/
16th  WATCH:   Security, Cybercrime and Scale 16th  WATCH:   Security, Cybercrime and Scale

16th WATCH: Security, Cybercrime and Scale - PowerPoint Presentation

calandra-battersby
calandra-battersby . @calandra-battersby
Follow
348 views
Uploaded On 2018-09-24

16th WATCH: Security, Cybercrime and Scale - PPT Presentation

Cormac Herley Microsoft Research THURSDAY March 21 st Noon Room 110 W ashington A rea T rustworthy C omputing H our NSF Stafford I Room 110 Noon ID: 677630

attacker attacks internet users attacks attacker users internet security watch motivated attackers series sufficiently mallory technical alice model provide

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "16th WATCH: Security, Cybercrime and ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

16th WATCH: Security, Cybercrime and ScaleCormac HerleyMicrosoft ResearchTHURSDAY March 21st , Noon, Room 110

W

ashingtonA reaT rustworthyC omputing H our

NSF Stafford I Room 110, Noon Public Invited

AbstractIn a traditional threat model a user Alice faces an attacker Mallory. Against a sufficiently motivated attacker Alice must neglect nothing. Assuming that Mallory will keep going until he exhausts his attacks (or succeeds) it is both necessary and sufficient to block all possible attacks. Thus, security is only as good as the weakest link, and so on. While simple, and appropriate in high-assurance settings, we show that this model does not scale and is inappropriate to the financially-motivated cybercrime that targets the masses.  It is arithmetically impossible that two billion Internet users face the sufficiently motivated attacker who will stop at nothing. The attackers who prey on Internet users are much more constrained. First, their attacks must be profitable on average: expected gain is greater than expected cost. Second, their attacks must either be scalable, or they must be able to locate viable targets with great accuracy (every failed attack reduces return). Third, they collide: independent attackers compete for the same victims, again reducing the return. Why does any of this matter? We argue that when we ignore attacker constraints,  we make things harder than they need be for defenders, and this is a luxury we can no longer afford.  Technology makes possible many attacks that economics shows to be infeasible.  When we ignore this we waste effort on the wrong things. We illustrate, with examples, that to reduce the harm experienced by Internet users it is more important to understand the economic constraints of attackers than their technical capabilities.SpeakerCormac Herley is a Principal Researcher at Microsoft Research, where he’s been since 1999. His main current interests are data analysis problems, authentication and the economics of information security. He has published widely in signal and image processing, information theory, multimedia, networking and security.  He is the inventor on over 70 US patents, and has shipped technologies used by hundreds of millions of users. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and  the BE(Elect) from the National University of Ireland.

About the WATCH series:Transforming today’s trusted but untrustworthy cyberinfrastructure into one that can meet society’s growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF’s Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and sponsored by the CISE Secure and Trustworthy Cyberspace (SaTC) Program. Talks will be recorded and made available over the Internet.

Questions/comments about WATCH?

Contact Keith Marzullo

kmarzull@nsf.gov

Thursday, March 21, 2013