16th WATCH: Security, Cybercrime and Scale Cormac Herley Microsoft Research THURSDAY March 21 st, Noon, Room 110 W ashington A rea T rustworthy C omputing.

Slides:

Advertisements

Similar presentations

Cyber Crime and Technology

Advertisements

The NeTS Program Dr. Joseph B. Evans Program Director Computer and Network Systems Computer & Information Science & Engineering National Science Foundation.

W ashington A rea T rustworthy C omputing H our

14th WATCH: Medical Device Cybersecurity: The First 164 Years Kevin Fu University of Massachusetts Amherst. THURSDAY November 15 th, Noon, Room 110 W ashington.

Where Do All the Attacks Go? Dinei Florencio and Cormac Herley Microsoft Research, Redmond.

Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Vladimir Misic: 10 Professionalism and Ethics Ownership and Protection.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

18th WATCH: An Experiment in Hiring Discrimination via Online Social Networks Alessandro Acquisti Carnegie Mellon University MONDAY Nov. 25 th, Noon, Room.

The Computer Systems Research Program CSR Mohamed G. Gouda Program Director March 2012.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

29th WATCH: Cybersecurity for the Internet of Everything (IoE) Bret Hartman Cisco Systems, Inc. Thursday June 18, Noon, Room 110 W ashington A rea T rustworthy.

1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)

1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.

The Future of Internet Research Scott Shenker (on behalf of many networking collaborators)

Network Marketing.

Does the American Approach to Information Technology apply to Europe? The Cultural Paradigm. Y. Epelboin*, J.-F. Desnos** *University P.M. Curie, case.

The Changing Face of Education Mary Cullinane Director, US Partners in Learning.

Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.

GSC: Standardization Advancing Global Communications 1 The New US-CCU Cyber-Security Check List SOURCE:U.S. Cyber Consequences Unit (Submitted by TIA)

Social Networking and On-Line Communities: Classification and Research Trends Maria Ioannidou, Eugenia Raptotasiou, Ioannis Anagnostopoulos.

17th WATCH: Cyberwar -- Without the Magical Thinking Stewart A. Baker Steptoe & Johnson THURSDAY July 18 th, Noon, Room 110 W ashington A rea T rustworthy.

26th WATCH: Differential Privacy: Theoretical and Practical Challenges Salil Vadhan Harvard University THURSDAY Jan. 15, Noon, Room 110 W ashington A rea.

21st WATCH: Increasing Trust in the E-Health Environment: Privacy Mechanisms and Policy Problems Maya Bernstein US Department of Health & Human Services.

5th WATCH: So what if I take over a botnet to do my research? An examination of the current state of Ethics in Information and Communications Technology.

Students Becoming Scientists in the World: Integrating Research and Education for Sustainable Development Dr. James P. Collins Directorate for the Biological.

Employer Partnerships North Tyneside Commission of Enquiry Jan 2008 Clare Riley Microsoft Education.

Umm Al-Qura University Collage of Computer and Info. Systems Computer Engineering Department Automatic Camera Tracking System IMPLEMINTATION CONCLUSION.

Web-Based GIS and the Future of Participatory GIS Applications within Local and Indigenous Communities By Dr. Peter A. Kyem, GISP. (Professor of Geography)

Getting There: Example of Successfully Obtaining SaTC CAREER Award Dr. Oleg Komogortsev Associate Professor Department of Computer Science Texas State.

Research Recommendations for the Broadband Taskforce Agenda November 23, 2009.

11th WATCH: Security, Privacy, and Usability: Better Together Lorrie Cranor Computer Science & Engineering Science Policy Carnegie Mellon University THURSDAY.

Computer Engineering at the University of Houston.

National Science Foundation Directorate for Computer & Information Science & Engineering (CISE) Trustworthy Computing and Transition to Practice Secure.

LHC Open Network Environment LHCONE David Foster CERN IT LCG OB 30th September

Cryptography and Network Security (CS435) Part One (Introduction)

Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)

NIST: Promoting U.S. Innovation and Industrial Competitiveness Belinda L. Collins, Ph.D. Director, Technology Services.

Secure and Trustworthy Cyberspace (SaTC) “Top 10” Tips for SaTC Proposals One program director’s observations Sol Greenspan.

HPC Centres and Strategies for Advancing Computational Science in Academic Institutions Organisers: Dan Katz – University of Chicago Gabrielle Allen –

Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.

The Six Strands of Technology History. Strand 1: Toffler’s Four Waves Agricultural Age Industrial Age Information Age Communication Age.

