|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jordan Frank (jordan.frank
cs.mcgill.ca)
Date: Wed Apr 14 2010 - 17:35:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Huh? measures and information theory are have no issues with the
continuum, where singletons may have measure 0. grains of salt may
have infinitesimally small weights. this is no problem at all.
attribution can be defined as the goal of a process by which
information is gained (hopefully monotonically), as long as the size
(measure) of the set of suspects is inversely proportional to the
amount of information one has attained. it's all kosher.
jordan
On Wed, Apr 14, 2010 at 3:45 PM, Shane <shanesecurity-objectives.com> wrote:
> Dave: This seems to be somewhat paradoxical, given the definition of
> "know" itself is not black&white. How can you know? Even the size of
> cyberspace. A necessary first step towards knowing anything about the
> actors within. Given the expansive set of data sources of your
> cyberspace, it does not seem possible to derive any meaningful
> metric/statistics (or at a minimum some proportional grain of salt has
> to be weighted).
>
> Essentially arbitrary (personal preferences & it seems typically
> grandiose) constraints on the cyberuniverse are imposed by whomever is
> interpreting it, predisposing any analysis.
>
> Perhaps this is the distinction, cyberuniverse is everything, as you
> described (people's heads and such), cyberspace is the contrived/well
> defined set of constrained space which you are familiar/known to.
> Shane
>
>
> On 4/14/2010 9:20 AM, dave wrote:
>> In an interesting presentation I saw recently someone mentioned that Attribution is
>> hard in cyberspace (f.e. [1]), which generally is discussed in the context of
>> "Deterrence"[2]. I really like the term "cyberspace", although I know people hate it.
>>
>> First of all cyberspace is not "the Internet". It's (imho) a collection of networks,
>> information systems, databases, phone networks, people's heads, and other
>> "information entities" that together make up the world's set of data and data
>> processing. They call it "Information Operations" for a reason, but the term
>> "InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is.
>>
>> Secondly if you are doing your information operations correctly, then Attribution is
>> a solved problem. You can even use it as a metric: "Percent of incoming attacks that
>> I can tie to a known actor == amount I have 'dominance over the information
>> battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have
>> no attribution, you are not winning.
>>
>> Dave Aitel
>> Immunity, Inc.
>>
>> [1] http://www.nap.edu/openbook.php?record_id=11925&page=113
>> [2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]