SCF – Real-World Applications

Our goal in this section is to apply the Science Of Cybersecurity Framework (SCF)  to the solution of real-world Cybersecurity problems, or at least to demonstrate how networked system vulnerabilities and cyberthreats can be mitigated (or reduced) to an absolute minimum through the application of scientific method.

Hopefully the reader will recognise the extent to which—using SCF theory—we have been able to clarify all aspects of the Cybersecurity landscape; and by means of a comprehensive analysis that enables us to know/predict what kinds of Cybersecurity  phenomena to look for, measure, model and control. Ergo, we have collected together—all possible classes of cyberthreats and system vulnerabilities—and there associated countermeasures.

We have named these fundamental facets of Cybersecurity; The Cyberthreat and Countermeasure Archetypes.


Cybersecurity Archetypes

Whilst we do believe that the basic theory behind the SCF is both factually and philosophically complete; we recognise that the cyberthreat classes and associated protective mechanisms listed here are at a preliminary—or BETA stage—of development.

Our goal had been to collect together all possible classes of computer system vulnerabilities and associated solutions (named as the Cyberthreat / Countermeasure Archetypes). Unfortunately the sheer scale of this task, dictates that we have only been able to finish this process for top-level classes.  Accordingly, whilst we do not believe that any major cyberthreat/countermeasure classes are missing—only primary classes (or course-grained problems/solutions) are listed. Henceforth at some later date these top-level classes must be expanded into multiple lower-level sub-classes.

Due to the changing nature of the Cybersecurity landscape, and the continual emergence of new threats and clever adversaries etc; the archetype listings will in fact never be fully complete. Ergo the associated cyberthreat tables must be kept up-to-date. Nevertheless any new vulnerabilities plus countermeasure classes—that could/will possibly emerge—can be subsumed under the top-level class definitions listed here.


SCF Theory – Goals

Theory is all well and good, but questions arise surrounding the practical usefulness of any conceptual scheme. The true test of any doctrine lies not only in the level of insight offered; but rather in its applicability to real-world concerns—and this is especially so in relation to the somewhat ‘warlike’, complex and rapidly changing environment of Cybersecurity.

Our own Science Of Cybersecurity Framework (SCF) seeks to identify all of the universals of Cybersecurity,  in the belief that any particulars will naturally follow. Such an approach brings all the benefits of comprehensive overview—combined with detailed classification—being capabilities that are critically important in a rapidly evolving field like Cybersecurity. Accordingly, the key goal of our analysis has been to develop an over-arching framework from which to view the entire Cybersecurity landscape together at once.

Sought is holism—and broad perspectives—but crucially without any ‘gaps’ or missing pieces. Desired is a single penetrating viewpoint for all things Cybersecurity!


Who Is the SCF For?

We have developed the SCF for all interested parties who would like to see the whole field of Cybersecurity together at once—in a single uniting framework. That is—it is for anyone who is in any way interested in obtaining a completely new—truly holistic and fully integrated—perspective on Cybersecurity.

The key aim has been to outline—for the first time—a logical explanation of the fundamental theory and principal axioms of Cybersecurity as developed from first principles, and in a format ideally suited to both—the engineering-minded professional—and the less technically-oriented. We have avoided technical language, plus mathematical explanations (wherever possible); and placed emphasis on understanding in fundamental terms just what Cybersecurity is—its core subject matter and key concerns plus basic definitions etc.

Accordingly, the SCF is a useful tool for everyone; from novices, to theoretical experts and practitioners. The emphasis is more towards topics and problems faced by system implementors, system designers and those responsible for putting in place security tools, measures and protective systems etc; rather than on end-user(s).

Ergo, do not expect to find in the SCF recommendations of which Virus checking software to use; or an analysis of which Cloud provider is most secure; rather the SCF deals with fundamental theory that can be of use to the designers of said security tools.


Measuring Success

One could say that the ultimate test of the usefulnessof any theory/methodis to judge the same by the specific outcomes that it produces. It seems only proper therefore, that anyone with the audacious aim of developing a new science—should experience trial by fire—and find his/her ‘science’ subject to a rigorous process of real-world testing.

Judgment by results is no less than anyone would expect; and in this section we present the outcomes—and results as they are at present known—of using our SCF theory to classify the entire gamut of Cybersecurity threats/countermeasures.

Our goal in the present section—is to demonstrate how to apply our new SCF theory—and establish that it can be used to evolve a comprehensive taxonomy of all possible classes of Cyberthreats, networked and non-networked computer system Vulnerabilities and associated Countermeasures.

