Using economics and artificial intelligence to identify critical infrastructures by   Yvo Desmedt   Florida State Universi...
<ul><li>This presentation is based on joint works with: </li></ul><ul><ul><li>Yongge Wang (University of North Carolina, C...
Main issue <ul><li>Methods to identify the most critical infrastructures: </li></ul><ul><ul><li>CIAO list was clearly inco...
The problems with traditional models Using an AI model Discussion and extensions The economics of the enemy
The problems with traditional models <ul><li>Why models? </li></ul><ul><ul><li>describe world mathematical </li></ul></ul>...
The problems with traditional models <ul><li>Typical aspects of outdated models: </li></ul><ul><ul><li>start with linear (...
The problems with traditional models <ul><li>Problems with security models: </li></ul><ul><ul><li>assume insider (machine,...
The problems with traditional models <ul><li>Problems with security models: </li></ul><ul><ul><li>models that do not assum...
The problems with traditional models <ul><li>Focus on models that do not assume trusted insider: </li></ul><ul><li>usual m...
The problems with traditional models <ul><li>problems: linear aspect: </li></ul><ul><ul><li>too homogeneous: </li></ul></u...
The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>network model: </li></ul></ul>...
The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>network model: Sensors, contro...
The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>lack impact factor: </li></ul>...
The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>lack timing aspect : </li></ul...
The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>parameters not necessarily kno...
Using an AI model <ul><li>Problems with the communication model: </li></ul><ul><ul><li>network model: </li></ul></ul><ul><...
Using an AI model <ul><ul><li>Network graph: reliable communication </li></ul></ul>A B P 3 P 1 P 2 information : can go vi...
Using an AI model <ul><li>Problems with the communication model: </li></ul><ul><ul><li>network model: </li></ul></ul><ul><...
Using an AI model <ul><ul><li>PERT graph  (Program Evaluation and Review Technique): Directed acyclic graph </li></ul></ul...
Using an AI model <ul><ul><ul><li>Impact goes beyond computers. So we need to have a model that integrates mechanical and ...
Using an AI model <ul><li>AND/OR graphs as a model for distributed computation </li></ul><ul><ul><li>AND/OR graphs: acycli...
<ul><li>Secure distributed computation needs a different model </li></ul><ul><li>The airplane’s next position  s  =  s 0  ...
Wang-Desmedt-Burmester use an AI concept :  AND-vertex OR-vertex a vertex is: a sensor, or a process, or a dedicated comp...
Using an AI model <ul><li>Disadvantage of AND/OR graph: </li></ul><ul><ul><li>Deciding whether a given graph is k-connecte...
Using an AI model
Using an AI model <ul><li>Adding impact factor </li></ul><ul><ul><li>flow: </li></ul></ul><ul><ul><ul><li>Preliminary ques...
Using an AI model <ul><li>Adding impact factor: </li></ul><ul><ul><li>flow:  critical vertices : </li></ul></ul><ul><ul><u...
Using an AI model <ul><li>Adding impact factor: </li></ul><ul><ul><li>flow:  below critical flow: </li></ul></ul><ul><ul><...
Discussion and extensions <ul><li>Byzantine model had its time </li></ul><ul><li>Our models can be improved by including: ...
Discussion and extensions <ul><ul><li>time survivability condition: </li></ul></ul><ul><ul><ul><li>(time to repair the sys...
Discussion and extensions <ul><li>Impact </li></ul><ul><ul><li>Byzantin model implies expensive redundant hardware. Howeve...
The economics of the enemy <ul><li>Introduction: </li></ul><ul><ul><li>Seems hard to model  since different opponents have...
The economics of the enemy <ul><li>Introduction: </li></ul><ul><ul><li>Assume the enemy has a budget B E :   not necessari...
The economics of the enemy <ul><li>Feasible attacks? </li></ul><ul><ul><li>Analysis of the Byzantine model </li></ul></ul>...
The economics of the enemy <ul><ul><li>Problems of the linear aspect: </li></ul></ul><ul><ul><ul><li>too linear: </li></ul...
The economics of the enemy <ul><ul><li>A first alternative: </li></ul></ul><ul><ul><ul><li>To  each subset S  of the nodes...
