4 statements
play

4 statements Statement 2 about science and security Statement 3 - PowerPoint PPT Presentation

Jun 19, 2023 •106 likes •577 views

4 SoS D. Pavlovic Statement 1 4 statements Statement 2 about science and security Statement 3 Statement 4 Dusko Pavlovic Kestrel Institute and Oxford University Science of Security Workshop Oakland, CA 17-18 November 2008 rs rs rs rs

  1. 4 SoS D. Pavlovic Statement 1 4 statements Statement 2 about science and security Statement 3 Statement 4 Dusko Pavlovic Kestrel Institute and Oxford University Science of Security Workshop Oakland, CA 17-18 November 2008

  2. rs rs rs rs rs rs 4 SoS Secure channels on insecure networks D. Pavlovic Statement 1 It is easy to set up a secure channel Statement 2 Statement 3 A B Statement 4 ν x A to B : g x ν y B to A : g y kAB = ( gy ) x kAB = ( gx ) y

  3. rs rs rs rs rs rs rs rs rs rs 4 SoS Secure channels on insecure networks D. Pavlovic Statement 1 It is hard to know who you are talking to Statement 2 Statement 3 A M B Statement 4 ν x A to B : g x ν � x A to B : g � x ν y B to A : g y ν � y B to A : g � y k AB = g x � y g x � y g � xy k AB = g � xy

  4. 4 SoS What is the problem with authentication? D. Pavlovic Statement 1 Statement 2 Statement 3 Why is it that Statement 4 ◮ encryptions are broken once in a while ◮ authentications are broken daily?

  5. 4 SoS What is the problem with authentication? D. Pavlovic Statement 1 Statement 2 Statement 3 Why is it that Statement 4 ◮ Shannon’s first memo introduced a science ◮ Shannon’s second memo applied it to secrecy ◮ . . . but it doesn’t really apply to authentication?

  6. 4 SoS Authentication is a hard problem for science D. Pavlovic Statement 1 Statement 2 Derive global facts from local observations Statement 3 Statement 4

  7. 4 SoS Authentication is a hard problem for science D. Pavlovic Statement 1 Statement 2 Derive global facts from local observations Statement 3 Statement 4 René Descartes: "I think, therefore I exist."

  8. 4 SoS Authentication is a hard problem for science D. Pavlovic Statement 1 Statement 2 Derive global facts from local observations Statement 3 There is no logical impossibility in the hypothesis Statement 4 that the world sprang into being five minutes ago, exactly as it then was, with a population that "remembered" a wholly unreal past. Bertrand Russell The Analysis of Mind

  9. 4 SoS Authentication is a hard problem for science D. Pavlovic — like the existence of God for religion? Statement 1 Statement 2 Derive global facts from local observations Statement 3 There is no logical impossibility in the hypothesis Statement 4 that the world sprang into being five minutes ago, exactly as it then was, with a population that "remembered" a wholly unreal past. Bertrand Russell The Analysis of Mind

  10. 4 SoS Statement 1 D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ Secrecy is no problem. ◮ Authentication is the problem.

  11. 4 SoS Where does security come from? D. Pavlovic Statement 1 About 6000 years ago, Kain’s son Bob built a secure vault Statement 2 Statement 3 Statement 4 Bob Alice ℓ 5 ℓ 2 ℓ 4 ℓ 3 ℓ 1

  12. 4 SoS Where does security come from? D. Pavlovic Statement 1 and stored his goods in it. Statement 2 Statement 3 Statement 4 Bob Alice ℓ 5 ℓ 2 ℓ 4 ℓ 3 ℓ 1

  13. 4 SoS Where does security come from? D. Pavlovic Statement 1 and stored his goods in it. When Alice wanted to go for a Statement 2 vacation Statement 3 Statement 4 Bob ℓ 5 ℓ 2 Alice ℓ 4 ℓ 3 ℓ 1

  14. 4 SoS Where does security come from? D. Pavlovic Statement 1 and stored his goods in it. When Alice wanted to go for a Statement 2 vacation, she stored her goods there too. Statement 3 Statement 4 Bob Alice ℓ 5 ℓ 2 ℓ 4 ℓ 3 ℓ 1

  15. 4 SoS Where does security come from? D. Pavlovic As a receipt for her deposit in Bob’s vault, Alice got a secure Statement 1 token in a clay envelope . Statement 2 Statement 3 Statement 4 Figure: Louvre, Paris

  16. 4 SoS Where does security come from? D. Pavlovic As a receipt for her deposit in Bob’s vault, Alice got a secure Statement 1 token in a clay envelope . Statement 2 Statement 3 Statement 4 Figure: Louvre, Paris ◮ To take the sheep, Alice must give the token.