Community Help

As stated, our ultimate aim is to evolve a comprehensive top-level theory of Cybersecurity Science. But it is patently obvious—that in such a fast-moving and complex subject area—such a task must of necessity fall to a large group of experts, and practitioners etc.

You will notice that the Cyber-Threat/Vulnerability and Countermeasure Archetype listings below (i.e. the InfoGraphics and Table(s) below) are labelled with a BETA status—indicating that they are by no means finished and/or complete. In particular we are reaching out to the community to fill in the Table(s); and to supply new lower-level sub-categories and detailed classes of cyberthreats and associated countermeasures.

Cyber-Threat and Countermeasure Archetypes

Hopefully you have read all the text and theory developed under the science heading of the present site; or alternatively read the related book ‘The Science Of Cybersecurity’.

We can identify two—enforced—coherency predicates for absolute security; namely: actor-unity (of purpose); and actor-integrity (of action); for safe hardware/software operations on each access/storage/transfer-media [Axiom 24]. Similarly, unsafe-actor repellent/containment techniques can be used to preserve the legitimacy of data-processing operation(s) on the primary-network [Axiom 25].

Moving on to consider security for the primary-network —plus any secondary-network(s)—or privileged-access networks intimately connected to the same—we are concerned here with secondary-copy protection. Accordingly, for those situations that require absolute security; it would seem to be good practice (at least in general) to reduce the number of legitimate secondary-copies—and thus to minimise the number of exposed attack-surfaces (or eliminate the same). Attaining adequate protection for any illegitimate secondary-copies and/or tertiary-copies; requires specialist data-encryption, plus identity and access management techniques.

 

Infographic_D6

SCF 1.0 – InfoGraphic D

Datum-Copy – Elementary Attributes

Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley

 

Infographic_J4b

Infographic_K4b

SCF 1.0 – InfoGraphics J and K

Form and Meaning Gateway(s)

Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley

 

An entry-method is a system access pathway—or series of actions that must be performed by a human, running program and/or helper actor(s)—to access a datum-copy (i.e. a primary, secondary, tertiary-copy). Whereby an entry-method (may) involve traversing several system gateway(s)—before opening up the datum’s inner meaning.

A defence-method is a system access pathway that is inaccessible to unsafe-actor(s). Wherein both the entry-method and defence-method(s) may be protected by locking, blocking and/or concealment techniques. Note that an entry-method plus defence-method— may sometimes be the exact same sub-subsystem (i.e fulfil a dual purpose for any particular access pathway or system entrance method).

 

Infographic_G6

SCF 1.0 – InfoGraphic G

Venn Diagram

Cybersecurity System Access Gateways

Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley

Accordingly, we shall hereby refer to the various axioms, definitions and concepts that have been established in relation to the discussed theory of Cybersecurity. Our goal has been to first establish a comprehensive taxonomy of cyber-threat and vulnerability archetypes—and then accordingly to develop a series of effective countermeasures for the same.

Hopefully the reader can (begin to) agree that we have provided a firm logical—and scientific—foundation for all possible types and classes of Cyberthreats/Vulnerabilities.  Take a look at the InfoGraphic diagram below labelled: “Taxonomy Of Cyberthreats And Effective Countermeasures”; in which an overview of our findings is presented.

 

Infographic_H10

SCF 1.0 – InfoGraphic H (Version 1.0)

Taxonomy Of Cyberthreats And Effective Countermeasures

Source: ‘The Science Of Cybersecurity’ and this site (2017) – by Alan Radley

 

In the following table we present a comprehensive listing of all possible types and classes of Cyberthreat(s), System Vulnerabilities and associated Countermeasures.

SCF Threat Class Hacking Target(s) System

Gateway(s)

Effective

Countermeasures

1 – Primary Network
1.1 – Access Media
1.1.1 – Local Device Hacking of locally held Datums.
1.1.1.1 – Local Data Exploit Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: PC in-situ hacking.

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal one or more Gateway(s).

METHODS:

[1] Physical device security.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Device, B) Logins, C) Datum Meaning.

1.1.1.2 – Remote Sourced Local Data Exploit Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example(s): A) PC has worm / virus, B) PC/Data-processing -system has failure in Actor Coherence/Integrity, and/or C) the local network is compromised.

Physical, Virtual, Meaning (remote access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Network Security / Firewalls.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Logins, B) Datum Meaning.

[4] Certify/Qualify: Actor Coherence/Integrity.

1.1.1.3 – Device Replication (Local Source) A) Device Exploit.

B) Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more)..

Example: PC in-situ device replication.

Physical, Virtual (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Physical device security.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Logins, B) Datum Meaning.