The economics of the enemy <ul><ul><li>A more realistic model: </li></ul></ul><ul><ul><ul><li>Enemy can attack nodes and l...
The economics of the enemy <ul><ul><li>Difficulties: </li></ul></ul><ul><ul><ul><li>Too many subsets! </li></ul></ul></ul>...
The economics of the enemy <ul><li>Introduction </li></ul><ul><li>Feasible attacks? </li></ul><ul><li>Optimizing the attac...
The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>for an application “a” several computers/li...
The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>Total impact of the application: </li></ul>...
The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>BIG QUESTION:   which nodes/links are the m...
The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>When enemy takes over a set S in Gamma the ...
The economics of the enemy <ul><ul><li>Analysis of the Byzantine case  under: </li></ul></ul><ul><ul><ul><li>Byzantine cos...
The economics of the enemy <ul><li>Generalizations </li></ul><ul><ul><li>Hypergraphs instead of graphs </li></ul></ul><ul>...
The economics of the designer <ul><li>Given (at least): </li></ul><ul><ul><li>B D : budget of designer </li></ul></ul><ul>...
The economics of the designer <ul><li>Question: design a graph G of computers: </li></ul><ul><ul><li>cost(G) =< B D </li><...
The economics of the designer <ul><li>Note: </li></ul><ul><ul><li>This is very general! </li></ul></ul><ul><ul><li>We need...
Upcoming SlideShare
Loading in …5
×

DesmedtXSB

590 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
590
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DesmedtXSB

  1. 1. Using economics and artificial intelligence to identify critical infrastructures by Yvo Desmedt Florida State University, USA
  2. 2. <ul><li>This presentation is based on joint works with: </li></ul><ul><ul><li>Yongge Wang (University of North Carolina, Charlotte) </li></ul></ul><ul><ul><li>Mike Burmester (Florida State University) </li></ul></ul>
  3. 3. Main issue <ul><li>Methods to identify the most critical infrastructures: </li></ul><ul><ul><li>CIAO list was clearly incomplete. </li></ul></ul><ul><ul><li>How address this from scientific method? </li></ul></ul><ul><ul><li>This is the focus of this presentation </li></ul></ul>
  4. 4. The problems with traditional models Using an AI model Discussion and extensions The economics of the enemy
  5. 5. The problems with traditional models <ul><li>Why models? </li></ul><ul><ul><li>describe world mathematical </li></ul></ul><ul><ul><li>abstract away details </li></ul></ul><ul><ul><li>allows us to focus </li></ul></ul><ul><li>Why do models get outdated? </li></ul><ul><ul><li>world changes </li></ul></ul><ul><ul><li>details are no longer details </li></ul></ul><ul><ul><li>may have focused on wrong aspects </li></ul></ul><ul><li>Why we must update: otherwise: </li></ul><ul><ul><li>incorrect results </li></ul></ul><ul><ul><li>waste of resources, dangerous, ... </li></ul></ul>
  6. 6. The problems with traditional models <ul><li>Typical aspects of outdated models: </li></ul><ul><ul><li>start with linear (simpler) but often leads to incorrect results </li></ul></ul><ul><ul><li>still used with terrible consequences </li></ul></ul><ul><ul><li>still being advocated </li></ul></ul>
  7. 7. The problems with traditional models <ul><li>Problems with security models: </li></ul><ul><ul><li>assume insider (machine, software, user) is trusted: outdated due to (e.g.): </li></ul></ul><ul><ul><ul><li>computer viruses/worms </li></ul></ul></ul><ul><ul><ul><li>ease of installing new software </li></ul></ul></ul><ul><ul><ul><li>lip service only to security </li></ul></ul></ul><ul><ul><ul><li>large untested operating systems </li></ul></ul></ul><ul><ul><ul><li>massive hacking </li></ul></ul></ul><ul><ul><ul><li>users could be disgruntled, . . . </li></ul></ul></ul><ul><ul><ul><li>bribing: makes “trusted computers” untrustworthy </li></ul></ul></ul>
