welcome to cse 5 7338
play

Welcome to CSE 5/7338 Economics of Information Security Tyler Moore - PDF document

Aug 07, 2023 •132 likes •229 views

Notes Welcome to CSE 5/7338 Economics of Information Security Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 1 Logistics Syllabus Motivation Calendar Notes Course website Most info:

  1. Notes Welcome to CSE 5/7338 Economics of Information Security Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 1 Logistics Syllabus Motivation Calendar Notes Course website Most info: http://lyle.smu.edu/~tylerm/courses/econsec/ Blackboard for announcements, turning in assignments (distance students) Youtube channel for R screencasts 3 / 31 Logistics Syllabus Motivation Calendar Notes Syllabus http://lyle.smu.edu/~tylerm/courses/econsec/admin/ syllabus.html 4 / 31 Logistics Syllabus Motivation Calendar Notes Calendar http://lyle.smu.edu/~tylerm/courses/econsec/admin/ schedule.html 5 / 31

  2. Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Why is a computer scientist talking about economics? The conventional CS approach to security has failed Enumerate possible threats 1 Define attacker capabilities 2 Build systems to protect against these threats 3 Worked for encryption algorithms, but not Internet security 7 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: data breaches 8 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: phishing websites 9 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: botnets 10 / 31

  3. Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: critical infrastructure Source: http://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf 11 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: critical infrastructure 12 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Evidence of security failures: critical infrastructure Source: http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf 13 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes But why economics? Economics is a social science Studies behavior of individuals and firms in order to predict outcomes Models of behavior based on systematic observation Usually cannot run experiments as in bench science, but economics has developed ways to cope with differences inherent to observing the world Economics studies trade-offs between conflicting interests Recognizes that people operate strategically Have devised ways to model people’s interests and decision making 14 / 31

  4. Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Economics is not just about money Money helps to reveal preferences Money can serve as a common measure for costs and benefits As a discipline, economics examines much more than interactions involving money Economics studies trade-offs between conflicting interests Conflicting interests and incentives appear in many circumstances where money never changes hands 15 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Attackers operate strategically Cannot expect attackers to respect stated assumptions of behavior Threat modeling focuses an engineer’s task, which can harden a resource against particular attacks But system design does not exist in a vacuum – attackers can adapt to find holes in areas not considered by the threat model Must understand what motivates attackers For cybercriminals this could be profit For hacktivists this could be attention and disruption In each case, attackers will seek the least costly way to reach their goal 16 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Botnet operators operate strategically (motivated by $) 17 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Phishing gangs operate strategically (exploit weakest link) 25 Hongkong China .hk domain phishing site lifetime (days) 20 .cn domain 15 10 5 0 March April May Source: Moore & Clayton (2007), own aggregation Take-down latency for phishing attacks targeting different registrars in spring 2007; lines are five-day moving averages broken down by top-level domain 18 / 31

  5. Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Defenders also operate strategically Those responsible for protecting information systems naturally must consider their own interests Often, there are multiple stakeholders responsible for defense Sometimes defenders’ interests conflict Sometimes the interests of defenders do not align with those of society 19 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Let’s return to critical infrastructure protection 20 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes Incentives for critical infrastructure protection Critical infrastructure operators + Upgrading to IP-based systems brings huge efficiency gains - Maintaining physical separation of networks reduces efficiency and drives up operating costs - Likelihood of an attack is low (based on history) - Cost of attack largely borne by society Consumers + Value reliability of service, including against attack - Prefers low cost service - Cannot distinguish between security investments among firms Governments + Value reliability of service, including against attack + Fears political consequences of an attack, given national defense remit - Lack of budget to fund security - Lack of expertise to improve security on privately-controlled systems 21 / 31 Why computer science alone can’t fix information security Logistics Why economics offers a useful perspective Motivation How economics can help information security Notes So what’s the outcome? Absent regulation to compel behavior, stakeholders act in their own interest based on their incentives and capabilities Only operators, not consumers or governments, are capable of improving security So their incentives matter most! On balance, they are likely to tolerate a high level of insecurity in their systems We can also compare this outcome to what seems ‘best’ In economics jargon, this is the search for the social optimum The social optimum maximizes expected utility More detail on how to compute this later on, but for now, we can intuit what the social optimum might be Question #1: is complete security of critical infrastructures socially optimal? Question #2: why hasn’t the market delivered the socially optimal outcome? 22 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UMMS A LUMNI S URVEY : F INAL R EPORT R ESPONSE R ATE : 35% (2558/7338) AS OF A UGUST 2011 S URVEY

