Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer.

Slides:

Advertisements

Similar presentations

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

Advertisements

 Truths About Change  Work Smarter, Not Harder  Lean Processing  Wants and Needs  How do we begin?

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Case study Engineering Ethics Mahmoud Darawsheh. Psystar corporation  Psystar Corporation was a company based in Florida, owned by Rudy and Robert Pedraza.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Fuzzing Dan Fleck CS 469: Security Engineering Sources:

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

IE673Session 4 - Customer Relationships1 Customer Relationships (The Voice of the Customer)

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Capturing Innovation: Turning Intellectual Assets into Business Assets Justin Woo IEOR 190G - Patent Engineering Professor Tal Lavian Project #2 – Chapter.

Health Informatics Series

Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.

Introduction to Network Defense

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Extreme Programming.

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.

Testing and Cost / Benefit Tor Stålhane. Why cost / benefit – 1 For most “real” software systems, the number of possible inputs is large. Thus, we can.

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

Open Source Software An Introduction. The Creation of Software l As you know, programmers create the software that we use l What you may not understand.

Chapter 7: Market Structures Section 4. Slide 2 Copyright © Pearson Education, Inc.Chapter 7, Section 4 Objectives 1.Explain how firms might try to increase.

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

Banking Security in a Digital Age Trevor LaFleche, IDC Financial Insights.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

ERP. What is ERP?  ERP stands for: Enterprise Resource Planning systems  This is what it does: attempts to integrate all data and processes of an organization.

Managing Information in a Global World

Extreme/Agile Programming Prabhaker Mateti. ACK These slides are collected from many authors along with a few of mine. Many thanks to all these authors.

Chapter 8 International Strategic Alliances

1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 23 Reliability III.

Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.

Testing Vs. Inspection Research Paper Diala T. Gammoh, Ph.D. Student Dr. Damla Turgut, Ph.D. University of Central Florida, Orlando Florida

Software Testing and Quality Assurance Software Quality Assurance 1.

Security Analysis of a Cryptographically- Enabled RFID Device Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo Usenix.

Building Dependable Distributed Systems Chapter 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Legitimate Vulnerability Markets By: Jeff Wheeler.

WEIS Economic Analysis of Incentives to Disclose Software Vulnerabilities Dmitri Nizovtsev Washburn University Marie Thursby Georgia Institute of.

Open Source Software This permits users to use, change, and improve the software, and to redistribute it in modified or unmodified forms. It is very often.

Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.

Improving Security through Software Dr Warren Toomey School of Computer Science Australian Defence Force Academy.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Cracking the DES Encryption

Proprietary vs. Free/Open Source Software

COIT23003 Games Development

Creativity and the Business Idea

Software Quality Assurance and Testing Fazal Rehman Shamil.

DES: Data Encryption Standard

Oman College of Management and Technology Course – MM Topic 7 Production and Distribution of Multimedia Titles CS/MIS Department.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

IEEE History & Role in Advancement of Data Communications By Josiah Fink.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Google Form Report Presentation Fatin Kamilia Mohd Arif Natasha Zaireen Zubir Anis Marjan Azmimurad Nurakhma Shabani Jasni.

Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.

Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.

The Future? Or the Past and Present?

Hardware Protection Against Software Piracy

Chapter 18 Maintaining Information Systems

Research for Cyber Security Warwick University Industry Day 2018

Evolution of Microsoft Windows: 1985 ~ 2009

Software Engineering Lecture #12.

Risk Management CSCE 489/689 (Software Security) Fall 2018

ONLINE SECURE DATA SERVICE

CSC-682 Advanced Computer Security

Extreme Programming.

Erica Burch Jesse Forrest

Technology 6 Operating Systems.

Presentation transcript:

Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer

Introduction Abstract/Introduction Security Reliability Growth Symmetry Breaking Real World Problems Conclusion

Abstract/Introduction Open Versus Closed Systems Source code availability –Benefits Hackers/Attacks? –Benefits Defenders/Security? Is there a clear answer?

Security Reliability Growth A MTBF of x requires x hours of testing Failure time observed by a tester depends on initial quality of code and the amount of time testing: K/t (Alpha testing with source knowledge) Beta testing without knowledge of source code decreases the probability of finding a bug because the tester can only test various combinations of input Probability decreases by a factor of Lambda(l): K/lt

Security Reliability Growth Initial alpha testing now involves more restrictions: K/t With bugs that are harder to find Statement: Open and proprietary software will exhibit the same level of reliability growth Why: Bug is easy or hard to find, still results in the same reliability growth

Symmetry Breaking Open and closed systems are equally secure in an ideal world Attackers will however find and exploit phenomena to break this symmetry

Symmetry Breaking Transient costs –Vulnerability Patch Time to Market Low cost for Open Source High cost for Closed Transaction Costs –Fixing Bugs found During Beta Testing Open source results in more bugs earlier Closed source would have less cost of bug fixing during early stages of testing

Symmetry Breaking Vendor Behavior –Motivated to create a better code/product –Patch Delivery/Shipping May be considered to undermine security statements Vendors are given a grace period before having to publish a patch

Symmetry Breaking Testing Focus –Testing of newly added code is important, and open source allows testers to identify what is new –Open source testing may not have consistent focus to all functionality

Symmetry Breaking Reporting Bugs –Defenders of open and closed systems are equally as likely to report a bug –Equal amount of effort is typically required for both open and closed systems

Real World Problems Information security a high priority Copyright Protection -- DMCA

Real World Problems TCPA –Trusted Computing Platform Alliance –Digital Rights management in a PC –Monitors Machine State for changes in hardware and software –Too many changes recognized requires recertification with vendors –Vendors must approve the state of the machine

Real World Problems TCPA –Allows vendors to recognize trusted and non trusted environments –Non trusted environments will not have all available functionality from vendors –Can cause data files to be encrypted with TCPA keys which allows control of who can open what files

Real World Problems TCPA issues –Who/How will it be governed –How will this effect European Union –Who will write regulations for Europe –Will this stifle open source

Real World Problems TCPA – Competition Issues –Gives vendors the right to control who and what can open the data files –This gives the potential for monopolization of certain markets –This provides more protection against reverse engineering –Proprietary standards can often benefit the ones creating the standards

Real World Problems TCPA in Production –IBM claims compliance on its laptops –Microsoft XP and the X-Box claim that certain features are compliant

Real World Problems TCPA Economics –Products that are successful and TCPA compliant can control all related products –Any product that is to be written to comply with a TCPA compliant product must first go through the original product manufacturer –Venture Capitalists will require TCPA compliance to protect investements

Real World Problems TCPA in the Flattened world –TCPA creates a problem within the “Flat” world –In the flat world everyone has the ability to challenge the marketplace even the two man company –This will set that back, and possibly stifle creativity from the smaller competitors

Conclusion Access to source help or hinder? –Fix bugs easier due to accessible source –Develop exploits with less effort –Answer: In a perfect world neither benefits Functionality is more an issue than reliability to the vendor Security for vendor means securing their place in the market versus protecting the user

Conclusion TCPA doesn’t help the user as it is suggested TCPA helps the Vendor crush competition Questions