econsec_toulouse

Open are open source systems more dependable its are

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ms more dependable? It’s Are easier for the attackers to find vulnerabilities, but also easier for the defenders to find and fix them also Theory: openness helps both equally if bugs are Theory: random in standard dependability model random So maybe we should keep systems closed So (Rescorla) – but this is an empirical question (Rescorla) So get the statistics: bugs are correlated in a So number of real systems (‘Milk or Wine?’) number Trade-off: the gains from this, versus the risks to Trade-off: systems whose owners don’t patch systems Vulnerability Markets Vulnerability Security isn’t just a lemons market – even the Security vendor often doesn’t know the quality of his software software Insurance can be problematic because of interfirm failure correlation Camp and Wolfram (2000), Schechter (2002): try Camp vulnerability markets vulnerability Two traders now exist (but prices secret) Alternatives - software quality derivatives Alternatives (Böhme), bug auctions (Ozment) (Böhme), How Much to Spend? How How much should firms spend on information How security? security? Governments, vendors say: much much more Governments, than at present (But they’ve been saying this for 20 years!) 20 Measurements of security return-on-investment Measurements suggest current expenditure may be about right suggest But SMEs spend too little, big firms too much, But and governments way too much and Adams: it’s the selection of the risk managers Games on Networks Games The topology of a network can be important! Barabási and Albert showed that a scale-free Barabási network could be attacked efficiently by targeting its high-order nodes its Think: rulers target Saxon landlords / Ukrainian Think: kulaks / Tutsi schoolteachers /… kulaks Can we use evolutionary game theory ideas to Can figure out how networks evolve? figure Idea: run many simulations between different Idea: attack / defence strategies attack Games on Networks (2) Games Vertex-order attacks with: Black – normal (scalefree) node free) replenishment replenishment Green – defenders Green replace high-order nodes with rings nodes Cyan – they use Cyan cliques (c.f. system biology …)...
View Full Document

This document was uploaded on 01/14/2014.

Ask a homework question - tutors are online