  8. 8. The problems with traditional models <ul><li>Problems with security models: </li></ul><ul><ul><li>models that do not assume this are: </li></ul></ul><ul><ul><ul><li>linear (cost enemy: linear in #machines) </li></ul></ul></ul><ul><ul><ul><li>too simplistic: </li></ul></ul></ul><ul><ul><ul><ul><li>copied models of network reliability </li></ul></ul></ul></ul><ul><ul><ul><ul><li>lack impact factor and lack more global viewpoint </li></ul></ul></ul></ul><ul><ul><ul><ul><li>lack timing aspect </li></ul></ul></ul></ul><ul><ul><ul><ul><li>parameters not necessarily known </li></ul></ul></ul></ul>
  9. 9. The problems with traditional models <ul><li>Focus on models that do not assume trusted insider: </li></ul><ul><li>usual model: Byzantine </li></ul><ul><li>i.e. breaking into: </li></ul><ul><ul><li>any k-1 machines: feasible </li></ul></ul><ul><ul><li>any k machines: infeasible </li></ul></ul>
  10. 10. The problems with traditional models <ul><li>problems: linear aspect: </li></ul><ul><ul><li>too homogeneous: </li></ul></ul><ul><ul><ul><li>cost to break into k computers is not k * cost to break into one, due to: </li></ul></ul></ul><ul><ul><ul><ul><li>automated attacks </li></ul></ul></ul></ul><ul><ul><ul><ul><li>availability of attack on WWW </li></ul></ul></ul></ul><ul><ul><ul><ul><li>same platform, ... </li></ul></ul></ul></ul><ul><ul><li>not homogeneous: </li></ul></ul><ul><ul><ul><li>some computers are better protected than others </li></ul></ul></ul>
  11. 11. The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>network model: </li></ul></ul><ul><ul><ul><li>too homogeneous: computers do not play similar roles: good only for theoretical results. </li></ul></ul></ul><ul><ul><ul><ul><li>Theory: general purpose computers </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Practice: also e.g. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Sensors, </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>control unit </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Can be broken into </li></ul></ul></ul></ul>
  12. 12. The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>network model: Sensors, control unit </li></ul></ul><ul><ul><ul><ul><li>Can be broken into using new (1986!) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>attack using a special worm that targets the CAD programs. Potential impact: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>VLSI with trapdoors (1986) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>(EP)ROM: no scanners </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Dedicated machines </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Needs to be planned ahead. </li></ul></ul></ul></ul>
  13. 13. The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>lack impact factor: </li></ul></ul><ul><ul><ul><li>what is the impact if a computer is no longer accessible/faulty: </li></ul></ul></ul><ul><ul><ul><ul><li>home computer: minor </li></ul></ul></ul></ul><ul><ul><ul><ul><li>critical infrastructure: major </li></ul></ul></ul></ul><ul><ul><ul><li>need to have model that integrates mechanical and computer world </li></ul></ul></ul>
  14. 14. The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>lack timing aspect : </li></ul></ul><ul><ul><ul><li>world is dynamic: </li></ul></ul></ul><ul><ul><ul><ul><li>parameters change </li></ul></ul></ul></ul><ul><ul><ul><ul><li>enemy can adapt </li></ul></ul></ul></ul><ul><ul><ul><ul><li>defense must must upgrade </li></ul></ul></ul></ul><ul><ul><ul><li>buffers (as food, water, computers) </li></ul></ul></ul><ul><ul><ul><li>new attacks take time to be detected </li></ul></ul></ul><ul><ul><ul><li>time to recover </li></ul></ul></ul>
  15. 15. The problems with traditional models <ul><li>problems: too simplistic </li></ul><ul><ul><li>parameters not necessarily known (e.g.): </li></ul></ul><ul><ul><ul><li>even for network case . Classical algorithms to find network graph assume no untrusted insiders </li></ul></ul></ul><ul><ul><ul><li>#untrusted machines: what value </li></ul></ul></ul>