UMMS A LUMNI S URVEY : F INAL R EPORT R ESPONSE R ATE : 35% (2558/7338) AS OF A UGUST 2011 S URVEY

UMMS A LUMNI S URVEY : F INAL R EPORT R ESPONSE R ATE : 35% (2558/7338) AS OF A UGUST 2011 S URVEY M ETHODOLOGY Developed in collaboration with I.S. & U.I.T.S. Disseminated first institution-wide alumni survey in October 2010

431 views • 21 slides
Cost-benefit analysis Tyler Moore CSE 5/7338 Computer Science & Engineering Department, SMU,

Cost-benefit analysis Tyler Moore CSE 5/7338 Computer Science & Engineering Department, SMU,

Notes Cost-benefit analysis Tyler Moore CSE 5/7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 10 Review of security investment so far Notes Metrics for quantifying security benefits ALE 0 : expected loss without

311 views • 7 slides
Introduction to Game Theory Tyler Moore CSE 7338 Computer Science & Engineering Department,

Introduction to Game Theory Tyler Moore CSE 7338 Computer Science & Engineering Department,

Notes Introduction to Game Theory Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lectures 78 Notes Outline Proposal feedback 1 Review: rational choice model 2 Game theory 3 Mixed strategies 4

511 views • 15 slides
Course Overview, Introduction to Economics and Security Tyler Moore CSE 7338 Computer Science

Course Overview, Introduction to Economics and Security Tyler Moore CSE 7338 Computer Science

Notes Course Overview, Introduction to Economics and Security Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 1 Notes Outline Logistics 1 Motivation 2 Intro to Economics: Key notions 3 Intro

769 views • 32 slides
Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Notes Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 2 Notes Outline Managing security investment 1 Security metrics 2 R 3

605 views • 16 slides
Optimal filter and Cost-Benefit Analysis Tyler Moore CSE 7338 Computer Science & Engineering

Optimal filter and Cost-Benefit Analysis Tyler Moore CSE 7338 Computer Science & Engineering

Notes Optimal filter and Cost-Benefit Analysis Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 3 Notes Outline Information security risk management 1 Optimal filter configuration 2 Cost-benefit

180 views • 14 slides
Data Exploration Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU,

Data Exploration Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU,

Notes Data Exploration Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 5 Notes Outline Data exploration 1 2 / 27 Data exploration Notes Guide to analyzing data Type of Data Exploration

90 views • 7 slides
Case-control studies, regression and survival analysis Tyler Moore CSE 7338 Computer Science

Case-control studies, regression and survival analysis Tyler Moore CSE 7338 Computer Science

Notes Case-control studies, regression and survival analysis Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lectures 67 Notes Outline Case-control studies 1 Regression and survival analysis 2 2 /

208 views • 20 slides
IT Economics Economic rules for the IT industry differ from those for other industries

IT Economics Economic rules for the IT industry differ from those for other industries

9/10/2013 Intro to Economics Part 2: Market Failures Lecture 5 CS5/7338 SMU Tyler Moore IT Economics Economic rules for the IT industry differ from those for other industries Rule #1: Network effects Value of a network grows

245 views • 8 slides
Modeling filter configuration Tyler Moore Computer Science & Engineering Department, SMU,

Modeling filter configuration Tyler Moore Computer Science & Engineering Department, SMU,

