Presentation is loading. Please wait.

Presentation is loading. Please wait.

Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software.

Similar presentations


Presentation on theme: "Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software."— Presentation transcript:

1 Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software as Democratic Principle April 7, 2007

2 Dueling Slogans Open Source mantra: No Security Through Obscurity Secrecy does not work (or at least we shouldnt depend on it) Secrecy does not work (or at least we shouldnt depend on it) Disclosure is good (virtuous) Disclosure is good (virtuous) Military motto: Loose Lips Sink Ships Secrecy is essential Secrecy is essential Disclosure is bad (treason) Disclosure is bad (treason) Both cant be true at the same time

3 Overview Three papers complete, at search Swire 1. A model for when each approach is correct -- assumptions for the Open Source & military approaches Key reasons computer & network security often differ from earlier security problems and favor disclosure Key reasons computer & network security often differ from earlier security problems and favor disclosure 2. A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies Incentives for secrecy & openness to be used, even in Open Source, for both security and competitive reasons Incentives for secrecy & openness to be used, even in Open Source, for both security and competitive reasons 3. Privacy & Information Sharing in the War Against Terrorism All concern when disclosure helps security We can identify where openness most likely to succeed

4 I. Model for When Disclosure Helps Security Identify chief costs and benefits of disclosure Identify chief costs and benefits of disclosure Effect on attackers Effect on attackers Effect on defenders Effect on defenders Describe scenarios where disclosure of a defense likely to have net benefits or costs Describe scenarios where disclosure of a defense likely to have net benefits or costs Utilitarian in approach Utilitarian in approach Economics & computer security, not law Economics & computer security, not law

5 Open Source Perspective & Disclosure Helps Defenders Attackers learn little or nothing from public disclosure Attackers learn little or nothing from public disclosure Disclosures prompts designers to improve the defense -- learn of flaws and fix Disclosures prompts designers to improve the defense -- learn of flaws and fix Disclosure prompts other defenders/users of software to patch and fix Disclosure prompts other defenders/users of software to patch and fix Net: Costs of disclosure low. Bens high. Net: Costs of disclosure low. Bens high. [This is not a discussion of proprietary v. FLOSS – focus is on when disclosure improves security] [This is not a discussion of proprietary v. FLOSS – focus is on when disclosure improves security]

6 Military Base & Disclosure Helps Attackers It is hard for attackers to get close enough to learn the physical defenses It is hard for attackers to get close enough to learn the physical defenses Disclosure teaches the designers little about how to improve the defenses Disclosure teaches the designers little about how to improve the defenses Disclosure prompts little improvement by other defenders. Disclosure prompts little improvement by other defenders. Net: Costs from disclosure high but few benefits. Net: Costs from disclosure high but few benefits.

7 First Paper: Effects of Disclosure Low Help Attackers High Open Source: No security through obscurity Military/Intel: Loose lips sink ships Help Defenders Low High

8 Effects of Disclosure -- II Military/Intelligence Public Domain InformationSharing Open Source Low Help Attackers High Help Defenders Low High

9 Why Computer & Network Systems More Often Benefit From Disclosure Hiddenness & the first-time attack Hiddenness & the first-time attack N = number of attacks N = number of attacks L = learning from attacks L = learning from attacks C = communicate with other attackers C = communicate with other attackers Hiddenness helps for pit or for mine field Hiddenness helps for pit or for mine field Hiddenness works much less well for Hiddenness works much less well for Mass-market software Mass-market software Firewalls Firewalls Encryption algorithms Encryption algorithms

10 What Is Different for Cyber Attacks? Many attacks Many attacks Each attack is low cost Each attack is low cost Attackers learn from previous attacks Attackers learn from previous attacks This trick got me root access This trick got me root access Attackers communicate about vulnerabilities Attackers communicate about vulnerabilities Because of attackers knowledge, disclosure often helps defenders more than attackers for cyber attacks Because of attackers knowledge, disclosure often helps defenders more than attackers for cyber attacks

11 III. Incentives to Disclose A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies Security reasons to disclose or not Security reasons to disclose or not Competitive reasons to disclose or not Competitive reasons to disclose or not Actual disclosure is a function of both Actual disclosure is a function of both Distinct models needed to analyze security & competitive incentives Distinct models needed to analyze security & competitive incentives