  16. 16. Using an AI model <ul><li>Problems with the communication model: </li></ul><ul><ul><li>network model: </li></ul></ul><ul><ul><ul><li>too homogeneous: computers do not play similar roles: good only for theoretical results </li></ul></ul></ul>
  17. 17. Using an AI model <ul><ul><li>Network graph: reliable communication </li></ul></ul>A B P 3 P 1 P 2 information : can go via P 1 or P 2 or P 3
  18. 18. Using an AI model <ul><li>Problems with the communication model: </li></ul><ul><ul><li>network model: </li></ul></ul><ul><ul><ul><li>certain distributed computation (e.g. transactions require that all sub-transactions have taken place: well known in mechanical world. </li></ul></ul></ul><ul><ul><li>Mechanical world uses PERT graph </li></ul></ul>
  19. 19. Using an AI model <ul><ul><li>PERT graph (Program Evaluation and Review Technique): Directed acyclic graph </li></ul></ul><ul><ul><li>car manufacturing system </li></ul></ul>car plant . . . steel plastics screw
  20. 20. Using an AI model <ul><ul><ul><li>Impact goes beyond computers. So we need to have a model that integrates mechanical and computer world. </li></ul></ul></ul>
  21. 21. Using an AI model <ul><li>AND/OR graphs as a model for distributed computation </li></ul><ul><ul><li>AND/OR graphs: acyclic directed graph: vertices labeled: AND or OR </li></ul></ul><ul><ul><li>AND: </li></ul></ul><ul><ul><ul><li>PERT aspect, i.e. multiple inputs </li></ul></ul></ul><ul><ul><li>OR: </li></ul></ul><ul><ul><ul><li>network aspect </li></ul></ul></ul><ul><ul><ul><li>redundancy </li></ul></ul></ul><ul><ul><li>allow to integrate computer and mechanical aspects </li></ul></ul>
  22. 22. <ul><li>Secure distributed computation needs a different model </li></ul><ul><li>The airplane’s next position s = s 0  v  t  1/2 a  t 2 </li></ul><ul><li>P : current position </li></ul><ul><li>S : speed </li></ul><ul><li>a : acceleration, here a = 0 with redundancy </li></ul><ul><li>Without redundancy P P P S S T P S T </li></ul><ul><li>* * * </li></ul><ul><li> * </li></ul><ul><li>P The airplane’s position sensor; S The airplane’s speed sensor; T The time interval (input); </li></ul><ul><li> </li></ul>+ + + + Vote
  23. 23. Wang-Desmedt-Burmester use an AI concept :  AND-vertex OR-vertex a vertex is: a sensor, or a process, or a dedicated computer +
  24. 24. Using an AI model <ul><li>Disadvantage of AND/OR graph: </li></ul><ul><ul><li>Deciding whether a given graph is k-connected is in P , </li></ul></ul><ul><ul><li>however equivalent problem in AND/OR graph is NP -complete. </li></ul></ul>
  25. 25. Using an AI model
  26. 26. Using an AI model <ul><li>Adding impact factor </li></ul><ul><ul><li>flow: </li></ul></ul><ul><ul><ul><li>Preliminary question : </li></ul></ul></ul><ul><ul><ul><ul><li>Given : </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>AND/OR graph G, </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>capacity function </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>positive integer z </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Question : Is there a flow f (additive) such that the flow at the output is at least z? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Is already NP-complete for the case z=1. </li></ul></ul></ul></ul>
  27. 27. Using an AI model <ul><li>Adding impact factor: </li></ul><ul><ul><li>flow: critical vertices : </li></ul></ul><ul><ul><ul><ul><li>set U, |U|<k: removed from graph (no input/output vertices) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>for all U’, |U’|<k: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>maximal flow U =< maximal flow U’ </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Given : AND/OR graph G, capacity function, set U </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Question : Is U critical? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Is NP-hard , and L is not in NP and not in co-NP (if P is different from NP). </li></ul></ul></ul></ul>
