FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 4 | 5 ||

«Untangling Attribution David D. Clark* and Susan Landau** I. Introduction In February 2010, former Director of the National Security Agency Mike ...»

-- [ Page 6 ] --

This problem can be confronted in a number of ways, including by making hosts more secure (a long-term effort) and by making it harder for an infested machine to launch a subsequent attack. If this problem could be resolved, it would eliminate many uncertainties in attribution. Since it is not now resolved, it imposes limits on the utility of attribution, no matter how it is structured. Thus a prime problem for the research community is the issue of dealing with multi-stage attacks. This should be of

This right is not unqualified. For example, in Stanley v. Georgia, 394 U.S. 557 (1969), the

Supreme Court ruled that states could not criminalize private possession of obscene materials. For a thoughtful discussion of First Amendment protection on the right to read anonymously, see Julie Cohen, A Right to Read Anonymously: A Closer Look at “Copyright Management” in Cyberspace, 28 CONN. L. REV. 981 (1996).

2011 / Untangling Attribution central attention to network researchers, rather than (for example) the problem of designing highly robust top-down identity schemes. Long term, we should look at what sorts of attribution would be of value if the multi-stage attack problem had been mitigated, as well as what is useful now.

Any attempts to deal with multi-stage attacks by tracing back the chain of machines involved will depend more on machine-level attribution at the intermediate steps, rather than personal-level attribution. Since the intermediate machines are normally being used without the permission (or knowledge) of their owners, knowing the identity of those owners is not very useful in trace-back. While one might imagine holding those owners accountable for some sort of secondary responsibility, the primary goal is to find the primary actor responsible for the attack, which involves following a chain of connections between machines.

D. Conclusion 4

We believe that pragmatically, the most important barriers to deterrence today are not poor technical tools for attribution, but issues that arise due to cross-jurisdictional attacks, especially multi-stage attacks. In other words, deterrence must be achieved through the governmental tools of state and not by engineering design.

Shifting the national security problem of attribution to its proper domain, namely from the tools of technology to the tools of state, means several changes in thinking about how tackle the problem. Rather than seeking solutions to the broad “attribution problem,” networking researchers should move to considering the more narrowly focused problem of multistage attacks. Instead of seeking a purely technical fix, the U.S. government should move to diplomatic tools, including possibly treaties on cybercrime and cyberattack, to handle the multi-stage, multi-jurisdictional challenges of cyberexploitation and cyberattack. The efforts for top-down control of user identity and attribution, while appropriate and valid for criticalinfrastructure domains such as those of energy, financial, and government services, have little role to play in the broader public network. Such efforts can be avoided, leading ultimately to better public safety, security, and privacy.

Pages:     | 1 |   ...   | 4 | 5 ||

Similar works:

«LEVEL 1 Winner: Sinead Pyle Title: Stargirl Author: Jerry Spinelli Dear Jerry Spinelli, As I read Stargirl, the fitting shadow of an elf owl guided me through the rollercoaster of pages. Along the way, I started finding out new things about the characters in the book and about myself as well. I found that my life was intertwined with all of the characters. I have been in Leo’s situation, wanting to be cool, but still wanting to be friends with that person who didn’t fit in. Stargirl showed...»

«CONTENDING WITH GROUP IMAGE: THE PSYCHOLOGY OF STEREOTYPE AND SOCIAL IDENTITY THREAT Claude M. Steele Steven J. Spencer Joshua Aronson I. Introduction Our research on stereotype threat began with a practical question: Do social psychological processes play a significant role in the academic underperformance of certain minority groups, and if so, what is the nature of those processes? In our search for answers, we soon came upon an intriguing finding: Women at the University of Michigan seemed...»

«Online “Interview” For IT Skeptic IT Skeptic: How well does the typical IT services organization understand their value? Dr. Lynn Phillips: Unfortunately, not too well. Most IT services organizations never choose, and then commit to, a superior and profitable value proposition (VP) and value delivery system (VDS) for each major segment of customers they seek to serve. Such a VP/VDS lineup should be (but usually isn’t) based on an imaginative understanding of the unmet needs of the...»

«2013 ROCKY MOUNTAIN BICYCLES TECHNICAL MANUAL Dec 21th Revision INTRODUCTION No two riders are alike. That’s why at Rocky Mountain our bikes built according to different platforms for different riding styles. The bikes may be different, but they all share our commitment to quality and innovation. Bikes built by people who love to ride for people who love the ride. OUR MISSION Our goal is simple: build a high-grade quiver of bikes that riders will love to ride. It’s the approach we take when...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.