DocumentCode
2448327
Title
Position Statement: On the Evolution of Adversary Models in Computer Systems and Networks
Author
Gligor, Virgil D.
Author_Institution
Electr. & Comput. Eng. Dept., Carnegie Mellon Univ., Pittsburgh, PA
fYear
2008
fDate
July 28 2008-Aug. 1 2008
Firstpage
10
Lastpage
10
Abstract
Summary form only given. Invariably, new technologies introduce new vulnerabilities which often enable new attacks by increasingly potent adversaries. Yet new systems are more adept at handling well-known attacks by old adversaries than anticipating new ones. Our adversary models seem to be perpetually out of date: often they do not capture adversary attacks and sometimes they address attacks rendered impractical by new technologies. In this panel presentation, I provide a brief overview of adversary models beginning with those required by program and data sharing technologies (\´60-70s), continuing with those required by computer communication and networking technologies (70s-\´90s), and ending with those required by and sensor network technologies (\´00s ->). I argue that sensor, ad-hoc, and mesh networks require new models, that are able to account for physical node capture by adversaries. Protecting device secrets (e.g., cryptographic keys) via physical security mechanisms will continue to require network security measures, despite advances in physical security measures and devices. I argue that "good-enough" measures in the face of node capture by adversaries can be obtained by using emergent properties. Intuitively, these are properties that cannot be provided by individual network nodes - no matter how well-endowed nodes might be - but instead result from interaction and collaboration among multiple nodes. Such properties can be used to detect, often probabilistically, the presence of an adversary within a network and to pinpoint with reasonable accuracy the affected network area (e.g., identify a specific captured node, a particular properly of captured nodes). However, all such measures require periodic network monitoring in normal mode to detect a somewhat rare event (i.e., node capture, replica insertion) and hence their cost can be high. I illustrate a new simple probabilistic protocol that avoids the effects of node capture by detecting adversaries - - attempts to access a node\´s internal state, and discuss various design trade-offs that will characterize much of the future research in this area.
Keywords
computer networks; telecommunication security; adversary models; computer networks; computer systems; network security; probabilistic protocol; security mechanisms; Collaboration; Communications technology; Computer networks; Costs; Cryptography; Event detection; Face detection; Mesh networks; Monitoring; Protection;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
Conference_Location
Turku
ISSN
0730-3157
Print_ISBN
978-0-7695-3262-2
Electronic_ISBN
0730-3157
Type
conf
DOI
10.1109/COMPSAC.2008.237
Filename
4591524
Link To Document