  28. 28. Using an AI model <ul><li>Adding impact factor: </li></ul><ul><ul><li>flow: below critical flow: </li></ul></ul><ul><ul><ul><ul><li>Given : AND/OR graph G, capacity function, integers k and p. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Question : Does there exists a vertex set U such that: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>|U| < k </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>maximal flow U < p </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Is NP-hard , and L is not in NP and not in co-NP (if P is different from NP). </li></ul></ul></ul></ul>
  29. 29. Discussion and extensions <ul><li>Byzantine model had its time </li></ul><ul><li>Our models can be improved by including: </li></ul><ul><ul><li>control theory aspects, such as: </li></ul></ul><ul><ul><li>time parameters, e.g.: </li></ul></ul><ul><ul><ul><li>between attack and detection of attack </li></ul></ul></ul><ul><ul><ul><li>time to recover from an attack </li></ul></ul></ul><ul><ul><ul><li>time of no return </li></ul></ul></ul>
  30. 30. Discussion and extensions <ul><ul><li>time survivability condition: </li></ul></ul><ul><ul><ul><li>(time to repair the system) + </li></ul></ul></ul><ul><ul><ul><li>(time to detect an attack) </li></ul></ul></ul><ul><ul><ul><li>< </li></ul></ul></ul><ul><ul><ul><li>(the time of no return) + </li></ul></ul></ul><ul><ul><ul><li>(the time the stock will last) </li></ul></ul></ul>
  31. 31. Discussion and extensions <ul><li>Impact </li></ul><ul><ul><li>Byzantin model implies expensive redundant hardware. However, if </li></ul></ul><ul><ul><li>the cost to attack a node is prohibitive: no redundancy is needed. </li></ul></ul>
  32. 32. The economics of the enemy <ul><li>Introduction: </li></ul><ul><ul><li>Seems hard to model since different opponents have different goals: </li></ul></ul><ul><ul><ul><li>war: undermine economy, military output </li></ul></ul></ul><ul><ul><ul><li>terrorist: visible targets or targets with large impact </li></ul></ul></ul><ul><ul><ul><li>hacker: e.g. show that a system is insecure </li></ul></ul></ul>
  33. 33. The economics of the enemy <ul><li>Introduction: </li></ul><ul><ul><li>Assume the enemy has a budget B E : not necessarily expressed in $. </li></ul></ul><ul><ul><li>Optimization of the attack: may be, may be not </li></ul></ul>
  34. 34. The economics of the enemy <ul><li>Feasible attacks? </li></ul><ul><ul><li>Analysis of the Byzantine model </li></ul></ul><ul><ul><li>Breaking into: </li></ul></ul><ul><ul><ul><li>any k machines: feasible </li></ul></ul></ul><ul><ul><ul><li>any k+1 machines: infeasible </li></ul></ul></ul><ul><ul><ul><li>First economic model: </li></ul></ul></ul><ul><ul><ul><ul><li>uniform (same price to attack any machine), implies that the cost is linear. </li></ul></ul></ul></ul>
  35. 35. The economics of the enemy <ul><ul><li>Problems of the linear aspect: </li></ul></ul><ul><ul><ul><li>too linear: </li></ul></ul></ul><ul><ul><ul><ul><li>cost to break into k computers is not k * cost to break into one, due to: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>automated attacks </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>availability of attack on WWW </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>same platform, ... </li></ul></ul></ul></ul></ul><ul><ul><ul><li>not homogeneous: </li></ul></ul></ul><ul><ul><ul><ul><li>some computers are better protected than others </li></ul></ul></ul></ul>
  36. 36. The economics of the enemy <ul><ul><li>A first alternative: </li></ul></ul><ul><ul><ul><li>To each subset S of the nodes we assign </li></ul></ul></ul><ul><ul><ul><li>c S,E </li></ul></ul></ul><ul><ul><ul><li>as the cost of the enemy E to break into all nodes in S . </li></ul></ul></ul><ul><ul><ul><li>Still Byzantine iff: </li></ul></ul></ul><ul><ul><ul><ul><li>for each subset S of at most k nodes: </li></ul></ul></ul></ul><ul><ul><ul><ul><li>c S,E =< B E </li></ul></ul></ul></ul><ul><ul><ul><ul><li>for each subset S of k+1 nodes or more: </li></ul></ul></ul></ul><ul><ul><ul><ul><li>c S,E > B E </li></ul></ul></ul></ul><ul><ul><ul><ul><li>call this the Byzantine cost assumption. </li></ul></ul></ul></ul>
