economicsofsecurity – Page 2 – SSL and internet security news

Machine Learning to Detect Software Vulnerabilities

January 8, 2019 infossl

artificialintelligence, economicsofsecurity, essays, machinelearning, Security technology, vulnerabilities

No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don’t know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the resultant arms race between the two I want to talk about software vulnerabilities. All software … Read More “Machine Learning to Detect Software Vulnerabilities” »

Measuring the Rationality of Security Decisions

August 7, 2018 infossl

academicpapers, economicsofsecurity, psychologyofsecurity, Security technology, securityeducation

Interesting research: “Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions“: Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic … Read More “Measuring the Rationality of Security Decisions” »

GCHQ on Quantum Key Distribution

August 1, 2018 infossl

authentication, cryptography, economicsofsecurity, encryption, gchq, keys, quantumcomputing, quantumcryptography, Security technology

The UK’s GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms — such as … Read More “GCHQ on Quantum Key Distribution” »

On Financial Fraud

July 25, 2018 infossl

auditing, banking, cons, crime, economicsofsecurity, fraud, Security technology

There are some good lessons in this article on financial fraud: That’s how we got it so wrong. We were looking for incidental breaches of technical regulations, not systematic crime. And the thing is, that’s normal. The nature of fraud is that it works outside your field of vision, subverting the normal checks and balances … Read More “On Financial Fraud” »

Department of Commerce Report on the Botnet Threat

July 11, 2018 infossl

botnets, economicsofsecurity, internetofthings, reports, Security technology

Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats … Read More “Department of Commerce Report on the Botnet Threat” »

Regulating Bitcoin

June 5, 2018 infossl

academicpapers, banking, bitcoin, cryptocurrency, economicsofsecurity, Security technology

Ross Anderson has a new paper on cryptocurrency exchanges. From his blog: Bitcoin Redux explains what’s going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a “balance” and allow them to transact with others. However if … Read More “Regulating Bitcoin” »

Estimating the Cost of Internet Insecurity

January 29, 2018 infossl

academicpapers, costbenefitanalysis, cybercrime, economicsofsecurity, Security technology, symantec

It’s really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I’ve seen at trying to put a number on this. The results are, well, all over the map: “Estimating the Global Cost of Cyber Risk: Methodology and Examples“: Abstract: … Read More “Estimating the Cost of Internet Insecurity” »

Details from the 2017 Workshop on Economics and Information Security

June 30, 2017 infossl

conferences, economicsofsecurity, Security technology, securityconferences

The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks. Powered by WPeMatico

DigiTally

November 30, 2016 infossl

academicpapers, authentication, banking, economicsofsecurity, pointofsale, retail, Security technology

Ross Anderson describes DigiTally, a secure payments system for use in areas where there is little or no network connectivity. Powered by WPeMatico

Regulation of the Internet of Things

November 10, 2016 infossl

denialofservice, dns, economicsofsecurity, internetofthings, laws, Security technology, softwareliability

Late last month, popular websites like Twitter, Pinterest, Reddit and PayPal went down for most of a day. The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology. If we want to secure our increasingly … Read More “Regulation of the Internet of Things” »