Notatypewriter's Blog

Umm… what?

Posts Tagged ‘ucsd

Lecture Notes: UMD Cybersecurity Seminar “The Argument for Data-driven Security” by Prof Stefan Savage, UCSD

leave a comment »

I attended a lecture (video) given by Professor Stefan Savage at the Google & University of Maryland Cybersecurity Seminar Series on the need for data in computer security.

He says the computer security field today is driven by patching or mitigating the vulnerability of the week. Presenters at the premiere computer security conferences like Black Hat and DEFCON talk about their latest exploit. Savage says this approach is ineffective at actually keeping people secure. Savage proposes that viewing security problems through the lens of business and economics can be used to gain insight into the effectiveness of measures taken to protect against or attack the computer criminals and those who enable them.


  • Savage says in the business context, the effectiveness of security is not a yes-no answer (Did it work?) but rather it should be phrased in a cost-benefit analysis. By how much did a security measure increase costs for the bad guys? Does a security measure trash the investments the bad guys made into their infrastructure? In the case of takedowns, can the bad guys quickly switch to another provider of services you just took down? Economics and business can help us understand mitigations.
  • I would tend to agree. His analysis of the spam ecosystem made sense, not that it has been put into practice… yet. I do agree with the need for more data.
  • Savage’s data collection infrastructure is massive and awesome. He claims to be able to view 1% of global Internet traffic. Thousands of instances of Firefox clicking on millions of spams. Dozens of Internet connections distributed across the world used to browse spammer’s sites. Automatic clustering and classification of illegal pharmacy sites to tie these sites to the affiliate marketer that made the site. Without this infrastructure, Savage’s research and ultimate recommendation would not have been possible.
  • “Before we had cloud, we had botnets.”
  • Apparently, bank scams can be run out of Iran. It wasn’t clear whether this was officially sanctioned, officially ignored, or just the result of lax enforcement.
  • Kill the illegal payment processors now.

Read the rest of this entry »


Written by notatypewriter

2011 September 2 at 12:30 am

%d bloggers like this: