific defence X or two weaker defences Y and Z which, however, when combined, promise better security than X alone?’ and ‘in this threat environment, what is the likelihood of a successful intrusion achieving damage worth £y this year?’ Our research project sets out to provide methods for answering these kinds of questions, inevitably in probabilistic terms, with a clear understanding of the levels of trust that one can invest in these methods.”
Dr Gashi hopes that this research project will build a greater degree of predictability into an organisation or system’s layers of defence:
“There is a difference between measuring how secure a defence system has been in the past and predicting how secure it will be, as attackers develop new techniques and security vendors try to adapt. We need methods that allow us to predict the security of one (or several) layers of defences based on what we have seen in the past. Predictions may be in terms of the probabilities of: the time to next attack; the rate of attacks that we can expect in a given time interval; vulnerabilities existing in a set of defences etc; and since these will never be infallible we need methods for assessing how well they perform so that their users know how much confidence to have in these predictions.”
The research from this D3S project will enrich the contents of several modules of the MSc in Management of Information Security and Risk (MISR) led by the CSR and the MSc in Cyber Security.
Defence in depth
Defence in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defence system than to penetrate a single barrier.