Skip to main content

Toward a Safer and More Secure Cyberspace (2007) / Chapter Skim
Currently Skimming:

8 Category 5 - Illustrative Crosscutting Problem-Focused Research Areas
Pages 181-213

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 181...
... In this context, the challenge is to add security without making existing software products, information assets, and hardware devices any more obsolete than is necessary. Research to support this goal has three components: 
Read the entire page →
From page 182...
... Research on clean-slate designs for secure and attack-resilient architectures will show what can be achieved when these efforts are relieved of the need to fit into an insecure exist ing framework, and it may be that new design approaches will make it possible to achieve performance, cost, and security goals simultaneously.
Read the entire page →
From page 183...
... But as new security issues arise in these legacy systems, a detailed understanding of their internal operation and of how actual system behavior differs from intended behavior is necessary in order to address these issues. Tools that help new analysts
Read the entire page →
From page 184...
... 3A related argument applies to data and history. Whether data and development history are protected by national security classifications or trade secrets, their unavailability to the community at large prevents the community from using that data and history to understand why systems fail or the origins of a particular kind of bug or flaw.
Read the entire page →
From page 185...
... The first rule about security is to keep hostile parties away, and the insider, by definition, has bypassed many of the barriers erected to keep him or her away. Moreover, a compromised insider may work with outsiders (e.g., passing along information that identifies weak points in an organization's cybersecurity posture)
Read the entire page →
From page 186...
...  TowARd A SAFeR And moRe SeCuRe CyBeRSPACe BOX 8.2 Secrecy of Design Secrecy of design is often deprecated with the phrase "security through ob scurity," and one often hears arguments that security-critical systems or elements should be developed in an open environment that encourages peer review by the general community. Evidence is readily available about systems that were devel oped in secret only to be reverse-engineered and to have their details published on the Internet and their flaws pointed out for all to see.
Read the entire page →
From page 187...
... actually take hostile actions on the basis of their profiles or personal histories. (For example, it is often hard to distinguish merely quirky employees from potentially dangerous individuals, and there is considerable anecdotal evidence that some system administrators have connections to the criminal hacker underground.)
Read the entire page →
From page 188...
... Authentication and access control are two well-known T technologies that can help to prevent an insider from doing dam age. Strong authentication and access controls can be used together to ensure that only authorized individuals gain access to a system or a network and that these authorized individuals have only the set of access privileges to which they are entitled and no more.
Read the entire page →
From page 189...
... Research is needed in how to define, describe, manage, and manipulate security policies. Systems can be abused through both bad policy and bad enforcement.
Read the entire page →
From page 190...
... For instance, it is common in networked enterprises to assume that one cannot and should not worry about insider attacks, meaning that nothing is done about insiders who might abuse the network. This approach leaves major security vulnerabilities in new networking paradigms in which individual user devices participate in the routing protocol.
Read the entire page →
From page 191...
...  CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS a Post-it note somewhere, and log in. If you cannot log in, ask someone for help.
Read the entire page →
From page 192...
... Security requirements for such systems span a very large range, including both record-keeping systems and embedded systems that improve or enable the performance of many medical devices and procedures. Security issues of special importance to health IT systems include the following: • onditional confidentiality.
Read the entire page →
From page 193...
...  CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS demanding health care environment is an exemplar of the importance of situated research and development. 8.4.2 The Electric Power Grid The electric power grid is a national infrastructure that links generating stations through transmission lines and distribution lines to the customer loads.
Read the entire page →
From page 194...
...  TowARd A SAFeR And moRe SeCuRe CyBeRSPACe Given the increasing demand for electric power, it is inevitable that the electric power industry will continue to seek ever-higher efficiencies in the existing grid, so as to minimize the expense of constructing new grid elements. Thus, interconnections within the various control centers of the grid must be taken as a given, with all of the vulnerabilities that such extensive interconnections imply.
Read the entire page →
From page 195...
... Some of the important cybersecurity issues for the grid include the following: • eveloping lightweight cybersecurity mechanisms. Computers used d for operational control generally run at high duty cycle because of premiums on efficiency and on controlling many systems, and thus there is often little capacity for undertaking activities such as anomaly detection, virus updates, or penetration testing.
Read the entire page →
From page 196...
... Many of the security issues that arise in Web-based computing are similar to those for local applications, but Web services have a number of additional security concerns that involve networking in an open environment. For example, Web services are loosely coupled in a more or less ad hoc manner.
Read the entire page →
From page 197...