Notes Modeling filter configuration Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX CSE 5/7338 Lecture 9 ROC curves Optimal filter configuration An economic model of optimal filter configuration Notes

236 views • 5 slides
Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes evl.uic.edu/creativecoding/cs526 Computer Graphics 2 instructor angus graeme forbes course syllabus http://evl.uic.edu/creativecoding/cs526 lab page

571 views • 45 slides
UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web development presentation Discussed future topics for meetings Talked about getting involved on our GH github.com/ucyber Moved

330 views • 8 slides
ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect Embedded Systems Division mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux

544 views • 17 slides
Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research

Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research

Introduction to Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research articles and six books O CISSP, CNDA, CEH and others O Consultant for US Military and Private corporations Agenda O Elements of

680 views • 27 slides
C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T WA R E O B F U S C AT I O N

C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T WA R E O B F U S C AT I O N

H A C K I N PA R I S 2 0 1 4 S E B A S T I E N A N D R I V E T C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T WA R E O B F U S C AT I O N About me S i n c e J u n e 2 014 S e n i o r S e c u r i t y E n g i n e e

1.07k views • 59 slides
CSCI 21 215 Soc ocial & Eth thical Iss Issues In In Com omputing Class 8 Hackers,

CSCI 21 215 Soc ocial & Eth thical Iss Issues In In Com omputing Class 8 Hackers,

CSCI 21 215 Soc ocial & Eth thical Iss Issues In In Com omputing Class 8 Hackers, Hacktivists, Personal Responsibility Not otes Homework 2 is Due Tonight Homework 3 will be posted sometime Tomorrow (?) Homework 3s

457 views • 30 slides
1 Prof. S. Ben-Yaakov , Dc-DC Converters [7- 4] Full Bridge FB L V x V C V o S 1 S 3 C R T

1 Prof. S. Ben-Yaakov , Dc-DC Converters [7- 4] Full Bridge FB L V x V C V o S 1 S 3 C R T

Prof. S. Ben-Yaakov , Dc-DC Converters [7- 1] Half Bridge, Full Bridge, Push-Pull, Cuk, SEPIC Prof. S. Ben-Yaakov , Dc-DC Converters [7- 2] Buck topology L V X V x V o S V in R C D t t on T S Buck derived topologies Forward - one

513 views • 7 slides
Overview of AC-DC & DC-AC Converters Pavol Bauer Learning objectives What are the

Overview of AC-DC & DC-AC Converters Pavol Bauer Learning objectives What are the

Overview of AC-DC & DC-AC Converters Pavol Bauer Learning objectives What are the possible topologies for AC- DC & DC-AC converters for both single and three phase AC systems? How are these power converters operating?

352 views • 13 slides
Direct current motor BDC Commutator Current direction = is changed! F B I l The

Direct current motor BDC Commutator Current direction = is changed! F B I l The

Direct current motor BDC Commutator Current direction = is changed! F B I l The current I turns the loop, when it has turned half a lap the current direction is changed so it continnues to turn all the way around and so on.

348 views • 31 slides
rr r rt

rr r rt

rr r rt rstrtr t r rs rt r

633 views • 46 slides
Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

COLE POLYTECHNIQUE FDRALE DE LAUSANNE Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see a graph more lovely than a tree. h l l th t A tree whose crucial property is loop-free

564 views • 45 slides
DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse

DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse

1/20/14 DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse Width Modulation) analog output feature of Arduinos equivalent to varying output voltage Use for dimming LEDs or

926 views • 59 slides
IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert

IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert

IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert W. Lindeman gogo@wpi.edu Motivation We've looked at how to get (some) physical input from the user Now we look at providing physical

368 views • 14 slides
Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan

Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan

Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan Hamilton Geometry and Topology Workshop Trinity College August 28, 2008 1 Topics: I. The tree of knot tunnels: a classification of all tunnels

465 views • 34 slides

More recommend