Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

Published byTyler McCormack Modified over 10 years ago

Similar presentations

Presentation on theme: "A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII."— Presentation transcript:

1 A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII Conference June 11, 2004

2 Framing the Project My background in privacy My background in privacy Data spreads rapidly and widely Data spreads rapidly and widely Scott McNealy: You have zero privacy. Get over it. Scott McNealy: You have zero privacy. Get over it. My current research in security My current research in security Data spreads rapidly and widely Data spreads rapidly and widely You have zero secrecy. Get over it. You have zero secrecy. Get over it. Is that right? When does secrecy help security? Is that right? When does secrecy help security?

3 Is Secrecy Dead? A paradox A paradox Open Source mantra: No Security Through Obscurity Open Source mantra: No Security Through Obscurity Secrecy does not work Secrecy does not work Disclosure is virtuous Disclosure is virtuous Military motto: Loose Lips Sink Ships Military motto: Loose Lips Sink Ships Secrecy is essential Secrecy is essential Disclosure is treason Disclosure is treason

4 Overview A model for when each approach is correct -- assumptions for the Open Source & military approaches A model for when each approach is correct -- assumptions for the Open Source & military approaches Key reasons computer & network security often differ from earlier security problems Key reasons computer & network security often differ from earlier security problems Relax the assumptions Relax the assumptions Insights from the Efficient Capital Markets Hypothesis literature for efficiency of computer attacks Insights from the Efficient Capital Markets Hypothesis literature for efficiency of computer attacks

5 I. Model for When Disclosure Helps Security Identify chief costs and benefits of disclosure Identify chief costs and benefits of disclosure Effect on attackers Effect on attackers Effect on defenders Effect on defenders Describe scenarios where disclosure of a defense likely to have net benefits or costs Describe scenarios where disclosure of a defense likely to have net benefits or costs

6 Open Source & Disclosure Helps Defenders Attackers learn little or nothing from public disclosure Attackers learn little or nothing from public disclosure Disclosures prompts designers to improve the defense -- learn of flaws and fix Disclosures prompts designers to improve the defense -- learn of flaws and fix Disclosure prompts other defenders/users of software to patch and fix Disclosure prompts other defenders/users of software to patch and fix Net: Costs of disclosure low. Bens high. Net: Costs of disclosure low. Bens high. [I am not taking a position on proprietary v. Open Source – focus is on when disclosure improves security] [I am not taking a position on proprietary v. Open Source – focus is on when disclosure improves security]

7 Military Base & Disclosure Helps Attackers It is hard for attackers to get close enough to learn the physical defenses It is hard for attackers to get close enough to learn the physical defenses Disclosure teaches the designers little about how to improve the defenses Disclosure teaches the designers little about how to improve the defenses Disclosure prompts little improvement by other defenders. Disclosure prompts little improvement by other defenders. Net: Costs from disclosure high but few benefits. Net: Costs from disclosure high but few benefits.

8 Effects of Disclosure Low Help Attackers High Open Source Military/Intelligence Help Defenders Low High

9 Effects of Disclosure -- II Military/Intelligence Open Source Low Help Attackers High Help Defenders Low High

10 Effects of Disclosure -- II

11

12 II. Why Computer & Network Security Often Differs Hiddenness & the first-time attack Hiddenness & the first-time attack Uniqueness of the defense Uniqueness of the defense Computer/network security and no security through obscurity Computer/network security and no security through obscurity Firewalls Firewalls Software programs Software programs Encryption algorithms Encryption algorithms

13 The First-Time Attack A weak defense often succeeds against the first attack A weak defense often succeeds against the first attack Pit covered with leaves & first attack Pit covered with leaves & first attack More realistically, hidden mines More realistically, hidden mines By 2d or 10th attack, it does not work By 2d or 10th attack, it does not work

14 Uniqueness of the Defense E: initial effectiveness of a defense E: initial effectiveness of a defense N: number of attacks N: number of attacks L: learning by defenders from an attack L: learning by defenders from an attack C: communication to other defenders C: communication to other defenders A: alteration by the next attack A: alteration by the next attack Designers learn how to fix (the patch) Designers learn how to fix (the patch) Other defenders install the patch Other defenders install the patch Example of placement of hidden pit/mines Example of placement of hidden pit/mines

15 Low Uniqueness Common for Computer & Network Security Firewalls Firewalls High N, L, C & A High N, L, C & A Even unskilled script kiddies can get in Even unskilled script kiddies can get in Secrecy about a flaw will likely not work Secrecy about a flaw will likely not work Disclosure of vulnerability may prompt designers to fix and firewall owners to install the patch Disclosure of vulnerability may prompt designers to fix and firewall owners to install the patch

16 Mass-market Software Mass-market software Mass-market software High N, L, C, & A High N, L, C, & A Secrecy about a flaw will likely not work Secrecy about a flaw will likely not work Disclosure of vulnerability may prompt designers to fix and software users to install the patch Disclosure of vulnerability may prompt designers to fix and software users to install the patch

17 Encryption Hidden writing and the birthplace of openness about algorithms Hidden writing and the birthplace of openness about algorithms High L, C, & A; very high N on the Net High L, C, & A; very high N on the Net Kerckhoffs theorem -- the cryptosystem should assume openness but the key should remain secret Kerckhoffs theorem -- the cryptosystem should assume openness but the key should remain secret

