Differences

This shows you the differences between two versions of the page.

--- security_economics [2018/05/22 20:49] – channam.ngo@unitn.it
+++ security_economics [2018/11/26 00:34] – [Beyond 1-5 Risk Matrices: quantitative likelihood] fabio.massacci@unitn.it
@@ Line 5: / Line 5: @@
+  * On the fairness of seucirty taxes in presence on interdependence
+  * Estimating quantitative likelihood
   * Cyber-Insurance: good for your company, bad for your country?
-  * The Work Averse Attacker Model
+  * The Work Averse Attacker Model (A different way to consider attackers)
   * Black markets actually work!
   * Risk vs Rule base regulation: what is the best way to regulate?
@@ Line 14: / Line 16: @@
 See also our section on [[vulnerability_discovery_models|Finding and Assessing Vulnerabilities]] in particular if you are interesting in understanding what's the risk reduction for different types of vulnerabilities and [[malware_analysis|Malware Analysis]].
-==== FuturesMEX: Secure, distributed futures market exchange ====
+====  Beyond 1-5 Risk Matrices: estimating quantitative attack success likelihood from data  ===
-In the IEEE Symposium on Security and Privacy (2018), one of the top tier security conferences, we presented our work in {{:sp18.pdf|futures exchange decentralization}}.
-Futures exchange is the operator of a futures market which consists of traders who bid and ask for futures contracts --- standardized promises to buy or sell an underlying asset that are made today and to be fulfilled in a future date. To make sure the traders can meet the promises the exchange requires them to deposit some initial money into their cash reserve.
+Several definitions of risk exist (probability and impact, uncertainty and expected consequence, etc.) but at the end of the day they all ultimately collapse to the intuitive relation
-An exchange has three main functions: (1) Price discovery that allows traders to post/cancel limit orders to form the anonymous order book where only price and volume are publicly visible but not the identity of the traders that post the orders; (2) Transaction management in which the exchange processes the market orders for actual transactions; and (3) Risk management where the exchange constantly monitors the short positions' trading account to make sure they can meet their promises regarding the new market price.
+  * //Risk = Impact · Likelihood//
-As of today, all the exchanges are centralized, e.g. the Chicago Mercantile Exchange which is among the largest exchanges in the world. To replicate the functionality of an exchange in a distributed system is not a trivial task. It is easy to see that first one needs to maintain the market integrity along side with solving the consensus problem as other previous secure distributed systems, e.g. Bitcoin. It is however less obvious to notice the challenges that are specific to futures market. including account confidentiality, trader anonymity. The non-monotonic behavior of the futures market in which honest actions can invalidate past security evidences is also a novel challenge. Finally, for a decentralized exchange to be viable one must maintain the proportional burden property to alleviate the effort required by the retail and institutional traders in the presence of the high frequency traders.
+For a company, impact is easy to calculate as data about one's own asset is routinely collected. Likelihood is stillthe holy grail. So, both ISO/27001 and NIST 800-30 standards suggest the use of risk matrices as a tool to support such decisions. Table III reports a simple example of a 3x3 risk matrix, where the interaction between the rare, frequent, certain likelihood levels and the minor, severe, critical consequence levels, results in a final 3-level risk evaluation from low to high. This is pretty rough and well known to be full of errors.
-We design a hybrid solution and opt to use as much standard crypto building blocks as possible including public ledger, anonymous communication network, commitment scheme, zero-knowledge proof system, Merkle tree and generic MPC.
-To overcome the denial-of-service attack where the adversary aborts the protocol, we make the abort costly. In particular we employ the penalty strategy of Hawk (S&P 16) in which the initial cash reserve is locked and only released after the final Mark To Market phase. The aborting party is prevented to join the final phase hence he will lose the deposit --- the ultimate possible financial penalty.
-Using the Lean Hog futures data in the first quarter of 2017 obtained from the CME, we demonstrate that our hybrid solution is able to maintain proportional burden in which the crypto overhead for the retail traders are close to zero while the full MPC solution yields magnitude of orders higher burden for them. Our optimized implementation is also practical enough to fit most of the Lean Hog trading days into only 1 or 2 days of computation. Further optimizations are possible, such as zk-proofs generation parallelization.
 ==== Cyber-Insurance: good for your company, bad for your country? ====
@@ Line 74: / Line 70: @@
 If you like to have an idea of the model this other picture shows you the Change in the number of attacked systems for two attacks against different systems Δ = T days apart ({{:research_activities:economics:model_extended2.pdf|PDF}}).
-If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (COmmon Vulnerability Scoring System) v3 world standard.
+If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (Common Vulnerability Scoring System) v3 world standard.