  17. 4 SoS Where does security come from? D. Pavlovic As a receipt for her deposit in Bob’s vault, Alice got a secure Statement 1 token in a clay envelope . Statement 2 Statement 3 Statement 4 Figure: Louvre, Paris ◮ To take the sheep, Alice must give the token. ◮ To give the sheep, Bob must take the token.

  18. 4 SoS Where does security come from? D. Pavlovic As a receipt for her deposit in Bob’s vault, Alice got a secure Statement 1 token in a clay envelope . Statement 2 Statement 3 Statement 4 Figure: Louvre, Paris ◮ To take the sheep, Alice must give the token. ◮ To give the sheep, Bob must take the token. ◮ Anyone who gives the token can take the sheep.

  19. 4 SoS Where does security come from? D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ This protocol goes back to Uruk (Irak), 4000 B.C.

  20. 4 SoS Where does security come from? D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ This protocol goes back to Uruk (Irak), 4000 B.C. ◮ Money developed from security tokens.

  21. 4 SoS Where does security come from? D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ This protocol goes back to Uruk (Irak), 4000 B.C. ◮ Money developed from security tokens. ◮ Numbers developed from security annotations.

  22. 4 SoS Where does security come from? D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ This protocol goes back to Uruk (Irak), 4000 B.C. ◮ Money developed from security tokens. ◮ Numbers developed from security annotations. ◮ Writing developed later.

  23. 4 SoS Where does security come from? D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ This protocol goes back to Uruk (Irak), 4000 B.C. ◮ Money developed from security tokens. ◮ Numbers developed from security annotations. ◮ Writing developed later. ◮ Science developed still later.

  24. 4 SoS Statement 2 D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 Security is older and broader than science.

  25. 4 SoS Security is a social process D. Pavlovic Statement 1 Statement 2 ◮ Studying security as a mere technical problem Statement 3 ◮ computer security Statement 4 ◮ web security ◮ airport security ◮ . . .

  26. 4 SoS Security is a social process D. Pavlovic Statement 1 Statement 2 ◮ Studying security as a mere technical problem Statement 3 ◮ computer security Statement 4 ◮ web security ◮ airport security ◮ . . . is like ◮ studying lung diseases as mere physiology ◮ ignoring that some people smoke ◮ some people grow and sell tobacco ◮ some people collect taxes ◮ . . .

  27. 4 SoS Statement 3 D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 ◮ Security-on-its-own is simple. ◮ Security-in-its-social-context is complex.

  28. 4 SoS Adverse selection D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 T RUST E-certified uncertified honest 94.6% 97.5% malicious 5.4% 2.5 % Table: Trustworthyness of T RUST E [Edelman 2007]

  29. 4 SoS Adverse selection D. Pavlovic Statement 1 Statement 2 Statement 3 Google Statement 4 sponsored organic top 4.44% 2.73% top 3 5.33% 2.93 % top 10 5.89% 2.74 % top 50 5.93% 3.04 % Table: Malicious search engine placements [Edelman 2007]

  30. 4 SoS Adverse selection D. Pavlovic Statement 1 Statement 2 Statement 3 Yahoo! Statement 4 sponsored organic top 6.35% 0.00% top 3 5.72% 0.35 % top 10 5.14% 1.47 % top 50 5.40% 1.55 % Table: Malicious search engine placements [Edelman 2007]

  31. 4 SoS Adverse selection D. Pavlovic Statement 1 Statement 2 Statement 3 Ask Statement 4 sponsored organic top 7.99% 3.23% top 3 7.99% 3.24 % top 10 8.31% 2.94 % top 50 8.20% 3.12 % Table: Malicious search engine placements [Edelman 2007]

  32. 4 SoS Adverse selection D. Pavlovic Statement 1 Statement 2 Statement 3 Statement 4 "Pillars of the society" phenomenon ◮ social hubs are more often corrupt ◮ the rich are more often thieves ◮ . . .

  33. 4 SoS Trust distribution D. Pavlovic Statement 1 Statement 2 Statement 3 Theorem Statement 4 In the long run, the distribution of the number of trustees with trust rating n is � n C · n − ( 1 + 1 c ) · w n γ ℓ ≈ ℓ = 1 where γ ℓ is the probability that a principal with trust rating ℓ is malicious.

  34. 4 SoS What does this mean? D. Pavlovic Trust is like money Statement 1 Statement 2 If γ ℓ → 1 fast enough (the cheaters do not wait too long), Statement 3 then the distribution of trust is scale free. Statement 4 Figure: Power law w ( x ) = ax − ( 1 + b )

  35. 4 SoS What does this mean? D. Pavlovic Statement 1 Origin of scale-free distributions Statement 2 Statement 3 V. Pareto: "The rich get richer" Statement 4

  36. 4 SoS What does this mean? D. Pavlovic Statement 1 Origin of scale-free distributions Statement 2 Statement 3 V. Pareto: "The rich get richer" Statement 4 Robustness of scale free distributions The market is stabilized by the hubs of wealth.

