Quantifying Security

My colleague Satya has an intriguing idea for quantifying security:

http://csdl.computer.org/comp/mags/pc/2005/03/b3004.pdf


[B]etween the first and second editions, Knuth had become very famous. For many people, his autograph was worth more than $2, so many saved the check as a souvenir rather than cashing it.

This suggests a metric for that elusive attribute we call fame: what is the largest amount Knuth could have offered such that some fixed fraction of the checks (say, 50 percent) would never be cashed? That dollar figure is a reasonable metric of fame.

...

An operational approach to [security] might proceed as follows: Use software package A to guard some secret (such as a large random number), and welcome Internet attacks on the package for some time period (say, a week). Offer a reward of $X to the first person who discovers and reports the secret. If someone reports the secret, the package is clearly not usable.

The interesting case is when no one reports the secret within the specified time period. We cannot immediately conclude that the package has no vulnerabilities.

Having discovered a vulnerability, one or more successful attackers might remain silent in the hope of exploiting the vulnerability many times after the package is deployed. We have to conduct a game-theoretic analysis of an attackers state of mind to obtain the correct inference.

Suppose the reward, $X, is a large figure, and suppose package A will only be used to protect very small prizes when deployed. In that case, the attacker has more to gain by reporting success than by remaining silentthe attacker will always try to maximize his or her expected lifetime reward. We can then view the notation Successfully protected a reward of $X on the Internet for time period T in year YYYY as a security rating for package A.

Because computing technology improves over time and attack techniques grow more sophisticated, periodic recertification will be necessary to ensure that security ratings remain meaningful.

Comments

Post a Comment

Popular posts from this blog

How to Fix a Jammed Toyota Camry Trunk

This problem needs a higher pagerank, so I figured I would post the solution here. If your Toyota Camry trunk won't open, one possible reason is that it is set to valet mode. Valet mode means that you cannot open the trunk using the release lever inside the car. To set valet mode, you put the key into the trunk lock and turn it counterclockwise. You will know that your trunk is in valet mode if the lock is horizontal rather than vertical, and if you cannot open the trunk using the lever near the driver's seat. Of course, a problem is that sometimes the Camry can get stuck in valet mode, such that you can't use your key to get out of it. (You can see how I spent part of my Sunday morning ...) The solution turns out to be WD-40 . Spray some WD-40 on your key and on the lock. Put the key in, and jiggle it around, and happiness ensues. From an interaction design perspective, it sort of makes sense to have a valet mode. After all, the point of having a valet key is to limit the
Read more

Web 2.0 and Research

I've been chatting with many of my friends and colleagues about an issue that's been bugging me for a while, namely whether academic research has any role to play in the emerging Web 2.0 . I've been slowly coming to the conclusion that the answer is not much. I had a similar discussion with other researchers at HotMobile a few weeks ago. When the web first came out, pretty much every systems researcher ignored it because it was so ugly. The web was not very sophisticated in terms of distributed systems, HTTP lacked elegance, HTML conflated many different ideas, and so on. There were also not any really new ideas with the web, as evidenced by the fact that Tim Berners-Lee 's first paper on the Web was (probably rightfully) rejected from an ACM conference on hypertext. I'm sure one thing that really irked researchers about the nascent web was that it completely ignored the large body of work in hypertext and distributed systems that had preceded it. Even in 1997, as
Read more

NYTimes: It Takes a Cyber Village to Catch an Auto Thief

I like this idea of "open-source crime solving", as it reminds me a lot of PhishTank and CastleCops . It is, however, an idea that is fraught with issues of trust, reliability, and vigilantism. Online auto forums have helped unravel crimes before. Two years ago, a detective in Los Angeles used the forum on FreshAlloy.com, a Nissan enthusiast site, to track down victims of an elaborate fraud scheme. (That case, too, involved Nissan Skylines.) The Beyond.ca site had also played a role in earlier cases of what might be called open-source crime solving. A year ago one of its members saw a hit-and-run accident a block in front of him, said Shelton Kwan, who co-founded the site with his cousin Ken Chan in 2002. “He took pictures. And the guy who got hit was another member of ours.” NYTimes Link
Read more