18 Network/Computer Security Enlargement of the Public Domain Enlargement of the Public Domain Search engines and the Net Search engines and the Net Attackers have higher C, so lower costs if decide to disclose Attackers have higher C, so lower costs if decide to disclose Designers and other defenders learn more quickly, so higher benefits if decide to disclose Designers and other defenders learn more quickly, so higher benefits if decide to disclose Open Source paradigm more likely to apply than for traditional, physical attacks Open Source paradigm more likely to apply than for traditional, physical attacks

19 III. Relaxing the Assumptions Other results in the paper about deterrence, surveillance, etc. Other results in the paper about deterrence, surveillance, etc. Now, critique assumption that attackers already know about vulnerabilities Now, critique assumption that attackers already know about vulnerabilities Idea: Open Source paradigm implicitly assumes strong or semi-strong ECMH Idea: Open Source paradigm implicitly assumes strong or semi-strong ECMH But, argument for But, argument for

20 Analogy to ECMH Idea: Open Source paradigm implicitly assumes strong or semi-strong ECMH Idea: Open Source paradigm implicitly assumes strong or semi-strong ECMH ECMH: quickly get to efficient outcome where outsiders/traders exploit available information ECMH: quickly get to efficient outcome where outsiders/traders exploit available information Information about the company will be used by traders Information about the company will be used by traders Open Source: quickly get to outcome where outsiders/attackers exploit available information Open Source: quickly get to outcome where outsiders/attackers exploit available information Information about the defense will be used by attackers Information about the defense will be used by attackers

21 ECMH in the Academy Today Previously, many economists accepted ECMH; today, less faith in it Previously, many economists accepted ECMH; today, less faith in it My claim is that efficiency is less for attackers discovering vulnerabilities My claim is that efficiency is less for attackers discovering vulnerabilities Modern software large, so N per line of code may be low Modern software large, so N per line of code may be low Security efforts, so bugs/line of code down Security efforts, so bugs/line of code down Bug hunters say each vulnerability can be costly to discover Bug hunters say each vulnerability can be costly to discover

22 Physical & Cyber Security Defend the buried pipeline Defend the buried pipeline Hard for attackers to learn the key vulnerable point Hard for attackers to learn the key vulnerable point Expensive to rebuild pipeline once in place Expensive to rebuild pipeline once in place Vulnerabilities often unique Vulnerabilities often unique Defend the software Defend the software Easy for attackers to learn of vulnerability (warez & hacker sites) Easy for attackers to learn of vulnerability (warez & hacker sites) Relatively inexpensive to patch & update Relatively inexpensive to patch & update Vulnerabilities often large scale/mass market Vulnerabilities often large scale/mass market

23 Effects of Disclosure Low Help Attackers High Open Source Physical facilities 1. Military/ Intel 2. Physical facilities Help Defenders Low High

24 What Makes Cyber Attacks Different? A key concept: the first-time attack A key concept: the first-time attack The first time, defenders have the advantage: The first time, defenders have the advantage: Simple tricks can foil the attack Simple tricks can foil the attack Attackers have not learned weak points Attackers have not learned weak points On attack #1000, attackers have the edge: On attack #1000, attackers have the edge: They avoid the established defenses They avoid the established defenses They learn the weak points They learn the weak points Computer scientists: Instance helps the defense Computer scientists: Instance helps the defense

25 What Is Different for Cyber Attacks? Many attacks Many attacks Each attack is low cost Each attack is low cost More costly to find out location of machine guns More costly to find out location of machine guns Attackers learn from previous attacks Attackers learn from previous attacks This trick got me root access This trick got me root access Attackers communicate about vulnerabilities Attackers communicate about vulnerabilities Because of attackers knowledge, disclosure often helps defenders more than attackers for cyber attacks Because of attackers knowledge, disclosure often helps defenders more than attackers for cyber attacks

26 Conclusion I am proposing a basic model for when disclosure helps security I am proposing a basic model for when disclosure helps security Disclosure helps defenders? Attackers? Disclosure helps defenders? Attackers? Explains reasons for less disclosure of vulnerabilities for military, intel, & physical Explains reasons for less disclosure of vulnerabilities for military, intel, & physical Explains reasons for greater disclosure for many software and computer system settings Explains reasons for greater disclosure for many software and computer system settings Other reasons to consider disclosure or not Other reasons to consider disclosure or not FOIA/accountability FOIA/accountability Privacy/confidentiality Privacy/confidentiality Have an intellectual framework for proceeding Have an intellectual framework for proceeding

Download ppt "A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII."

Similar presentations

Security Market: Incentives for Disclosure of Vulnerabilities Peter P. Swire Ohio State University Houston/Sante Fe Conference June 4, 2005.

Security Market: Incentives for Disclosure of Vulnerabilities Peter P. Swire Ohio State University Houston/Sante Fe Conference June 4, 2005.
Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.

Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.
Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington.

What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington.
Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software.

Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software.
Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.

Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.
A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.

TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Cyber Metrics in the DoD or How Do We Know What We Don’t Know? John S. Bay, Ph.D. Executive Director.

Cyber Metrics in the DoD or How Do We Know What We Don’t Know? John S. Bay, Ph.D. Executive Director.
Source: G. Stylianou - Writing for Computer Science, Justin Zobel Ethics.

Source: G. Stylianou - Writing for Computer Science, Justin Zobel Ethics.
Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.

HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Similar presentations

Ads by Google