Classes of defense for computer systems
Author(s)Wolff, Josephine Charlotte Paulina
Massachusetts Institute of Technology. Technology, Management, and Policy Program.
David D. Clark.
MetadataShow full item record
Computer security incidents often involve attackers acquiring a complex sequence of escalating capabilities and executing those capabilities across a range of different intermediary actors in order to achieve their ultimate malicious goals. However, popular media accounts of these incidents, as well as the ensuing litigation and policy proposals, tend to focus on a very narrow defensive landscape, primarily individual centralized defenders who control some of the capabilities exploited in the earliest stages of these incidents. This thesis proposes two complementary frameworks for defenses against computer security breaches -- one oriented around restricting the computer-based access capabilities that adversaries use to perpetrate those breaches and another focused on limiting the harm that those adversaries ultimately inflict on their victims. Drawing on case studies of actual security incidents, as well as the past decade of security incident data at MIT, it analyzes security roles and defense design patterns related to these broad classes of defense for application designers, administrators, and policy-makers. Application designers are well poised to undertake access defense by defining and distinguishing malicious and legitimate forms of activity in the context of their respective applications. Policy-makers can implement some harm limitation defenses by monitoring and regulating money flows, and also play an important role in collecting the data needed to expand understanding of the sequence of events that lead up to successful security incidents and inform which actors can and should effectively intervene as defenders. Organizations and administrators, meanwhile, occupy an in-between defensive role that spans both access and harm in addressing digital harms, or harms that are directly inflicted via computer capabilities, through restrictions on crucial intermediate harms and outbound information flows. The comparative case analysis ultimately points to a need to broaden defensive roles and responsibilities beyond centralized access defense and defenders, as well as the visibility challenges compounding externalities for defenders who may lack not only the incentives to intervene in such incidents but also the necessary knowledge to figure out how best to intervene.
Thesis: Ph. D. in Technology, Management and Policy, Massachusetts Institute of Technology, Engineering Systems Division, Technology, Management, and Policy Program, 2015.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (pages 175-181).
DepartmentMassachusetts Institute of Technology. Engineering Systems Division.; Massachusetts Institute of Technology. Technology, Management, and Policy Program.
Massachusetts Institute of Technology
Engineering Systems Division., Technology, Management, and Policy Program.