We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHaley Donahue
Modified over 2 years ago
1 Laws of Cyber Security Ravi Sandhu Executive Director and Endowed Professor September © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security
2 Microsec vs Macrosec From Wikipedia, the free encyclopedia: Microeconomics (from Greek prefix micro- meaning "small" + "economics") is a branch of economics that studies how the individual parts of the economy, the household and the firms, make decisions to allocate limited resources, typically in markets where goods or services are being bought and sold. Microeconomics examines how these decisions and behaviors affect the supply and demand for goods and services, which determines prices, and how prices, in turn, determine the supply and demand of goods and services. This is a contrast to macroeconomics, which involves the "sum total of economic activity, dealing with the issues of growth, inflation, and unemployment. Microeconomics also deals with the effects of national economic policies (such as changing taxation levels) on the before mentioned aspects of the economy. © Ravi Sandhu World-Leading Research with Real-World Impact!
Retail Attacks Targeted Attacks © Ravi Sandhu 3 World-Leading Research with Real-World Impact! Microsec
99% of the attacks are thwarted by basic hygiene and some luck 1% of the attacks are difficult and expensive, even impossible, to defend or detect © Ravi Sandhu 4 World-Leading Research with Real-World Impact! Microsec
IP Spoofing predicted in Bell Labs report st Generation firewalls deployed 1992 IP Spoofing attacks proliferate in the wild 1993 VPNs emerge late 1990s Vulnerability shifts to accessing end-point Network Admission Control 2000s © Ravi Sandhu 5 World-Leading Research with Real-World Impact! IP Spoofing Story
Phishing 1.0 Attack: Capture reusable passwords Defense: user education, cookies, pictures Phishing 2.0 Attack: MITM in the 1-way SSL channel, breaks OTPs Defense: 2-way SSL Phishing 3.0 Attack: Browser-based MITM client in front of 2-way SSL Defense: Transaction authentication outside browser Phishing 4.0 Attack: PC-based MITM client in front of 2-way SSL Defense: Transaction authentication outside PC, PC hardening © Ravi Sandhu 6 World-Leading Research with Real-World Impact! Evolution of Phishing
© Ravi Sandhu 7 World-Leading Research with Real-World Impact! Sandhus Laws of Attackers 1. Attackers exist You will be attacked 2. Attackers have sharply escalating incentive Money, terrorism, warfare, espionage, sabotage, … 3. Attackers are lazy (follow path of least resistance) Attacks will escalate BUT no faster than necessary 4. Attackers are innovative (and stealthy) Eventually all feasible attacks will manifest 5. Attackers are copycats Known attacks will proliferate widely 6. Attackers have asymmetrical advantage Need one point of failure
© Ravi Sandhu 8 World-Leading Research with Real-World Impact! Operational Principles A. Prepare for tomorrows attacks, not just yesterdays Good defenders strive to stay ahead of the curve, bad defenders forever lag B. Take care of tomorrows attacks before next years attacks Researchers will and should pursue defense against attacks that will manifest far in the future BUT these solutions will deploy only as attacks catch up C. Use future-proof barriers Defenders need a roadmap and need to make adjustments D. Its all about trade-offs Security, Convenience, Cost
Rational microsec behavior can result in highly vulnerable macrosec © Ravi Sandhu 9 World-Leading Research with Real-World Impact! Macrosec
Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.
Authentication: the problem that will not go away Prof. Ravi Sandhu Chief Scientist Protecting Online Identity.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: What You Need to Know Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February © Ravi Sandhu.
Principles of Microeconomics & Principles of Macroeconomics: Ch.1 Second Canadian Edition Chapter 1 Ten Principles of Economics © 2002 by Nelson, a division.
CHAPTER 1 The Economic Way of Thinking. KEY CONCEPTS Economics study of how people use resources to satisfy wants how individuals/societies choose to.
Learning Objectives 12.1 Describe the predominant economic systems and how they impact business Define scarcity and identify the problems posed.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
WHAT IS ECONOMICS? 1. Economics is….. 2 the social science that studies the production, distribution, and consumption of goods and services the social.
1-1 © The McGraw-Hill Companies, Inc., 2009 McGraw-Hill/Irwin LO 1 - All Chapter 1: Thinking Like an Economist 1.The Scarcity Principle: having more of.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
PowerPoint Slides prepared by: Andreea CHIRITESCU Eastern Illinois University 1 © 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned,
HIGHER ECONOMICS - EXAM TECHNIQUE Mark Moore. Why Bother? Because exam technique can make a significant difference to your final grade.
Change in S vs. Change in Qs. Change in Quantity Supplied This is a movement ALONG the curve resulting from a change in price As prices change, producers.
Case Study On The EU. Content The deepening of European integration –Single Market –Euro The widening of European integration The regional dimension of.
Economic choices We are faced with choices because we do not have enough productive resources to satisfy all of our wants and needs.
THE AMERICAN FREE ENTERPRISE SYSTEM IN THIS SECTION YOU MUST BE… –Able to describe the tradition of the Free enterprise system in the U.S. and the constitutional.
1 Rethinking Password Strategies Ravi Sandhu Chief Scientist
Theme 1 v1.0 The economic problem The 10 principles of economics.
NEXT The Economic Way of Thinking. NEXT Chapter 1: The Economic Way of Thinking Scarcity is the situation that exists because wants are unlimited and.
Chapter 20 Macroeconomic Forecasting: Methods and Pitfalls.
Information Systems Planning Chapter 4 Information Systems Management In Practice 7E McNurlin & Sprague PowerPoints prepared by Michael Matthew Visiting.
© 2010 Pearson Addison-Wesley. What Is Perfect Competition? Perfect competition is an industry in which Many firms sell identical products to many buyers.
Long-term Research and Innovation Policies for Sustainable Growth Luc Soete UNU-MERIT Regions for Economic Change – Building Sustainable Growth,
Potential GDP and the Natural Unemployment Rate CHAPTER 8.
1 Chapter 13 Information Technology Economics. 2 Learning Objectives Identify the major aspects of the economics of information technology. Explain the.
© 2016 SlidePlayer.com Inc. All rights reserved.