12 ProducerSecurityCompetition Open Source Ideologically open; Some secret sauce (Case 1) Ideologically open; Apparently high use of trade secrets (Case 2) ProprietarySoftware Monopolist on source code; disclosure based on monopsony and market power (Case 3) Monopolist on source code; disclosure based on how open standards help profits (Case 4) Government Information sharing dilemma (help attackers & defenders); public choice model (Case 5) Turf maximization, e.g., FBI vs. local police for the credit (Case 6)

13 Case 1: Open Source/Security By ideology, by definition, & under licenses, open source code is viewable by all By ideology, by definition, & under licenses, open source code is viewable by all Based on interviews, secrecy still used: Based on interviews, secrecy still used: For passwords and keys For passwords and keys Stealth firewalls and other hidden features that are not observable from the outside Stealth firewalls and other hidden features that are not observable from the outside Secret sauce such as unusual settings and configurations, to defeat script kiddies Secret sauce such as unusual settings and configurations, to defeat script kiddies In short, rational secrecy is used to foil first-time and unsophisticated attacks In short, rational secrecy is used to foil first-time and unsophisticated attacks

14 Case 2: Open Source/Competition Interviews with O.S. devotees, they smile and admit that they dont publish their best stuff – whats going on? Interviews with O.S. devotees, they smile and admit that they dont publish their best stuff – whats going on? Stay six months ahead of the curve – a form of trade secrets Stay six months ahead of the curve – a form of trade secrets Users and widgit manufacturers wont want to disclose their internal software activities Users and widgit manufacturers wont want to disclose their internal software activities

15 Open Source/Competition Services dominate over products in many Open Source business models Services dominate over products in many Open Source business models Systems integrators: We take very valuable OS software, and build it into a suite of services that is event more valuable Systems integrators: We take very valuable OS software, and build it into a suite of services that is event more valuable GPL 2.0 applies to any work distributed or published, but not to services provided by one company GPL 2.0 applies to any work distributed or published, but not to services provided by one company Conclusion: trade secrets used in services have become a key competitive tool Conclusion: trade secrets used in services have become a key competitive tool Consistent with IBM and other major players services activities Consistent with IBM and other major players services activities

16 Case 2: Open Source/Competition Debate on GPL 3.0 Debate on GPL 3.0 Apparent defeat of earlier proposal to require publishing of code used internally Apparent defeat of earlier proposal to require publishing of code used internally Services companies (including large commercial players) sticking with secrecy of their non-distributed GPL 2.0 software to protect their trade secrets and business models Services companies (including large commercial players) sticking with secrecy of their non-distributed GPL 2.0 software to protect their trade secrets and business models

17 Case 3: Proprietary/Security Initially, the owner of closed-source software is in a monopoly position about flaws in the software it wrote Initially, the owner of closed-source software is in a monopoly position about flaws in the software it wrote An externality leads to under-disclosure: software company loses reputation and risks liability with disclosure but harm on the 3 rd party user An externality leads to under-disclosure: software company loses reputation and risks liability with disclosure but harm on the 3 rd party user This description was likely more true several years ago, before computer security was so important This description was likely more true several years ago, before computer security was so important Size of externality depends on the degree to which the sellers reputation suffers due to security flaws Size of externality depends on the degree to which the sellers reputation suffers due to security flaws Over time, outside programmers gain expertise, the 1 st party loses its monopoly position in knowledge about vulnerabilities, & reputation effect is greater Over time, outside programmers gain expertise, the 1 st party loses its monopoly position in knowledge about vulnerabilities, & reputation effect is greater

18 Case 3: Proprietary/Security What pressures force disclosure of vulnerabilities? What pressures force disclosure of vulnerabilities? Large buyers, who have a taste to know the code in their system Large buyers, who have a taste to know the code in their system Especially governments, who can (and do) require disclosure of vulnerabilities (Air Force) Especially governments, who can (and do) require disclosure of vulnerabilities (Air Force) To the extent there is competition based on software security, then disclosure may be profit-maximizing To the extent there is competition based on software security, then disclosure may be profit-maximizing Over time, have seen substantially greater openness about vulnerabilities in proprietary software Over time, have seen substantially greater openness about vulnerabilities in proprietary software

