Presentation is loading. Please wait.

Presentation is loading. Please wait.

What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington.

Published byMolly Cobb Modified over 11 years ago

Similar presentations

Presentation on theme: "What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington."— Presentation transcript:

1 What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington University TPRC-2001 October 28, 2001

2 Overview of the Talk n Military base is hidden but computer security is open n Compare physical & computer security n Model for openness in computer security n Economic model: monopoly v. competition n Military model: Sun Tzu v. Clausewitz n Applications n Research agenda

3 I. Physical and Computer Security n Physical walls and the pit covered with leaves n Computer security – Firewalls – Packaged software – Encryption

4 II. Model for Hiddenness in Computer Security n Static model n Dynamic model

5 Static Model for Openness n First-time vs. repeated attacks n Learning from attacks – Surveillance vs. other defenses n Communication among attackers – Script kiddies and the diffusion of knowledge

6 Dynamic Model n Security-enhancing effect – Many software bugs – Repeated attacks on computers – Security and inter-operability – Security expertise outside the organization n FOIA and other accountability effects

7 III. Economics and Openness in Computer Security n System information hidden -- monopolist about the security information n Open source and system information open - - competitive market n Strong presumption in economic theory for competitive market

8 Monopoly and Under-disclosure n Competitive market -- system/software designer discloses where benefits of disclosure exceed costs of disclosure n Monopolist -- costs $100 extra to re-design, but gains $10 per user; may not re-design n Disclosure may reduce market power n Disclosure may reduce network externalities

9 Other Lessons from Economics n Other market failures – Information asymmetries and under-openness n Government systems even stronger incentives to under-disclose – Lack the market incentive to disclose enough to gain sales – Optimal disclosure (competitive market) – Some disclosure (monopoly market)

10 IV. Military Strategy & Openness n Sun Tzu and all war is deception n Clausewitz and deception as incidental n Hiddenness and Terrain – Mountains (deception works) – Plains (deception doesnt work much) n Hiddenness and Technology – Detection -- binoculars & infrared – Communication -- radio and Internet

11 Military & Openness n Sun Tzu and the intelligence agencies n Brute force attack & Clausewitz – Hackers and the opposite of deception n Intellectual project – Military (usually hidden) – Economics (usually open) – Computer security (intuition unshaped)

12 V. Some Applications n Open source movement as better security? – When is there security through obscurity? n DMCA and Felton case – Ignores the security-enhancing effect n Classified employees for computer security? n Carnivore as open source? n New FOIA limits on computer security?

13 Concluding Thoughts n A new field of study: – What should be hidden or open in computer security? – Future conferences and studies on this? n Big shift to openness for computer security compared to physical security n What is optimal for military computer systems n I invite comments, sources, and questions!

Download ppt "What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington."

Similar presentations

Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.

Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.
Telecom, Privacy & Security After September 11 Professor Peter P. Swire Ohio State University Ohio Telecommunications Industry Association October 2, 2001.

Telecom, Privacy & Security After September 11 Professor Peter P. Swire Ohio State University Ohio Telecommunications Industry Association October 2, 2001.
Security Market: Incentives for Disclosure of Vulnerabilities Peter P. Swire Ohio State University Houston/Sante Fe Conference June 4, 2005.

Security Market: Incentives for Disclosure of Vulnerabilities Peter P. Swire Ohio State University Houston/Sante Fe Conference June 4, 2005.
A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.

Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.
Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software.

Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software.
Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique Peter Swire Moritz College of Law Attorneys General Education.

Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique Peter Swire Moritz College of Law Attorneys General Education.
A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
Align an IT Strategy to the Industry Vision

Align an IT Strategy to the Industry Vision
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
Innovation, Intellectual Property, and Economic Growth Lecture outline: Overview of course Introduction to innovation Definitions Nature of innovation.

Innovation, Intellectual Property, and Economic Growth Lecture outline: Overview of course Introduction to innovation Definitions Nature of innovation.
Develop an Information Strategy Plan

Develop an Information Strategy Plan
Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Information and Communication Technology (ICT). Curriculum Structure ICT includes three parts: 1. Compulsory Part (55%) 2. Elective Part (25%) 3. School-based.

Information and Communication Technology (ICT). Curriculum Structure ICT includes three parts: 1. Compulsory Part (55%) 2. Elective Part (25%) 3. School-based.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.
Clausewitz VS Sun Tzu Nasim Ibrahim i36022. Clausewitz and Sun Tzu -Prussia and China - 200 vs 2000 years ago - war is the main concept for both of them.

Clausewitz VS Sun Tzu Nasim Ibrahim i Clausewitz and Sun Tzu -Prussia and China vs 2000 years ago - war is the main concept for both of them.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals

Similar presentations

Ads by Google