Daniel rip2002
Upcoming SlideShare
Loading in...5

Daniel rip2002






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Daniel rip2002 Daniel rip2002 Presentation Transcript

  • The Daffodil and the Crane Daniel Bilar 2002 Thayer School
  • Status quo One hundred thousand an attack on the network In dollars, the cost Hence counter-measures must be deployed, resources Must be channeled
  • The problem The boss declares Let s spend effectively! The network guy squirms: Networks resemble A black box full of software Whose risk no-one knows No-one, until now For the woods of New Hampshire harbour an answer
  • An approach QSRA is A method to quantify and manage risk Spelled out it means quan- titative security risk analysis Which is a mouthful but better than Distributed intrusion detection using Bayesian multiple hypothesis testing Which can t be haikuified
  • Methodology The steps are threefold: Inventory the software Found on the network Match the list against A vulnerability database online Said database then returns the risk you incur running the software
  • Methodology Manage the risk by adding and deleting software components Some alternatives must be found, subject to constraints you set The formulation is an integer LP I use branch-and-bound
  • Implementation A central server collects data from clients installed on the hosts The software is free Java and mySQL Take that, Microsoft!
  • Results What are the results? I have three to report that are non-trivial:
  • Result 1 Knowledge diffuses At an astonishing rate The window is small From discovery to attack tool, you have one week – thus, act quickly
  • Result 2 Microsoft patches Seem to create as many problems as they solve But let me be fair Sixty million lines of code Are hard to debug
  • Result 3 A typical host Has more than twenty ports open These are all entry points Hundreds of programs are installed on a host, some with serious faults Each program is a stepping stone; escalation attacks combine them
  • Conclusion Summa summarum: Patch early, patch often, and your risk will decrease PS - please don t put me on probation again Professor Lotko