Information Leakage Games

We consider a game-theoretic setting to model the interplay between attacker and defender in the context of information flow, and to reason about their optimal strategies. In contrast with standard game theory, in our games the utility of a mixed strategy is a convex function of the distribution on the defender's pure actions, rather than the expected value of their utilities. Nevertheless, the important properties of game theory, notably the existence of a Nash equilibrium, still hold for our (zero-sum) leakage games, and we provide algorithms to compute the corresponding optimal strategies. As typical in (simultaneous) game theory, the optimal strategy is usually mixed, i.e., probabilistic, for both the attacker and the defender. From the point of view of information flow, this was to be expected in the case of the defender, since it is well known that randomization at the level of the system design may help to reduce information leaks. Regarding the attacker, however, this seems the first work (w.r.t. the literature in information flow) proving formally that in certain cases the optimal attack strategy is necessarily probabilistic

The Demand for Technical Safeguards in the Healthcare Sector: a Historical Perspective Enlightens Deliberations about the Future

This exploratory paper seeks to identify the drivers of demand for technical safeguards in the healthcare sector. Initially, the advent of computing and the increase in computing power were embraced by many healthcare providers without much regard for technical safeguards within systems. However, the advent of media attention when there were breaches of security over patient records and the medical profession’s natural regard for patient confidentiality soon developed a consciousness of the need for technical safeguards. The United States of America has been the leading developer of database management in the healthcare sector and it is there that the demand and the advent of technical safeguards have been most advanced. Work at the Rand Corporation, in particular in the 1960s and 1970s, was influential in structuring the discussion and advancing the commitment of the medical profession and the government. This emergent review paper poses two questions: 1. Are there likely to be changes in emphasis in the objectives adopted in development of technical safeguards in the healthcare sector? 2. If there are likely to be changes in the objectives, what might these be

Phobic Cartography: a Human-Centred, Communicative Analysis of the Cyber Threat Landscape

This paper outlines the first stages of a research project mapping the cyber threat landscape. The proliferation and interconnection of networked devices and the ever-growing numbers of users able to damage (accidentally or deliberately) the integrity of this system of systems leads to cyber security adopting a reactive and defensive stance, in which we devise policy on the basis of what has happened, rather than what may happen, or what we pray will never happen. Simultaneously, the growth of the domain leads to silo thinking, and a lack of communication between public and private, civilian and military sectors; there is a need for a synoptic examination of the field, pooling the knowledge of practitioners from across the discipline. This paper will present the development of the initial proof of concept study, outlining: a. use of a blended methodology, combining automated quantitative analysis (via Corpus Linguistics tools) with qualitative study (via Critical Discourse Analysis); b. ethical issues involved in obtaining, storing, and handling of the data; c. a discussion of initial hypotheses; d. the intended plan of campaign for moving the project from pilot stage to its full scope; e. proposals as to how this project may act as a driver for innovation and greater resilience in devising effective cyber security policy. Mediaeval maps often contained blank space, labelled 'Terra Incognita' and 'Here Be Monsters'; this project will develop a more detailed cartography of the threat landscape of the cyber domain, filling in the blanks and identifying the 'monsters' we fear. This is an innovative project, examining empirical data drawn from respondents across the discipline, and offers a new way of examining the challenges we face. It allows us to develop a more accurate picture of the threat landscape, and to evaluate what risks we may be ignoring

A Cloud-Oriented Cross-Domain Security Architecture

The Monterey Security Architecture addresses the need to share high-value data across multiple domains of different classification levels while enforcing information flow policies. The architecture allows users with different security authorizations to securely collaborate and exchange information using commodity computers and familiar commercial client software that generally lack the prerequisite assurance and functional security protections. MYSEA seeks to meet two compelling requirements, often assumed to be at odds: enforcing critical, mandatory security policies, and allowing access and collaboration in a familiar work environment. Recent additions to the MYSEA design expand the architecture to support a cloud of cross-domain services, hosted within a federation of multilevel secure (MLS) MYSEA servers. The MYSEA cloud supports single-sign on, service replication, and network-layer quality of security service. This new cross domain, distributed architecture follows the consumption and delivery model for cloud services, while maintaining the federated control model necessary to support and protect cross domain collaboration within the enterprise. The resulting architecture shows the feasibility of high-assurance, cross-domain services hosted within a community cloud suitable for interagency, or joint, collaboration. This paper summarizes the MYSEA architecture and discusses MYSEA's approach to provide an MLS-constrained cloud computing environment.Approved for public release; distribution is unlimited

The engineer-criminologist and "the novelty of cybercrime":a situated genealogical study of timesharing systems

The Novelty of Cybercrime is a research problem in criminology where scholars are asking whether cybercrime is a wholly new form of crime compared with traditional–terrestrial crimes and whether new criminological theories are needed to understand it. Most criminological theories focus on the human rational aspects and downplay the role of non-humans in explaining what may be novel in cybercrime. This paper shows that a sociotechnical perspective can be developed for understanding the Novelty of Cybercrime using some insights from criminology. Working from the agnosticism principle of Actor-Network Theory and a situated genealogical perspective, it is possible to see that a criminological vocabulary can accommodate both the roles and relations of rational human and non-human actors. This is achieved by proposing the concept of the engineer–criminologist, developed by conducting a study of the development of information security for timesharing systems in the 1960s and 1970s. Timesharing security engineers were facing a completely new form of rule-breaking behaviour, that of unauthorised access and at the same time they were constantly using criminological concepts to shape their design of security and explain this behaviour. The concept of engineer–criminologists affords the use of criminological concepts in the sociotechnical study of the Novelty of Cybercrime