1.1.1.4 – Device Replication (Remote Source) A) Device Exploit.

B) Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: PC remote access device replication.

Virtual, Meaning (remote access). STRATEGY: Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Network security / firewalls.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Logins, B) Datum Meaning.

[4] Certify/Qualify: Actor Coherence/Integrity.

1.1.2 – Access Node Locally held Datums.
1.1.2.1 – Local Data Storage Exploit (Front-Door) Exploit for data held locally, access/exploit happens via Central-Server Network and/or network / ID spoofing etc.

Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: False User ID login Terminal in-situ hacking.

Physical, Virtual, Meaning (local access). STRATEGY: Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Physical device security.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Logins, B) Datum Meaning.

[4] Avoid central copies and data-persistence, employ P2P packet transportation + Single-Copy-Send.

1.1.2.1 – Local Data Storage Exploit (Back Door) Exploit for data held Locally, access/exploit happens via Central-Server Network and/or network / ID spoofing etc and/or corrupt system admin.

Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: Login Terminal system administrator hacking.

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Physical device security.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Device, B) Logins, C) Datum meaning.

[4] Avoid central copies and data-persistence, use P2P transport + Single-Copy-Send.

[5] Lock-out system-admins from private data by some method.

1.1.3 – Access Node (centrally held Datums)
1.1.3.1 – Remote Data Exploit (Front-Door) Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: Login Terminal remote Entrance Gateway hacking; using hacked User ID

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Network security / firewalls.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on: A) Logins, B) Datum Meaning.

[4]  Use Peer-To-Peer and Single-Copy-Send techniques to avoid Central_Server Datum Copies and avoid data-persistence.

1.1.3.2 – Remote Data Exploit (Back Door) Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: Central Server System-Admin Login Terminal hacking.

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

[1] Physical + Network device security.

[2] Virtual data security + Meaning Gateway(s) protection.

[3] Entry locks on:  A) Device; B) Logins and C) Datum Meaning.

[4] Use Peer-To-Peer and Single-Copy-Send techniques to avoid Central_Server Datum Copies and avoid data-persistence.

1.2 – Storage Media As above As above As above
1.3 – Communication Media
1.3.1 – Transfer Media
1.3.1.1 – Internal Data Communications Exploit (i.e. Internal network break-ins etc) Primary-Copy or

Secondary-Copy

Datum read (r), write (w), execute (x) access (one or more).

Example: Data-Breach on Internal network – via worm / virus / network hacking etc.

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

Physical + Network device(s) and Data Communications security measures.

METHODS:

[1] Methods to prevent IP address routing problems / Spoofing of MAC Address, qualification of IP Node.

[2] Virtual entry locks / blocks / concealment on communications data. Meaning Gateway protections on private data.

[3] Employ advanced network security methods; including: A) Stealth; B) Invitation Only and Secret Networks; C) Cypher Matching techniques to validate packet destination(s).

[4] Network security measures (firewalls etc) to prevent communications break-ins.

1.3.1.2 – External Open-Network Data Communications Exploit (i.e. Provider Exploit). Primary-Copy or

Secondary-Copy

Datum read (r).

[Example: Data-Breach on Provider Network or remote false IP address etc.]

Physical, Virtual, Meaning (local access). STRATEGY:

Lock/Block/Conceal – Gateway(s).

METHODS:

(See above 1.3.1.1 for effective countermeasure techniques)

[1] Use Peer-To-Peer and Single-Copy-Send techniques to avoid Central_Server data persistence and replication of Datum Copies.

[2] Reduce time-of-flight for datum copies during transportation to reduce likelihood of exploit.

[3] Locking, Blocking, Concealment of packet data.

1.4 – User Identity Management System (UIMS)
1.4.1 – User Identity Exploit
1.4.1.1 – Media Access on UIMS (Physical, Virtual Meaning Gateway exploit(s). User Identity.

False user identity assignment.

[Example: remote UIMS break-in / hacking exploit].

Physical, Virtual, Meaning (remote access). STRATEGY:

Lock / Block / Conceal All  UIMS Physical / Virtual / Meaning Gateways.

> Unique User ID assignment.

METHODS:

Multiple methods to aid accurate UIMS procedures.

[1] Secure UIMS Media/Logins

[2] Secure User Information.

[3] Secure Encryption Keys.

[4] Secure all Access Nodes / Devices.

[5] Multiple part ID.

[6] Physical ID.

[7] Secure passwords.

[8] Multi-step Logins.

[9] Avoid storing Keys, User IDs on 3rd party servers, rely on PGP methods to identify destination party.

