| Summary: | Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2005. === Includes bibliographical references. === My advisor, Professor Leveson has developed an accident modeling framework called STAMP (Systems Theoretic Accident Modeling and Processes.) Traditional accident models typically focus on component failure; in contrast, STAMP includes interactions between components as well as social, economic, and legal factors. My research extends Leveson's STAMP accident model and applies it to a security problem. I have chosen to investigate the threat posed by malicious computer software such as computer viruses. The problem is especially interesting because surrounding the technical aspects of malicious software is a rich socio-technical system. The first part of the thesis investigates two recent computer worm outbreaks and identifies the numerous ways in which the security system failed. For both outbreaks, there were multiple points of failure including the existence of un-patched workstations, software organizations that distributed insecure software, the lack of sufficient legal disincentives to dissuade hackers, as well as many others. The thesis goes on to examine why the system was operating in such an insecure manner. As is generally the case when modeling an accident, the explanation goes beyond any single factor. I argue that that lack of Internet security can be largely attributed to the fact that those providing critical parts of Internet security do not have sufficient incentives to make good security decisions; instead they often make decisions at odds with Internet security. The thesis concludes with a discussion of policy and technical recommendations for addressing computer security. === by David S. Zipkin. === S.M.
|
|---|
