professor ruslan smelianskiy 4. how can levels of cyber conflict and cooperation be measured and...
TRANSCRIPT
professor Ruslan Smelianskiy
4. How can levels of Cyber Conflict and Cooperation be measured and compared across technical
changes?
professor Ruslan Smelianskiy
On Information Security, Karl Popper and a peasant
Information Security: What Are We Dealing With?
professor Ruslan Smelianskiy
Outline
• Information Security - is it a science or is it an art?• If it is a science, is it a natural one or is it a social science?• If it is not an art, then even if it is engineering or applied
science then should it be treated as a science?• What does it mean “to be treated as a science”?• What is the state of the art in Information security as some
sort of the science?• What we have to do to treat the Information security as a
science?• What lessons from this?
professor Ruslan Smelianskiy
Basic classification
“Art is the product or process of deliberately arranging items (often with symbolic significance) in a way that influences and affects one or more of the senses, emotions, and intellect.”
“Science (from the Latin scientia, meaning "knowledge") is an enterprise that builds and organizes knowledge in the form of testable explanations and testable predictions about the world.”
professor Ruslan Smelianskiy
Basic classification
Formal Science
Natural ScienceSocial Science
Empirical Science
Structural Linguistics
Mathematics (apriority, calculus, axiomatic, logic)
Hypothesis, theories, Laws formulation
Physics
Chemistry
Biology
Semiotics
Psycology
Sociology
Social Engineering
professor Ruslan Smelianskiy
Scientific method
• Observation is quantitative or qualitative descriptions/measurement of facts and phenomenon. The abstractions have to be used in such sort descriptions.
• Analysis of observations is systematic differentiation of significant ones against minor ones.
• Synthesis is generalization of analysis results as theory or hypothesis.
• Prediction is consequences deriving from a proposed theory or hypothesis by deduction, induction or by some other logical methods.
• Falsifying the predictions by experiment.
All data and the results should be treated critically on every level of consideration.
professor Ruslan Smelianskiy
Certainty vs Science
• The science differs from other kind of knowledge making activities (certainty) is necessity to prove, to justify every theoretical consequence by experimental, empirical data.
• Karl Popper writes that scientific knowledge "consists in the search for truth", but it "is not the search for certainty“...
• Popper proposed falsifiability (the ability of theories to come in conflict with observation) as the landmark of empirical theories, and falsification (the search for observations that conflict with the theory) as the empirical method to replace verifiability and induction by
purely deductive notions.
• “Belief in the omnipotence of science and the certainty about the continuity of the process of accumulation of scientific knowledge, the unknown remains so only temporarily, is a continuous stimulus to
productive activity constantly updated scientific society.” (F.Karpa)
professor Ruslan Smelianskiy
Information Security – Art or Science?
• IS = Social Science + IT (Computer Science)– Art ( K.Mitnik “The Art of Deception”)
• Information Security in that part of it which relate to the Computer and Network Security
• This area of knowledge includes more than 40 years of development (Multix project, F.Corbato, MIT 1963)
Security Kernel
70
Develop CriteriaAnd MakeAvailable
CommercialEvaluations
80
TCB for System Composition
Formal Model for
Access Polices
90
Internet Explosion
professor Ruslan Smelianskiy
Some statistics on Attack and Malware datasets
Dataset name Number of citations Year of initial publication
Average citations per year
KDD Cup 99 dataset 2,850 1999 237
Vx heavens 9,530 1999 794
Anubis 115 2007 28
CWSandbox 243 2006 48
Wepawet 25 2008 8
Datasets citation rates according to Google Scholar
professor Ruslan Smelianskiy
Monitoring with Intrusion Detection Systems
• State of the art in network security monitoring– Over 200 research projects in intrusion detection since 1980
– Major hardware vendors have IDS solutions – Cisco, IBM, Intel, etc
• Over 30 specialized vendors like SourceFire, Arbor, Narus, etc.– http://www-rnks.informatik.tu-cottbus.de/en/node/209
• No common methods for IDS evaluation and comparison– Commercial testing available like NSS Labs:
http://www.nsslabs.com/research/network-security/network-ips/
professor Ruslan Smelianskiy
Monitoring standardization
• No currently available standarts– NIST recommendations on intrusion detection give too general
answers to those questions - where IDS should be placed? How do we choose appropriate type of IDS according to our needs? How do we tune it to gain optimal efficiency? http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
• How can we trust the results of monitoring network security with such tools in the situation like we have now?
Two elephants
professor Ruslan Smelianskiy
Moore’s law vs Gilder’s law
professor Ruslan Smelianskiy
GlobalInfrastructur
eImpact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
Target and Scope of Damage
1st Gen• Boot viruses
Weeks 2nd Gen• Macro viruses• Email • DoS• Limited
hacking
Days3rd Gen• Network DoS• Blended threat
(worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
Minutes
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven DDoS
• Damaging payload worms
Seconds
1980s 1990s Today Future
professor Ruslan Smelianskiy
Sophistication of hacker tools
19901980Low 2000
Packet forging/ spoofing
Password guessing
Self-replicating code
Password cracking
Back doors
Hijacking sessions
Scanners
Sniffers
Stealth diagnostics
High
Exploiting known vulnerabilities
Disabling audits
professor Ruslan Smelianskiy
Resume
It seems reasonable for information security community and national governments to support developing open and public collections of up-to-date malware along with results of it’s preliminary analysis. And what seems to be most important – it is necessary to recover the practice of publishing raw experimental data, on which the research results rely. The overall experience of the information security field and other natural sciences demonstrates that publicity of this kind always greatly encourage both quality and quantity of research projects.
professor Ruslan Smelianskiy
A parable
Once there was a peasant, who had a horse that was considered a rich man in his village. He was envied. But when his horse went into the forest and never came back, his neighbours ceased to be jealous of him, and some even felt sorry for him. When his horse returned and brought with it one more horse, some again became jealous of him. And then his son fell from the horse and broke his leg. Many have ceased to envy him. But here's the war began, all the young guys drafted into the army and were killed in the war, and his lame son was not taken, and some again became jealous of him. Only the peasant never grieved, and never was joyous about that. He could not do it because he could not foresee the future and did not see any good in sadness and joy .
professor Ruslan Smelianskiy
Conclusion
In our reality, the lack of pictures of the future can lead to irreversible
consequences.