  37. 4 SoS What does this mean? D. Pavlovic Statement 1 Origin of scale-free distributions Statement 2 Statement 3 V. Pareto: "The rich get richer" Statement 4 Robustness of scale free distributions The market is stabilized by the hubs of wealth. Fragility of scale free distributions Theft is easier when there are very rich people.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Safe Harbor Statements Forward Looking Statements All statements, other than statements of

Safe Harbor Statements Forward Looking Statements All statements, other than statements of

Safe Harbor Statements Forward Looking Statements All statements, other than statements of historical fact, included in this presentation, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995,

359 views • 20 slides
Statements So far, we ve used return statements and expression statements. Control Flow

Statements So far, we ve used return statements and expression statements. Control Flow

1/30/14 Statements So far, we ve used return statements and expression statements. Control Flow Statements Most of C s remaining statements fall into three categories: o Selection statements: if and switch o Iteration

569 views • 15 slides
Forward Looking Statements This presentation includes forward looking statements. Such statements

Forward Looking Statements This presentation includes forward looking statements. Such statements

Forward Looking Statements This presentation includes forward looking statements. Such statements are generally not historical in nature, and specifically include statements about the Companys plans, strategies, business prospects, changes and

584 views • 21 slides
This presentation may include certain forward looking statements. All statements other than

This presentation may include certain forward looking statements. All statements other than

This presentation may include certain forward looking statements. All statements other than statements of historical fact, included herein, including, without limitation, statements regarding future plans and objectives of Canacol Energy Ltd. (

521 views • 22 slides
Forward Looking Statements Certain statements in this presentation, including statements regarding

Forward Looking Statements Certain statements in this presentation, including statements regarding

Forward Looking Statements Certain statements in this presentation, including statements regarding our business, financial condition, results of operation, cash flows, strategies and prospects, constitute "forward-looking statements"

1.78k views • 132 slides
2018 Page 2 Cautionary statements Statements in this presentation, other than statements of

2018 Page 2 Cautionary statements Statements in this presentation, other than statements of

Energy Corporation August 6, Investor Presentation 2018 Page 2 Cautionary statements Statements in this presentation, other than statements of historical fact, are forward-looking statements within the meaning of Section 27A of the

770 views • 30 slides
These factors include, but are not limited to, general market, macro-economic, governmental and

These factors include, but are not limited to, general market, macro-economic, governmental and

Forward Looking Statements This presentation contains statements that contain forward looking statements including, but without limitation, statements relating to the implementation of strategic initiatives, and other statements relating to

259 views • 13 slides
Forward-Looking Statements Forward-Looking Statements This information and other statements by

Forward-Looking Statements Forward-Looking Statements This information and other statements by

1 Forward-Looking Statements Forward-Looking Statements This information and other statements by the company may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act with respect to, among other

365 views • 18 slides
1 1 Forward-Looking Statements Forward-Looking Statements This information and other statements

1 1 Forward-Looking Statements Forward-Looking Statements This information and other statements

1 1 Forward-Looking Statements Forward-Looking Statements This information and other statements by the company may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act with respect to, among

840 views • 34 slides
Forward-Looking Statements Forward-Looking Statements This information and other statements by

Forward-Looking Statements Forward-Looking Statements This information and other statements by

1 Forward-Looking Statements Forward-Looking Statements This information and other statements by the company may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act with respect to, among other

486 views • 10 slides
such forward-looking statements be subject to the safe-harbor provided by the Private Securities

such forward-looking statements be subject to the safe-harbor provided by the Private Securities

Statements made during todays presentation will include forward -looking statements, including statements regarding our expectations, beliefs, intentions or strategies regarding the future, including statements around projected spending. We

580 views • 53 slides
Nonconfidential March 2020 1 Forward Looking Statements Any statements, other than statements

Nonconfidential March 2020 1 Forward Looking Statements Any statements, other than statements

Nonconfidential March 2020 1 Forward Looking Statements Any statements, other than statements of historical facts, made in this presentation regarding our future financial or business performance, conditions, plans, prospects, trends, or

907 views • 31 slides
FINANCIAL STATEMENTS MARCH 2019 WHAT ARE FINANCIAL STATEMENTS Financial statements are

FINANCIAL STATEMENTS MARCH 2019 WHAT ARE FINANCIAL STATEMENTS Financial statements are

ANNUAL FINANCIAL STATEMENTS MARCH 2019 WHAT ARE FINANCIAL STATEMENTS Financial statements are written records that convey the business activities and financial performance of a company. NJMPF financial statements are audited by

372 views • 18 slides
Forward Looking Statements Certain statements in this presentation are forward-looking

Forward Looking Statements Certain statements in this presentation are forward-looking

