Home page logo
/

bugtraq logo Bugtraq mailing list archives

Announcement: "A Treatise on Informational Warfare"
From: "Eric Knight" <eric () swordsoft com>
Date: Thu, 21 Aug 2003 01:39:28 -0600

 Dear Security Focus Community:

This is an announcement for the public release of the publication "A
Treatise on Informational Warfare".  It is available for download in PDF
format at http://63.230.73.253/treatiseiw.pdf and the table of contents is
included at the end of this announcement so that you can determine if you
have an interest.

This research paper involves making connections between informational
warfare and enterprise security design.  The research focuses on a proposed
"Informational Warfare Model" that is based on strategic, operational, and
tactical design.  It builds on my previous publication "Computer
Vulnerabilities" that was released to BugTraq about three years ago, and
greatly expands on the conceptualizations that were originally presented.

The research should be used to provide assistance on the construction of
enterprise security models currently being developed as well as give
security professionals a way to predict and understand computer security
advancements in technology and their meaning in a networked environment.

The publication also provides a moderately detailed explanation and
comparison of IW warfare that the proposed framework is capable of which may
be interesting reading for non-designers.  It covers a capability analysis
for human against computerized agent, agent against agent, agent against
combined enterprise security, and combined security against combined
security.

I have made a considerable effort to make this document a detailed and well
thought out example and to keep as much speculation as I could out of the
text.  I certainly welcome all comments and discussion on the model I've
presented.

Thank you,

Eric Knight

---------------

"A TREATISE ON INFORMATIONAL WARFARE"

TABLE OF CONTENTS

Forward. 1
Introduction. 2
Informational Warfare Model 7
    Command Layer 9
    Communications Layer 9
    Agent Layer 10
    Functional Layer 10
    Facilitators Layer 10
    Vulnerabilities Layer 10
    Inherent Layer Characteristics. 11
    Layer Design Idealisms. 12
    Effectiveness Measurements. 12
Command Layer 14
    Command Console. 15
    Log Repository. 15
    Analysis Components. 16
    History Analysis. 16
    Game Theory. 16
    Expert Engine. 17
    Heuristic and Statistic Reporting. 17
    Scheduling. 17
    Account Management 18
    Network Component Awareness. 18
    Security Policy Management 18
    Security Tool Repository. 18
    Early Warning System.. 19
Communications Layer 20
    Channel Communications. 20
        Open Channel 21
        Secure Channels. 21
        Isolated Channels. 21
        Covert Channels. 22
        Polymorphic Channels. 22
        Alternative Channels. 23
        Switching Channels. 23
    Public Key Infrastructure. 24
    Conventional Encryption. 24
    Trust Relationships. 25
    Protocol 25
        Uniform Standard Protocol 25
        Covert Protocol 26
        Alternative Protocol 26
        Polymorphic Protocol 26
Agent Layer 27
    Command Interface. 28
    Host Console. 28
    Response Reporting. 29
    Mission Intelligence. 29
    Process Control 29
    Sensors and Sensor Analysis. 30
        Agent Sensors. 30
        Sensor Analysis. 32
    Artificial Intelligence. 32
    Agent Overload. 32
Functional Layer 34
    Layer Considerations. 36
Facilitators. 38
    Fastest Order of Discovery. 39
Vulnerabilities Layer 42
Command Layer Construction. 45
    Agent Status and Control 46
    Command Control 46
    Artificial Intelligence. 46
    Higher Authority. 47
    Agent Layer Construction. 49
        Security Network. 50
        Artificial Intelligence. 50
        Data Processing. 50
        Function Control 51
        Log File Sensors. 51
        Streaming Sensors. 51
        Boolean Sensors. 51
        Result Sensors. 52
    Functional Layer Standardization. 52
Common Network Attack Strategies. 54
    Hacker Attack. 54
    Viral Infestation. 55
    Bee Swarm.. 55
    Conscription. 56
    Invasion. 57
    Crawler 58
    Amoeba. 59
    Infiltration. 60
    Attack Method Comparison. 60
Agent vs Agent Warfare. 62
    Agent Attacks. 62
        Shutting down processes. 63
        Promoting access level 63
        Seizure of Security Tools. 63
        Creating New Services. 64
        Downgrading. 64
        Removing the opposition. 64
        Disrupting communication. 65
        Backdoor 65
        Highest Level Access. 65
        Binary Scan. 66
        Compromising the opposition. 66
        Call for help. 66
        Ghosts. 67
        Analysis Disruption. 67
        Sandbox Modification. 67
        Resource Starvation. 68
        Overload. 68
        Rebooting. 68
    Agent Defenses. 69
        Deep Embedding. 69
        Polymorphism.. 69
        Advance Awareness. 70
        Agent Required for Use. 70
        Encrypted Binary Executable. 71
        Quarantine. 71
        Scuttle. 71
        Hide valuables. 72
        Honeypot 72
        Replication. 72
        Mutually assured destruction. 73
        Forfeiture of Duties. 73
    Aftermath. 74
        Scavenging. 74
        Searching for valuables. 74
        Cleaning the Logs. 75
        Customizing the environment 75
        Selecting a new target 75
        Reporting. 76
        Promotion/demotion. 76
        Fulfilling the Mission. 76
    Event of Capture. 77
        Tools in Random Access Memory. 77
        Deletion After Execution. 77
        Emulation Engines and Polymorphic Machine Code. 77
        Polymorphic Machine Code. 77
        Emulation Engines. 78
        Encryption. 78
Human vs Agent 79
    Physical Access. 80
    Stolen Password/Identity. 80
    Insider Cooperation. 80
    Internal Access Point 81
    Wiring Control 81
    Human Effectiveness. 81
Mission Goals. 83
    Espionage. 85
    Sabotage. 85
    Camouflage. 86
    Subterfuge. 86
    Programming Evolutions Required for Missions. 87
Agent Communication Structures. 89
    Communications Room.. 90
        Designated Computer 90
        Broadcast Protocol 91
        Peer-To-Peer 91
        Relay. 92
    Private Communication. 93
    Three Channel Method. 94
Security Network Warfare. 95
    Combined Capabilities. 96
        Speed of Communication. 96
        Combined Calculation. 96
        Robustness of Tools. 96
        Artificial Intelligence. 97
    Combined Calculation Danger Rating. 97
    Complexities of the Mission. 98
    Natural Warfare Advantages. 98
        Attacking. 98
            Ambush Advantage. 98
            Mission Advantage. 99
            Deterioration Advantage. 99
            Anonymity. 99
            Siege Advantage. 99
        Defending. 99
            Preparation Advantage. 99
            Network Speed Advantage. 100
            Awareness Advantage. 100
            Design Advantage. 100
Cyber-Pandemonium.. 101
Conclusion. 103



  By Date           By Thread  

Current thread:
  • Announcement: "A Treatise on Informational Warfare" Eric Knight (Aug 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]