40 likes | 170 Vues
Vulnerability of Complex Networks. Prepared for :. ACS Contact: Stuart S. Wagner swagner@appcomsci.com September 20, 2012. “Only the Paranoid Survive” – Andy Grove. Problem Statement. Inadvertent misconfiguration responsible for huge percentage of IP network downtime and vulnerabilities
E N D
Vulnerability of Complex Networks Prepared for: ACS Contact: Stuart S. Wagner swagner@appcomsci.com September 20, 2012 “Only the Paranoid Survive” – Andy Grove
Problem Statement • Inadvertent misconfiguration responsible for huge percentage of IP network downtime and vulnerabilities • Think what intentional, malicious misconfiguration could do • Fundamentally more powerful botnets are on the horizon • Black Hat Conference regularly features the latest hacks of routers, cellular networks, middleboxes, control planes,… • Network standards organizations and protocol developers don’t usually address the most pernicious attack vectors • Offense is generally easier and cheaper than defense, and is getting more so as networks become more complex • You can’t afford infinite resilience against all possible vulnerabilities and threats
Challenges for Network Resilience • Getting the most bang for the buck in the face of unanticipated vulnerabilities and unforeseen attacks • How do you even know when you have made a good investment? • What metric do you utilize to quantify the gain in trustworthiness and reliability for a given investment? • Providing different levels of resilience for different users, organizations, and missions • When does the cost of failure out-weigh the cost of resilience? • How do assign a probability, or a cost, to an unforeseen failure or attack mode? • How can we design networks to make them fundamentally less vulnerable to attack? Is this even possible?