Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer.

Published byMillicent Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer."— Presentation transcript:

1 Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer

2 Introduction Abstract/Introduction Security Reliability Growth Symmetry Breaking Real World Problems Conclusion

3 Abstract/Introduction Open Versus Closed Systems Source code availability –Benefits Hackers/Attacks? –Benefits Defenders/Security? Is there a clear answer?

4 Security Reliability Growth A MTBF of x requires x hours of testing Failure time observed by a tester depends on initial quality of code and the amount of time testing: K/t (Alpha testing with source knowledge) Beta testing without knowledge of source code decreases the probability of finding a bug because the tester can only test various combinations of input Probability decreases by a factor of Lambda(l): K/lt

5 Security Reliability Growth Initial alpha testing now involves more restrictions: K/t With bugs that are harder to find Statement: Open and proprietary software will exhibit the same level of reliability growth Why: Bug is easy or hard to find, still results in the same reliability growth

6 Symmetry Breaking Open and closed systems are equally secure in an ideal world Attackers will however find and exploit phenomena to break this symmetry

7 Symmetry Breaking Transient costs –Vulnerability Patch Time to Market Low cost for Open Source High cost for Closed Transaction Costs –Fixing Bugs found During Beta Testing Open source results in more bugs earlier Closed source would have less cost of bug fixing during early stages of testing

8 Symmetry Breaking Vendor Behavior –Motivated to create a better code/product –Patch Delivery/Shipping May be considered to undermine security statements Vendors are given a grace period before having to publish a patch

9 Symmetry Breaking Testing Focus –Testing of newly added code is important, and open source allows testers to identify what is new –Open source testing may not have consistent focus to all functionality

10 Symmetry Breaking Reporting Bugs –Defenders of open and closed systems are equally as likely to report a bug –Equal amount of effort is typically required for both open and closed systems

11 Real World Problems Information security a high priority Copyright Protection -- DMCA

12 Real World Problems TCPA –Trusted Computing Platform Alliance –Digital Rights management in a PC –Monitors Machine State for changes in hardware and software –Too many changes recognized requires recertification with vendors –Vendors must approve the state of the machine

13 Real World Problems TCPA –Allows vendors to recognize trusted and non trusted environments –Non trusted environments will not have all available functionality from vendors –Can cause data files to be encrypted with TCPA keys which allows control of who can open what files

14 Real World Problems TCPA issues –Who/How will it be governed –How will this effect European Union –Who will write regulations for Europe –Will this stifle open source

15 Real World Problems TCPA – Competition Issues –Gives vendors the right to control who and what can open the data files –This gives the potential for monopolization of certain markets –This provides more protection against reverse engineering –Proprietary standards can often benefit the ones creating the standards

16 Real World Problems TCPA in Production –IBM claims compliance on its laptops –Microsoft XP and the X-Box claim that certain features are compliant

17 Real World Problems TCPA Economics –Products that are successful and TCPA compliant can control all related products –Any product that is to be written to comply with a TCPA compliant product must first go through the original product manufacturer –Venture Capitalists will require TCPA compliance to protect investements

18 Real World Problems TCPA in the Flattened world –TCPA creates a problem within the “Flat” world –In the flat world everyone has the ability to challenge the marketplace even the two man company –This will set that back, and possibly stifle creativity from the smaller competitors

19 Conclusion Access to source help or hinder? –Fix bugs easier due to accessible source –Develop exploits with less effort –Answer: In a perfect world neither benefits Functionality is more an issue than reliability to the vendor Security for vendor means securing their place in the market versus protecting the user

20 Conclusion TCPA doesn’t help the user as it is suggested TCPA helps the Vendor crush competition Questions

Download ppt "Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer."

Similar presentations

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
 Truths About Change  Work Smarter, Not Harder  Lean Processing  Wants and Needs  How do we begin?

 Truths About Change  Work Smarter, Not Harder  Lean Processing  Wants and Needs  How do we begin?
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Case study Engineering Ethics Mahmoud Darawsheh. Psystar corporation  Psystar Corporation was a company based in Florida, owned by Rudy and Robert Pedraza.

Case study Engineering Ethics Mahmoud Darawsheh. Psystar corporation  Psystar Corporation was a company based in Florida, owned by Rudy and Robert Pedraza.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Fuzzing Dan Fleck CS 469: Security Engineering Sources:
1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.
IE673Session 4 - Customer Relationships1 Customer Relationships (The Voice of the Customer)

IE673Session 4 - Customer Relationships1 Customer Relationships (The Voice of the Customer)
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Capturing Innovation: Turning Intellectual Assets into Business Assets Justin Woo IEOR 190G - Patent Engineering Professor Tal Lavian Project #2 – Chapter.

Capturing Innovation: Turning Intellectual Assets into Business Assets Justin Woo IEOR 190G - Patent Engineering Professor Tal Lavian Project #2 – Chapter.
Health Informatics Series

Health Informatics Series
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.

Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.

1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.
Introduction to Network Defense

Introduction to Network Defense
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Extreme Programming.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Extreme Programming.
Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology
Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.

Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.

Similar presentations

Ads by Google