Embed Size (px)
Citation preview
1
Vulnerability of Complex Networks
Prepared for: ACS Contact:
Stuart S. [email protected]
September 20, 2012
“Only the Paranoid Survive” – Andy Grove
2
Problem Statement
• Inadvertent misconfiguration responsible for huge percentage of IP network downtime and vulnerabilities
− Think what intentional, malicious misconfiguration could do
• Fundamentally more powerful botnets are on the horizon
• Black Hat Conference regularly features the latest hacks of routers, cellular networks, middleboxes, control planes,…
• Network standards organizations and protocol developers don’t usually address the most pernicious attack vectors
• Offense is generally easier and cheaper than defense, and is getting more so as networks become more complex
• You can’t afford infinite resilience against all possible vulnerabilities and threats
3
Challenges for Network Resilience
• Getting the most bang for the buck in the face of unanticipated vulnerabilities and unforeseen attacks
− How do you even know when you have made a good investment?
− What metric do you utilize to quantify the gain in trustworthiness and reliability for a given investment?
• Providing different levels of resilience for different users, organizations, and missions
− When does the cost of failure out-weigh the cost of resilience?
− How do assign a probability, or a cost, to an unforeseen failure or attack mode?
• How can we design networks to make them fundamentally less vulnerable to attack? Is this even possible?