1.4.1.2 – Access Device User Identity Management System Exploit. (Example is compromised UIMS Access computer) User Identity.

False user identity assignment.

UIMS Access

Identity >  User Identity. False user identity or entry and/or assignment.

Physical, Virtual, Meaning (remote access). STRATEGY:

Multiple methods.

Lock / Block / Conceal All  UIMS Physical / Virtual / Meaning Gateways.

Secure UIMS Media/Devices + related networks.

Secure Access Nodes.

METHODS:

[1] Multiple part ID.

[2] Physical ID.

[3] Secure passwords.

[4] Multi-step Logins.

[5] Avoid storing Keys, User IDs on 3rd party servers, rely on PGP methods to identify destination party.

1.4.1.3 – Access Node 

User Identity Management System Exploit. (example is stolen / compromised: User ID / encryption keys etc)

False Access Node identity assignment

False user identity or entry and/or assignment

Encryption Keys are broken-into / compromised.

Physical, Virtual, Meaning (remote access). STRATEGY:

Multiple methods.

Lock / Block / Conceal All  UIMS Physical / Virtual / Meaning Gateways.

Secure UIMS Media / Logins.

METHODS:

[1] Secure Access Nodes / Devices.

[2] Multiple part ID.

[3] Physical ID.

[4] Secure passwords.

[5] Multi-step Logins.

[6] Local Key Assignment / storage.

[7] Hybrid Encryption methods.

[8] Avoid storing Keys, User IDs on 3rd party servers, rely on PGP methods to identify destination party.

2. Secondary Network(s) All of [1] Above. All of [1] Above. All of [1] Above.
3. Tertiary Network(s) All of [1] Above. All of [1] Above. All of [1] Above.
4. Replication Network(s) All of [1] Above. All of [1] Above. All of [1] Above.
5. Transmissions Hacking. Information extraction using communications exploit by means of bulk-data channel funnel from transatlantic cable (for example). All of [1.3] Above. All of [1.3] Above.

SCF – Table A

Cyberthreat, System Vulnerability

And

Countermeasure Archetypes

(Version 1.0 – Beta)


Conclusion

In summary, on this site, we provide a comprehensive taxonomic model of Cybersecurity; and establish the founding principles for an all-encompassing observational and descriptive Cybersecurity Science.  As per our original purpose, the SCF theory affords practitioners with an ability to analyse/know what kinds/classes of  Cybersecurity phenomena to look for, measure, model and control. In turn we define a set of Absolute Security metrics—and accordingly fully prescribe the various classes of Cybersecurity vulnerabilities.

In summary, and taking our findings together as a single unit (or holistic/integrated view) of fundamental Cybersecurity theory (our primary intention); it is our hope that this new theory may be of some practical use—and specifically to aid/support practitioners evolve truly effective Cybersecurity protections and countermeasures.

At the end of the day, we leave it to the reader to adjudge whether or not our endeavours have been successful.


Cross Referencing Task

We do plan to perform an extensive cross-referencing analysis on the Threat, System Vulnerability and Countermeasure Archetypes listed above; and in particular map the aforementioned threat classes to those listed in the standard CVE database.

Note that in Table A—Cyberthreat, System Vulnerability and Countermeasure Archetypes—we have identified and mapped the top-level threat classes, and system vulnerabilities that any Network Security System can experience. We have listed all possible top-level threat classes; and believe that any new unlisted threat class will fall under the appropriate top-level class heading and/or a new/existing sub-heading.

As time allows, we shall greatly expand this table—and by adding many sub-classes under the appropriate headings. Doubtless this table of threat-classes will grow in size—however because the task is a time-consuming one; we are asking for the readers help in relation to this complex task. Kindly send in new threat-sub-classes; or identify missing top-level threat classes etc. Thank you in advance.

Watch this space!


References

[1] http://www.scienceofcybersecurity.com [2017]

[2] Absolute Security – Theory And Principles Of Socially Secure Communication, [2015] – Radley Books, Alan Radley.

[3] The Absolute Security Bulletins – 10 leaflets – (2015) – LinkedIn.

[4] The Science Of Cybersecurity – Theory And Principles Of Socially Secure Communication, [2017] – Radley Books, Alan Radley.

[5] Natural Thoughts, Freedom and Atomic Networks: Keynote address and paper at the Third International Conference for Information Architecture, Security and Cloud Intelligent Technology held in Sanremo, September, 2014, Italy.

[6] The Science Of Cybersecurity – LinkedIn Group (2017).


Contributors

As and when readers supply amendments and corrections to the information on this page, these will be listed here.

Please feel free to send in your amendments.