  37. 37. The economics of the enemy <ul><ul><li>A more realistic model: </li></ul></ul><ul><ul><ul><li>Enemy can attack nodes and links </li></ul></ul></ul><ul><ul><ul><li>S: a subset of these </li></ul></ul></ul><ul><ul><ul><li>To each subset corresponds a cost: </li></ul></ul></ul><ul><ul><li>c S,E </li></ul></ul><ul><ul><ul><li>Enemy can attack iff c S,E =< B E </li></ul></ul></ul><ul><ul><ul><li>This defines an access structure of the enemy: Gamma. </li></ul></ul></ul>
  38. 38. The economics of the enemy <ul><ul><li>Difficulties: </li></ul></ul><ul><ul><ul><li>Too many subsets! </li></ul></ul></ul><ul><ul><ul><li>How to estimate the costs? </li></ul></ul></ul><ul><ul><li>Possible solution: </li></ul></ul><ul><ul><ul><li>cost of attacking m+1 machines using the same operating system (platform) </li></ul></ul></ul><ul><ul><ul><li>= </li></ul></ul></ul><ul><ul><ul><li>cost of attacking m machines using the same operating system (platform). </li></ul></ul></ul><ul><ul><li>Stability? </li></ul></ul>
  39. 39. The economics of the enemy <ul><li>Introduction </li></ul><ul><li>Feasible attacks? </li></ul><ul><li>Optimizing the attack </li></ul><ul><ul><li>The enemy can attack any subset of computers/links in Gamma. </li></ul></ul><ul><ul><li>Good viewpoint for hacker, not for terrorists and information warfare. </li></ul></ul>
  40. 40. The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>for an application “a” several computers/links T a are involved. Natural to talk about a flow f T a . </li></ul></ul><ul><ul><li>Maximum flow: capacity: C T a </li></ul></ul><ul><ul><li>attacking different flow units has a different impact. So we have an impact factor I a . </li></ul></ul>
  41. 41. The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>Total impact of the application: </li></ul></ul><ul><ul><li>f T a *I a . This gives: </li></ul></ul><ul><ul><li>a weighted total flow F (warning not necessarily linear), and </li></ul></ul><ul><ul><li>a weighted total capacity C. </li></ul></ul>
  42. 42. The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>BIG QUESTION: which nodes/links are the most optimal for the enemy to take over? </li></ul></ul>
  43. 43. The economics of the enemy <ul><li>Optimizing the attack </li></ul><ul><ul><li>When enemy takes over a set S in Gamma the weighted total capacity is reduced from C to C S </li></ul></ul><ul><ul><li>Enemy will choose S such that: </li></ul></ul><ul><ul><ul><li>C S is minimal, or </li></ul></ul></ul><ul><ul><ul><li>C S < C crit (winning strategy) </li></ul></ul></ul>
  44. 44. The economics of the enemy <ul><ul><li>Analysis of the Byzantine case under: </li></ul></ul><ul><ul><ul><li>Byzantine cost assumption </li></ul></ul></ul><ul><ul><ul><li>each unit of flow has the same impact </li></ul></ul></ul><ul><ul><li>when optimized gives: enemy should attack k disjoint paths. </li></ul></ul>
  45. 45. The economics of the enemy <ul><li>Generalizations </li></ul><ul><ul><li>Hypergraphs instead of graphs </li></ul></ul><ul><ul><li>Dynamic value of C crit </li></ul></ul>
  46. 46. The economics of the designer <ul><li>Given (at least): </li></ul><ul><ul><li>B D : budget of designer </li></ul></ul><ul><ul><li>C D : minimum required weighted total capacity </li></ul></ul><ul><ul><li>F T : maximum tolerable impact flow reduction </li></ul></ul><ul><ul><li>B E : budget of the enemy </li></ul></ul><ul><ul><li>others: maintenance, user friendliness, etc. </li></ul></ul>
  47. 47. The economics of the designer <ul><li>Question: design a graph G of computers: </li></ul><ul><ul><li>cost(G) =< B D </li></ul></ul><ul><ul><li>total impact flow >= C D </li></ul></ul><ul><ul><li>the enemy cannot win </li></ul></ul><ul><li>If possible: designer won, else the enemy will. </li></ul>
  48. 48. The economics of the designer <ul><li>Note: </li></ul><ul><ul><li>This is very general! </li></ul></ul><ul><ul><li>We need a relation between the cost of setting up computer and the cost to attack, etc. </li></ul></ul>

×