[<prev] [next>] [day] [month] [year] [list]
Message-ID: <002001c367b7$5ae6d820$6500a8c0@datendrao2d5z7>
Date: Thu, 21 Aug 2003 01:39:28 -0600
From: "Eric Knight" <eric@...rdsoft.com>
To: <bugtraq@...urityfocus.com>
Subject: Announcement: "A Treatise on Informational Warfare"
Dear Security Focus Community:
This is an announcement for the public release of the publication "A
Treatise on Informational Warfare". It is available for download in PDF
format at http://63.230.73.253/treatiseiw.pdf and the table of contents is
included at the end of this announcement so that you can determine if you
have an interest.
This research paper involves making connections between informational
warfare and enterprise security design. The research focuses on a proposed
"Informational Warfare Model" that is based on strategic, operational, and
tactical design. It builds on my previous publication "Computer
Vulnerabilities" that was released to BugTraq about three years ago, and
greatly expands on the conceptualizations that were originally presented.
The research should be used to provide assistance on the construction of
enterprise security models currently being developed as well as give
security professionals a way to predict and understand computer security
advancements in technology and their meaning in a networked environment.
The publication also provides a moderately detailed explanation and
comparison of IW warfare that the proposed framework is capable of which may
be interesting reading for non-designers. It covers a capability analysis
for human against computerized agent, agent against agent, agent against
combined enterprise security, and combined security against combined
security.
I have made a considerable effort to make this document a detailed and well
thought out example and to keep as much speculation as I could out of the
text. I certainly welcome all comments and discussion on the model I've
presented.
Thank you,
Eric Knight
---------------
"A TREATISE ON INFORMATIONAL WARFARE"
TABLE OF CONTENTS
Forward. 1
Introduction. 2
Informational Warfare Model 7
Command Layer 9
Communications Layer 9
Agent Layer 10
Functional Layer 10
Facilitators Layer 10
Vulnerabilities Layer 10
Inherent Layer Characteristics. 11
Layer Design Idealisms. 12
Effectiveness Measurements. 12
Command Layer 14
Command Console. 15
Log Repository. 15
Analysis Components. 16
History Analysis. 16
Game Theory. 16
Expert Engine. 17
Heuristic and Statistic Reporting. 17
Scheduling. 17
Account Management 18
Network Component Awareness. 18
Security Policy Management 18
Security Tool Repository. 18
Early Warning System.. 19
Communications Layer 20
Channel Communications. 20
Open Channel 21
Secure Channels. 21
Isolated Channels. 21
Covert Channels. 22
Polymorphic Channels. 22
Alternative Channels. 23
Switching Channels. 23
Public Key Infrastructure. 24
Conventional Encryption. 24
Trust Relationships. 25
Protocol 25
Uniform Standard Protocol 25
Covert Protocol 26
Alternative Protocol 26
Polymorphic Protocol 26
Agent Layer 27
Command Interface. 28
Host Console. 28
Response Reporting. 29
Mission Intelligence. 29
Process Control 29
Sensors and Sensor Analysis. 30
Agent Sensors. 30
Sensor Analysis. 32
Artificial Intelligence. 32
Agent Overload. 32
Functional Layer 34
Layer Considerations. 36
Facilitators. 38
Fastest Order of Discovery. 39
Vulnerabilities Layer 42
Command Layer Construction. 45
Agent Status and Control 46
Command Control 46
Artificial Intelligence. 46
Higher Authority. 47
Agent Layer Construction. 49
Security Network. 50
Artificial Intelligence. 50
Data Processing. 50
Function Control 51
Log File Sensors. 51
Streaming Sensors. 51
Boolean Sensors. 51
Result Sensors. 52
Functional Layer Standardization. 52
Common Network Attack Strategies. 54
Hacker Attack. 54
Viral Infestation. 55
Bee Swarm.. 55
Conscription. 56
Invasion. 57
Crawler 58
Amoeba. 59
Infiltration. 60
Attack Method Comparison. 60
Agent vs Agent Warfare. 62
Agent Attacks. 62
Shutting down processes. 63
Promoting access level 63
Seizure of Security Tools. 63
Creating New Services. 64
Downgrading. 64
Removing the opposition. 64
Disrupting communication. 65
Backdoor 65
Highest Level Access. 65
Binary Scan. 66
Compromising the opposition. 66
Call for help. 66
Ghosts. 67
Analysis Disruption. 67
Sandbox Modification. 67
Resource Starvation. 68
Overload. 68
Rebooting. 68
Agent Defenses. 69
Deep Embedding. 69
Polymorphism.. 69
Advance Awareness. 70
Agent Required for Use. 70
Encrypted Binary Executable. 71
Quarantine. 71
Scuttle. 71
Hide valuables. 72
Honeypot 72
Replication. 72
Mutually assured destruction. 73
Forfeiture of Duties. 73
Aftermath. 74
Scavenging. 74
Searching for valuables. 74
Cleaning the Logs. 75
Customizing the environment 75
Selecting a new target 75
Reporting. 76
Promotion/demotion. 76
Fulfilling the Mission. 76
Event of Capture. 77
Tools in Random Access Memory. 77
Deletion After Execution. 77
Emulation Engines and Polymorphic Machine Code. 77
Polymorphic Machine Code. 77
Emulation Engines. 78
Encryption. 78
Human vs Agent 79
Physical Access. 80
Stolen Password/Identity. 80
Insider Cooperation. 80
Internal Access Point 81
Wiring Control 81
Human Effectiveness. 81
Mission Goals. 83
Espionage. 85
Sabotage. 85
Camouflage. 86
Subterfuge. 86
Programming Evolutions Required for Missions. 87
Agent Communication Structures. 89
Communications Room.. 90
Designated Computer 90
Broadcast Protocol 91
Peer-To-Peer 91
Relay. 92
Private Communication. 93
Three Channel Method. 94
Security Network Warfare. 95
Combined Capabilities. 96
Speed of Communication. 96
Combined Calculation. 96
Robustness of Tools. 96
Artificial Intelligence. 97
Combined Calculation Danger Rating. 97
Complexities of the Mission. 98
Natural Warfare Advantages. 98
Attacking. 98
Ambush Advantage. 98
Mission Advantage. 99
Deterioration Advantage. 99
Anonymity. 99
Siege Advantage. 99
Defending. 99
Preparation Advantage. 99
Network Speed Advantage. 100
Awareness Advantage. 100
Design Advantage. 100
Cyber-Pandemonium.. 101
Conclusion. 103
Powered by blists - more mailing lists