| dc.contributor.advisor | Nancy G. Leveson. | en_US |
| dc.contributor.author | Zipkin, David S | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Technology and Policy Program. | en_US |
| dc.date.accessioned | 2006-03-29T18:30:43Z | |
| dc.date.available | 2006-03-29T18:30:43Z | |
| dc.date.copyright | 2005 | en_US |
| dc.date.issued | 2005 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/32285 | |
| dc.description | Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2005. | en_US |
| dc.description | Includes bibliographical references. | en_US |
| dc.description.abstract | My advisor, Professor Leveson has developed an accident modeling framework called STAMP (Systems Theoretic Accident Modeling and Processes.) Traditional accident models typically focus on component failure; in contrast, STAMP includes interactions between components as well as social, economic, and legal factors. My research extends Leveson's STAMP accident model and applies it to a security problem. I have chosen to investigate the threat posed by malicious computer software such as computer viruses. The problem is especially interesting because surrounding the technical aspects of malicious software is a rich socio-technical system. The first part of the thesis investigates two recent computer worm outbreaks and identifies the numerous ways in which the security system failed. For both outbreaks, there were multiple points of failure including the existence of un-patched workstations, software organizations that distributed insecure software, the lack of sufficient legal disincentives to dissuade hackers, as well as many others. The thesis goes on to examine why the system was operating in such an insecure manner. As is generally the case when modeling an accident, the explanation goes beyond any single factor. I argue that that lack of Internet security can be largely attributed to the fact that those providing critical parts of Internet security do not have sufficient incentives to make good security decisions; instead they often make decisions at odds with Internet security. The thesis concludes with a discussion of policy and technical recommendations for addressing computer security. | en_US |
| dc.description.statementofresponsibility | by David S. Zipkin. | en_US |
| dc.format.extent | 117 p. | en_US |
| dc.format.extent | 6186103 bytes | |
| dc.format.extent | 6193215 bytes | |
| dc.format.mimetype | application/pdf | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
| dc.subject | Technology and Policy Program. | en_US |
| dc.title | Using STAMP to understand recent increases in malicious software activity | en_US |
| dc.title.alternative | Using Systems Theoretic Accident Modeling and Processes to understand recent increases in malicious software activity | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Engineering Systems Division | |
| dc.contributor.department | Technology and Policy Program | |
| dc.identifier.oclc | 61325851 | en_US |