... • hey will be used by people with little knowledge of computing T in any form, and thus cannot require a significant degree of atten tion to the details of security at all. Such users should be, at most, required only to specify the parameters of a desired security policy.
Read the entire page →
From page 198...
...  TowARd A SAFeR And moRe SeCuRe CyBeRSPACe tion should be matched automatically to the sensitivity of the appli cation. See Section 6.1 (Usable Security)
Read the entire page →
From page 199...
...  CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS circuits usually require expensive equipment. Examples include probing and reverse-engineering of the chip.
Read the entire page →
From page 200...
... 15 8.6 ATTACk CHARACTERIzATION A problem very closely related to anomaly detection and forensics is that of attack characterization, sometimes also called attack assessment. 14 EricBryant et al., "Poly2 Paradigm: A Secure Network Service Architecture," Proceedings of the th Annual Computer Security Applications Conference, IEEE Computer Society, Washington, D.C., 2003, p.
Read the entire page →
From page 201...
... 0 CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS Used more or less interchangeably, these terms refer to the process by which systems operators learn that an attack is under way, who is attacking, how the attack is being conducted, and what the purposes of the attack might be. The first problem is that while the actions of a potentially hostile party may be visible in cyberspace, the intentions and motivations of that party are usually quite invisible.
Read the entire page →
From page 202...
... All of these DDOS attacks can be quite formidable and difficult to repel. For example, as a recent paper notes, even Internet heavyweights are not immune from them: in "June 2004, the websites of Google, Yahoo!
Read the entire page →
From page 203...
... 0 CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS so on) to stay abreast of the health of their resources.
Read the entire page →
From page 204...
... 0 TowARd A SAFeR And moRe SeCuRe CyBeRSPACe BOX 8.3 Attack Diffusion As noted in Section 2.1 (Interconnected Information Technology Everywhere, All the Time) in this report, increased interconnection creates interdependencies and vulnerabilities.
Read the entire page →
From page 205...
... companies often suffer collateral damage when flooding attacks against the gambling sites overload chokepoint network links.) Conventional law enforcement -- "fol low the money" -- may be the most promising avenue, although the perpetrators generally employ money-laundering in an attempt to evade prosecution.
Read the entire page →
From page 206...
... 0 TowARd A SAFeR And moRe SeCuRe CyBeRSPACe effects. In the first area, which includes the reliable detection of large-scale attacks on the Internet and the real-time collection and analysis of large amounts of attack-monitoring information, Moore et al.
Read the entire page →
From page 207...
... , available at http://dimacs.rutgers.edu/Workshops/ Attacks/internet-attack-9-03.pdf, 2003; and Rich Pethia, Allan Paller, and Eugene Spafford, "Consensus Roadmap for Defeating Distributed Denial of Service Attacks," Project of the Partnership for Critical Infrastructure Security, SANS Institute, available at http://www. sans.org/dosstep/roadmap.php, 2000.
Read the entire page →
From page 208...
... 0 TowARd A SAFeR And moRe SeCuRe CyBeRSPACe As one example, the entire community of ISPs would benefit from knowing the frequency of DOS attacks. ISPs are aware (or could be aware)
Read the entire page →
From page 209...
... But in practice, the ease with which e-mail can be delivered suggests that e-mail -- and payloads that it carries -- will be used aggressively in the future for commercial purposes. 31 Once compromised, the user's computing environment becomes a platform for active threats such as the following: • ivulging the personal information resident on the user's computer.
Read the entire page →
From page 210...
... . From an institutional standpoint, spam consumes significant amounts of bandwidth, for which ISPs and network operators must pay.
Read the entire page →
From page 211...
... Moreover, botnets today send "legitimate" e-mail from compromised hosts -- that is, if my computer is compromised so that it becomes a zombie in a botnet army, it can easily send spam e-mail under any e-mail account associated with my computer. That mail will be indistinguishable from legitimate e-mail from me (i.e., e-mail that I intended to send)
Read the entire page →
From page 212...
...  TowARd A SAFeR And moRe SeCuRe CyBeRSPACe spam-recognition systems today have at least one machine learning component that performs such differentiation based on examples of both spam and nonspam e-mail. Much of the progress in antispam research has involved improving the relevant machine learning algorithms as spammers develop more sophisticated means for evading spam-detection algorithms.
Read the entire page →
From page 213...
...  CATeGoRy  -- ILLuSTRATIVe CRoSSCuTTInG ReSeARCH AReAS spam variants may include exploits related to location-aware devices (e.g., advertisements tied explicitly to the user's location) and spam and spam-like payloads other than text delivered to mobile devices such as cellular telephones.
Read the entire page →

Key Terms

  • security policies
  • security policy
  • law enforcement
  • security issues
  • cybersecurity posture

  • computer security
  • ieee computer
  • computer society
  • personal information
  • issues arise

  • trade secret
  • recent paper
  • trade secrets
  • access control
  • security classifications

  • potential security
  • security community
  • security goals
  • network security
  • addressing security

  • add security
  • security vulnerabilities
  • security requirements
  • network operators
  • unclassified research

  • information assets
  • development history
  • initially deployed
  • government regulation
  • intended behavior


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.