One Target: Infinite Hope Corporate Presentation Q1 2018 TSX: MDNA OTCQX: MDNAF 1 Forward Looking Statements Certain statements in this presentation are forward-looking statements. Any statements that express or involve

389 views • 22 slides
Forward Looking Statements Certain statements in this presentation are forward-looking

Forward Looking Statements Certain statements in this presentation are forward-looking

One Target. Infinite Hope Corporate Presentation Fall 2017 TSX: MDNA 1 Forward Looking Statements Certain statements in this presentation are forward-looking statements. Any statements that express or involve discussions with

468 views • 23 slides
I N V ES TOR P R ES EN TATION N Y S E: CIO FORWARD LOOKING STATEMENTS Certain statements

I N V ES TOR P R ES EN TATION N Y S E: CIO FORWARD LOOKING STATEMENTS Certain statements

I N V ES TOR P R ES EN TATION N Y S E: CIO FORWARD LOOKING STATEMENTS Certain statements contained in this presentation, including those that express a belief, expectation or intention, as well as those that are not statements of historical

559 views • 19 slides
Foster Hartmann Lafortune Kavraki Kress-Gazit Loo Madhusudan Bodik Expeditions in Computer

Foster Hartmann Lafortune Kavraki Kress-Gazit Loo Madhusudan Bodik Expeditions in Computer

Foster Hartmann Lafortune Kavraki Kress-Gazit Loo Madhusudan Bodik Expeditions in Computer Augmented Program Engineering Martin http://excape.cis.upenn.edu/ Alur Cornell, Maryland, Michigan, MIT, Penn, Rice, UC Berkeley, UCLA, UIUC NSF

508 views • 27 slides
An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine Meadows Dusko Pavlovic NRL Kestrel Institute Iliano Cervesato Tulane University CSFW 2005 June 20, 2005 Contributions Separate

516 views • 29 slides
Aleksandar Milicevic Rustan Leino Aleksandar Milicevic Rustan Leino Aleksandar Milicevic

Aleksandar Milicevic Rustan Leino Aleksandar Milicevic Rustan Leino Aleksandar Milicevic

Aleksandar Milicevic Rustan Leino Aleksandar Milicevic Rustan Leino Aleksandar Milicevic Rustan Leino Specifications are good Formally give meaning to your programs Typically used to check a separate program Program verification

519 views • 29 slides
Improving Running Components Evan Weaver Twitter, Inc. QCon London, 2009 Many tools: Rails C

Improving Running Components Evan Weaver Twitter, Inc. QCon London, 2009 Many tools: Rails C

Improving Running Components Evan Weaver Twitter, Inc. QCon London, 2009 Many tools: Rails C Scala Java MySQL Rails front-end: rendering cache composition db querying Middleware: Memcached Varnish (cache) Kestrel (MQ) comet server

799 views • 43 slides
Getting Started with .NET Core 2.0 on macOS (and Windows, too) Jeremy Clark

Getting Started with .NET Core 2.0 on macOS (and Windows, too) Jeremy Clark

Getting Started with .NET Core 2.0 on macOS (and Windows, too) Jeremy Clark www.jeremybytes.com @jeremybytes What is .NET Core? Cross-Platform .NET Runs on macOS, Linux, and Windows Can be compiled to machine code based on

1.17k views • 15 slides
Data Acquisition Axel Ngonga Lead Data Acquisition BIG Data PPF http://big-project.eu

Data Acquisition Axel Ngonga Lead Data Acquisition BIG Data PPF http://big-project.eu

Data Acquisition Axel Ngonga Lead Data Acquisition BIG Data PPF http://big-project.eu Motivation Increasing amout of data 4K new pictures on Instagram 100K tweets 800K new pieces of content on Facebook Motivation

403 views • 16 slides
On unreasonable ineffectiveness Problem of security engineering: Background Analysis the case

On unreasonable ineffectiveness Problem of security engineering: Background Analysis the case

Ineffectiveness of trust D. Pavlovic On unreasonable ineffectiveness Problem of security engineering: Background Analysis the case of adverse selection Method of trust certificates Conclusion Dusko Pavlovic Kestrel Institute and Oxford

898 views • 85 slides
Writing Integration T ests for ASP.NET Core Web APIs: Part 2 Steve Gordon MICROSOFT DEVELOPER

Writing Integration T ests for ASP.NET Core Web APIs: Part 2 Steve Gordon MICROSOFT DEVELOPER

Writing Integration T ests for ASP.NET Core Web APIs: Part 2 Steve Gordon MICROSOFT DEVELOPER TECHNOLOGIES MVP @stevejgordon www.stevejgordon.co.uk t h s Creating a custom WebApplicationFactory Testing POST endpoints Overview - Testing

1.16k views • 18 slides

More recommend