10th WATCH: Barriers to the Science of Security Tom Longstaff National Security Agency John Hopkins University THURSDAY March 15, Noon, Room 110 W ashington.

Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.

Keith Bower. What is Internet Security  Internet security is the protection of a computer's internet account and files from intrusion of an outside user.

Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.

Acceptance of Biometrics: Things That Matter That We Are Ignoring Andrew Patrick, Ph.D. Information Security Group Institute for Information Technology.

CYBERINFRASTRUCTURE FRAMEWORK FOR 21st CENTURY SCIENCE AND ENGINEERING (CIF21) Goal Develop and deploy comprehensive, integrated, sustainable, and secure.

Date of presentation 1 PROJECT IDEA Topic: The Network of the Future a) Future Internet Architectures and Network Technologies Internet of Services, Software.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Keith A. Marzullo, Ph.D. CISE/CNS DD February 24, 2011 Welcome to the Directorate for Computer and Information Science and Engineering.

33rd WATCH: Privacy: Plural, Contextual, Contestable but not Unworkable Deirdre K. Mulligan University of California, Berkeley Thursday March 17, Noon,

Data Infrastructure Building Blocks (DIBBS) NSF Solicitation Webinar -- March 3, 2016 Amy Walton, Program Director Advanced Cyberinfrastructure.

RECORDED ASSIGNMENT: PRESENTING YOUR SPEECH: PART IV FUNDAMENTALS OF BUSINESS COACHING RECORDED ASSIGNMENT: PRESENTING YOUR SPEECH: PART IV FUNDAMENTALS.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Moving Technology Leaders up the Influence Curve Michael Milovich Jr. - March 2015 Page 1/15 This article records an interview by the author with Brian.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

Marketing Management Introduction. Today’s Agenda Let’s Know Each Other Discuss on the course profile What is Marketing to you? Some Marketing Concepts.

CS220:INTRODUCTION TO SOFTWARE ENGINEERING CH1 : INTRODUCTION 1.

CompSci 280 S Introduction to Software Development

STRATEGIC ACADEMIC UNIT “PEOPLE & TECHNOLOGIES”

Diffusion of Innovation

Health & Safety ICT & the law

Cyber Security Challenges & Opportunities.

Frequently asked questions about software engineering

Challenges and Opportunities

Welsh Health Innovation Technology Accelerator

Sabrina Iavarone Senior User Services Officer

Why are we here? Why are we here together? Why did our companies invest the time and money to have us go through this process? (Take responses and put.

Presentation transcript:

16th WATCH: Security, Cybercrime and Scale Cormac Herley Microsoft Research THURSDAY March 21 st, Noon, Room 110 W ashington A rea T rustworthy C omputing H our NSF Stafford I Room 110, Noon Public Invited Abstract In a traditional threat model a user Alice faces an attacker Mallory. Against a sufficiently motivated attacker Alice must neglect nothing. Assuming that Mallory will keep going until he exhausts his attacks (or succeeds) it is both necessary and sufficient to block all possible attacks. Thus, security is only as good as the weakest link, and so on. While simple, and appropriate in high-assurance settings, we show that this model does not scale and is inappropriate to the financially-motivated cybercrime that targets the masses. It is arithmetically impossible that two billion Internet users face the sufficiently motivated attacker who will stop at nothing. The attackers who prey on Internet users are much more constrained. First, their attacks must be profitable on average: expected gain is greater than expected cost. Second, their attacks must either be scalable, or they must be able to locate viable targets with great accuracy (every failed attack reduces return). Third, they collide: independent attackers compete for the same victims, again reducing the return. Why does any of this matter? We argue that when we ignore attacker constraints, we make things harder than they need be for defenders, and this is a luxury we can no longer afford. Technology makes possible many attacks that economics shows to be infeasible. When we ignore this we waste effort on the wrong things. We illustrate, with examples, that to reduce the harm experienced by Internet users it is more important to understand the economic constraints of attackers than their technical capabilities. Speaker Cormac Herley is a Principal Researcher at Microsoft Research, where he’s been since His main current interests are data analysis problems, authentication and the economics of information security. He has published widely in signal and image processing, information theory, multimedia, networking and security. He is the inventor on over 70 US patents, and has shipped technologies used by hundreds of millions of users. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. About the WATCH series: Transforming today’s trusted but untrustworthy cyberinfrastructure into one that can meet society’s growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF’s Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and sponsored by the CISE Secure and Trustworthy Cyberspace (SaTC) Program. Talks will be recorded and made available over the Internet. Questions/comments about WATCH? Contact Keith Marzullo Thursday, March 21, 2013