User Tools
security_economics
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security_economics [2018/05/22 20:49] channam.ngo@unitn.it |
security_economics [2021/01/29 10:58] (current) |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| + | * On the fairness of seucirty taxes in presence on interdependence | ||
| + | * Estimating quantitative likelihood | ||
| * Cyber-Insurance: good for your company, bad for your country? | * Cyber-Insurance: good for your company, bad for your country? | ||
| - | * The Work Averse Attacker Model | + | * The Work Averse Attacker Model (A different way to consider attackers) |
| * Black markets actually work! | * Black markets actually work! | ||
| * Risk vs Rule base regulation: what is the best way to regulate? | * Risk vs Rule base regulation: what is the best way to regulate? | ||
| Line 14: | Line 16: | ||
| See also our section on [[vulnerability_discovery_models|Finding and Assessing Vulnerabilities]] in particular if you are interesting in understanding what's the risk reduction for different types of vulnerabilities and [[malware_analysis|Malware Analysis]]. | See also our section on [[vulnerability_discovery_models|Finding and Assessing Vulnerabilities]] in particular if you are interesting in understanding what's the risk reduction for different types of vulnerabilities and [[malware_analysis|Malware Analysis]]. | ||
| - | ==== FuturesMEX: Secure, distributed futures market exchange ==== | + | ==== Beyond 1-5 Risk Matrices: estimating quantitative attack success likelihood from data === |
| - | In the IEEE Symposium on Security and Privacy (2018), one of the top tier security conferences, we presented our work in {{:sp18.pdf|futures exchange decentralization}}. | + | |
| - | Futures exchange is the operator of a futures market which consists of traders who bid and ask for futures contracts --- standardized promises to buy or sell an underlying asset that are made today and to be fulfilled in a future date. To make sure the traders can meet the promises the exchange requires them to deposit some initial money into their cash reserve. | + | Several definitions of risk exist (probability and impact, uncertainty and expected consequence, etc.) but at the end of the day they all ultimately collapse to the intuitive relation |
| - | An exchange has three main functions: (1) Price discovery that allows traders to post/cancel limit orders to form the anonymous order book where only price and volume are publicly visible but not the identity of the traders that post the orders; (2) Transaction management in which the exchange processes the market orders for actual transactions; and (3) Risk management where the exchange constantly monitors the short positions' trading account to make sure they can meet their promises regarding the new market price. | + | * //Risk = Impact · Likelihood// |
| - | As of today, all the exchanges are centralized, e.g. the Chicago Mercantile Exchange which is among the largest exchanges in the world. To replicate the functionality of an exchange in a distributed system is not a trivial task. It is easy to see that first one needs to maintain the market integrity along side with solving the consensus problem as other previous secure distributed systems, e.g. Bitcoin. It is however less obvious to notice the challenges that are specific to futures market. including account confidentiality, trader anonymity. The non-monotonic behavior of the futures market in which honest actions can invalidate past security evidences is also a novel challenge. Finally, for a decentralized exchange to be viable one must maintain the proportional burden property to alleviate the effort required by the retail and institutional traders in the presence of the high frequency traders. | + | For a company, impact is easy to calculate as data about one's own asset is routinely collected. Likelihood is stillthe holy grail. So, both ISO/27001 and NIST 800-30 standards suggest the use of risk matrices as a tool to support such decisions. So you get a 5x5 risk matrix, where the interaction between the rare, frequent, ..., certain likelihood levels and the minor, severe, ..., critical consequence levels results in a final 5-level risk evaluation from low to high. This is pretty rough and well known to be full of errors. |
| - | We design a hybrid solution and opt to use as much standard crypto building blocks as possible including public ledger, anonymous communication network, commitment scheme, zero-knowledge proof system, Merkle tree and generic MPC. | + | In our {{allodi-risa-17.pdf|Risk Analysis paper}} we show that it is possible to compute a quantitative estimation of the success of attack likelihood. Our measure is generated by technical data that all medium-large organizations already have in their infrastructure: vulnerability assessment tools are mandated to most firms processing credit cards, and periodic auditing for compliance requires VA reports to be handed to the assessor. Similarly, IDS and Firewall technologies are widely adopted. |
| - | + | ||
| - | To overcome the denial-of-service attack where the adversary aborts the protocol, we make the abort costly. In particular we employ the penalty strategy of Hawk (S&P 16) in which the initial cash reserve is locked and only released after the final Mark To Market phase. The aborting party is prevented to join the final phase hence he will lose the deposit --- the ultimate possible financial penalty. | + | |
| - | + | ||
| - | Using the Lean Hog futures data in the first quarter of 2017 obtained from the CME, we demonstrate that our hybrid solution is able to maintain proportional burden in which the crypto overhead for the retail traders are close to zero while the full MPC solution yields magnitude of orders higher burden for them. Our optimized implementation is also practical enough to fit most of the Lean Hog trading days into only 1 or 2 days of computation. Further optimizations are possible, such as zk-proofs generation parallelization. | + | |
| + | This data is currently often used in an unstructured way to either generate automatic reports on vulnerability severity, or to try to traceback known incidents. Our methodology proposes to correlate this data to measure on one side the exposure of a system to potential attacks, and on the other the opportunities that a successful attack has to breach a vulnerable system and escalate to the infrastructure. By enabling users in performing objective estimations of risk, our methodology makes a step forward toward the establishment of comparable measures for security | ||
| ==== Cyber-Insurance: good for your company, bad for your country? ==== | ==== Cyber-Insurance: good for your company, bad for your country? ==== | ||
| Line 74: | Line 72: | ||
| If you like to have an idea of the model this other picture shows you the Change in the number of attacked systems for two attacks against different systems Δ = T days apart ({{:research_activities:economics:model_extended2.pdf|PDF}}). | If you like to have an idea of the model this other picture shows you the Change in the number of attacked systems for two attacks against different systems Δ = T days apart ({{:research_activities:economics:model_extended2.pdf|PDF}}). | ||
| - | If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (COmmon Vulnerability Scoring System) v3 world standard. | + | If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (Common Vulnerability Scoring System) v3 world standard. |
| Line 227: | Line 225: | ||
| ===== Publications ===== | ===== Publications ===== | ||
| + | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{http://onlinelibrary.wiley.com/resolve/doi?DOI=10.1111/risa.12864|PDF at Publisher}}, {{http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Authors' draft}} | ||
| * F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{https://drive.google.com/file/d/0By02ZB0MmV0ZeUM5clBBUHdNdms/view?usp=sharing|Author's Draft PDF}} | * F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{https://drive.google.com/file/d/0By02ZB0MmV0ZeUM5clBBUHdNdms/view?usp=sharing|Author's Draft PDF}} | ||
| * L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_13.pdf|PDF}} | * L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_13.pdf|PDF}} | ||
security_economics.1527014983.txt.gz · Last modified: 2021/01/29 10:58 (external edit)
Page Tools
