Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cracking of wireless networks wikipedia , lookup
Deep packet inspection wikipedia , lookup
Net neutrality law wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Distributed firewall wikipedia , lookup
“Securitizing” the Internet – A Socio-Political Analysis Oxford Internet Institute Summer Doctorate Program July 2004 Nimrod Kozlovski [email protected] Post-Doc Associate, Yale CS Department, PORTIA Project “Securitizing” the Internet – A Socio- Political Analysis Brief Background introduction The internet model of communication The political economy of Information - the Internet model – type of discourse Security on the Internet (TCP/IP-based network) Survivability and take-over resistance – through redundancy and distributed system (Lack of) security with TCP/IP Integrity Confidentiality Availability (information availability vs. node/ server availability) … Attacks on the Internet Layers of attack – physical, logical, semantic Targets – integrity, confidentiality, availability Methods of attack – Intrusion – Hacking, Defacement, Spoofing, Malicious code Disruption – Dos, DDos, Hijacking, Rerouting … Security responses Technological Social/ Business Legal CyberCrime Law – towards securitization of the internet Cybercrime 1.0 – criminal legislation adaptation Cybercrime 2.0 – procedural and evidentiary Cybercrime 3.0 - the current battlefield Negotiating the security theory Policy choices for a communication medium Negotiating the security theory Security through obscurity/ confidentiality vs. Security through openness End to End design vs. In- network control Security by diversity vs. Security by homogeneity Peer security vs. Owners’ control e.g. Code openness – choice in IP regimes (copyright vs. patent); reverse engineering regulation e.g. Vulnerabilities reporting requirements e.g. port scanning; trespass Zero Tolerance vs. Failures management False positive/ False negative calibration Security-informed policy choices for the emerging virtual world Notions of space vs. Notions of flow (of information) Identity playfulness vs. Controlling identity Routing policy – Open road vs. Property rules Downstream liability vs. No-liability (virtual pollution laws) Enforcement – Public vs. Self help Service providers’ role – Liability vs. Immunity {Fair information practices vs. Contractual freedom} Policy choices – the trends Security-informed policy choices for the emerging virtual world – the trends Notions of space vs. Notions of flow (of information) Identity playfulness vs. Controlling identity e.g. Spoofing, names duplication Routing policy – Open road vs. Property rules Downstream liability vs. No-liability (virtual pollution laws) Enforcement – Public vs. Self help (corporate – ISP, IP owner, conditional) Service providers’ role – Liability vs. Immunity (vis-à-vis user, but regulated) {Fair information practices vs. Contractual freedom} Political economy in CyberCrime 3.0 Discussion – Cybercrime 3.0 – implications on the political economy of information – rethinking discourse dynamics and power Who controls the design of the communication process? What uses are possible? What and who decides whether new applications and services will be available? Who can shut off the conversation? Control the flow? Channel traffic? Favor speakers? How is the topology of the social network determined? (emergence or structured) What determines how the user can be presented in a conversation? Who defines who you are in a conversation? Further socio-political dimensions of securitization implications Innovation – what innovation enabled/ limited? Cultural exploration Social organization Political mobilization Towards normative security discourse Discussion – From security to securitization (See: Helen Nissenbaum) Security policy as a political discourse Revealing the biases in security policy Understanding the dynamics of regulation Political economy analysis as normative guidelines to securitization Background slides to follow The Internet Model for Communication and Information Network Internet Model Network Open network Decentralized Parity among users Interactive Neutral among applications Anonymous Linked Easy and cheap to use Lack central control (and central failure point) Inter-connected (to other systems, networks) The discourse in an Internet Model Network Vivid, robust and unmediated public discourse from diverse and antagonistic sources The Individual controls the type, mode and scope of communication/ interaction From consumers (of information) to producers and distributors of information Dynamic and modular modes of communication to accommodate needs-tailored-communication Emerging design of the network (social, technological, information linkage)