Notes On The Design Of An Internet Adversary
David S. H. Rosenthal, Petros Maniatis, Mema Roussopoulos, T.J. Giuli,, Mary Baker
TL;DR
This paper discusses the importance of realistic adversary models in designing resilient Internet defenses, emphasizing the need for a consensus on adversary capabilities and presenting a case study from the LOCKSS system.
Contribution
It offers a detailed assessment of adversary capabilities and proposes a framework for a reusable adversary specification to improve defense design.
Findings
Adversary capability assessment influences protocol redesign.
A conservative adversary model was used in LOCKSS system updates.
The paper advocates for standardized adversary specifications.
Abstract
The design of the defenses Internet systems can deploy against attack, especially adaptive and resilient defenses, must start from a realistic model of the threat. This requires an assessment of the capabilities of the adversary. The design typically evolves through a process of simulating both the system and the adversary. This requires the design and implementation of a simulated adversary based on the capability assessment. Consensus on the capabilities of a suitable adversary is not evident. Part of the recent redesign of the protocol used by peers in the LOCKSS digital preservation system included a conservative assessment of the adversary's capabilities. We present our assessment and the implications we drew from it as a step towards a reusable adversary specification.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Distributed systems and fault tolerance