19 Case 4: Proprietary/Competitive Hidden source code as a trade secret and possible competitive edge Hidden source code as a trade secret and possible competitive edge Countervailing incentive to have at least partly open standards in order to get broad adoption, network effects, & first-mover advantage Countervailing incentive to have at least partly open standards in order to get broad adoption, network effects, & first-mover advantage At least share with developers & joint ventures At least share with developers & joint ventures Complex game theory on when to be open Complex game theory on when to be open

20 Open Source & Proprietary Greater secrecy in Open Source than usually recognized Greater secrecy in Open Source than usually recognized Secret sauce for security Secret sauce for security Trade secrets in services Trade secrets in services Greater openness in proprietary than usually recognized Greater openness in proprietary than usually recognized Large buyers, governments, reputation Large buyers, governments, reputation Financial gains from at least partly open standards Financial gains from at least partly open standards Convergence of the two approaches when it comes to disclosure? Convergence of the two approaches when it comes to disclosure?

21 Case 5: Government/Security Summary – incentives for government to disclosure often weak Summary – incentives for government to disclosure often weak Unclear when to do information sharing: Unclear when to do information sharing: Disclosure helps both attackers & defenders Disclosure helps both attackers & defenders 1 st party wants to share only with trusted third parties 1 st party wants to share only with trusted third parties Other 3 rd parties may want/need information to protect their own systems/jurisdictions Other 3 rd parties may want/need information to protect their own systems/jurisdictions Examples such as terrorist watch lists, terrorist modes of attack, alerts based on intelligence Examples such as terrorist watch lists, terrorist modes of attack, alerts based on intelligence

22 Case 5: Government/Security Not good market mechanisms for disclosure Not good market mechanisms for disclosure Thus a rationale for legal rules Thus a rationale for legal rules FOIA to create transparency, including risks to communities FOIA to create transparency, including risks to communities Executive Orders & congressional mandates to encourage information sharing Executive Orders & congressional mandates to encourage information sharing

23 Case 6: Government/Competitive Widespread view that law enforcement & intelligence agencies hoard data Widespread view that law enforcement & intelligence agencies hoard data Most famously, the FBI has not shared with locals Most famously, the FBI has not shared with locals Hoarding can protect turf – others cant use it against the 1 st party (the agency) Hoarding can protect turf – others cant use it against the 1 st party (the agency) Hoarding can garner credit with stakeholders – the arrest, the correct intelligence analysis Hoarding can garner credit with stakeholders – the arrest, the correct intelligence analysis Again, FOIA and Information Sharing mandates can seek to counter-act excessive secrecy Again, FOIA and Information Sharing mandates can seek to counter-act excessive secrecy

24 Implications for FOSS & Government Descriptive project – large zone where have a credible claim for security in Open Source approach to software Descriptive project – large zone where have a credible claim for security in Open Source approach to software Openness much more likely to help security for software than for physical security Openness much more likely to help security for software than for physical security Areas where claim for Open Source security are less strong Areas where claim for Open Source security are less strong Nuclear launch codes – few coders Nuclear launch codes – few coders First-time attacks – secrecy helps First-time attacks – secrecy helps Vulnerabilities that cant be fixed – obscurity may be the best among imperfect strategies Vulnerabilities that cant be fixed – obscurity may be the best among imperfect strategies

25 Conclusions Goal of describing when disclosure is societally optimal – does it help or hurt security Goal of describing when disclosure is societally optimal – does it help or hurt security Goal of describing incentives, for OS, proprietary, and government Goal of describing incentives, for OS, proprietary, and government I hope you can apply this to your setting, to see when each approach is most likely to achieve security I hope you can apply this to your setting, to see when each approach is most likely to achieve security


Download ppt "Free/Libre & Open Source Software and When Disclosure Helps Security Peter P. Swire Ohio State University Western Ontario: Free/Libre and Open Source Software."

Similar presentations


Ads by Google