Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attribution

From: Jordan Frank <jordan.frank () cs mcgill ca>
Date: Wed, 14 Apr 2010 18:35:55 -0400
Huh? measures and information theory are have no issues with the
continuum, where singletons may have measure 0. grains of salt may
have infinitesimally small weights. this is no problem at all.
attribution can be defined as the goal of a process by which
information is gained (hopefully monotonically), as long as the size
(measure) of the set of suspects is inversely proportional to the
amount of information one has attained. it's all kosher.

jordan

On Wed, Apr 14, 2010 at 3:45 PM, Shane <shane () security-objectives com> wrote:

Dave: This seems to be somewhat paradoxical, given the definition of
"know" itself is not black&white.  How can you know?  Even the size of
cyberspace.  A necessary first step towards knowing anything about the
actors within.  Given the expansive set of data sources of your
cyberspace, it does not seem possible to derive any meaningful
metric/statistics (or at a minimum some proportional grain of salt has
to be weighted).

Essentially arbitrary (personal preferences & it seems typically
grandiose) constraints on the cyberuniverse are imposed by whomever is
interpreting it, predisposing any analysis.

Perhaps this is the distinction, cyberuniverse is everything, as you
described (people's heads and such), cyberspace is the contrived/well
defined set of constrained space which you are familiar/known to.
Shane


On 4/14/2010 9:20 AM, dave wrote:

In an interesting presentation I saw recently someone mentioned that Attribution is
hard in cyberspace (f.e. [1]), which generally is discussed in the context of
"Deterrence"[2]. I really like the term "cyberspace", although I know people hate it.

First of all cyberspace is not "the Internet". It's (imho) a collection of networks,
information systems, databases, phone networks, people's heads, and other
"information entities" that together make up the world's set of data and data
processing. They call it "Information Operations" for a reason, but the term
"InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is.

Secondly if you are doing your information operations correctly, then Attribution is
a solved problem. You can even use it as a metric: "Percent of incoming attacks that
I can tie to a known actor == amount I have 'dominance over the information
battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have
no attribution, you are not winning.

Dave Aitel
Immunity, Inc.

[1] http://www.nap.edu/openbook.php?record_id=11925&page=113
[2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: