Determining an Economic Value of High Assurance for Commodity Software Security

Determining an Economic Value of High Assurance for Commodity Software Security

연구 분야: Verification

학회: Cambridge International Workshop on Security Protocols

Security measures that attempt to prevent breaches of commodity software have not used high assurance methods and tools. Instead, rational defenders have risked incurring losses caused by breaches because the cost of recovery from a breach multiplied by the probability of that breach was lower than the cost of prevention by high assurance, e.g., by formal methods. This practice may change soon since breach-recovery costs have increased substantially while formal methods costs have decreased dramatically over the past decade. We introduce the notion of selective high assurance and show that it is economically justified, as producers can easily recoup its cost even in very small commodity markets, and necessary for rational defenders to decrease their breach recovery costs below a chosen limit. However, these decreases depend on defenders’ risk aversion, which is difficult to assess since risk preferences cannot be anticipated. A challenge is to determine a lower bound on the economic value of selective high assurance independent of the defenders’ risk preferences; i.e., a value that depends only on the commodity software itself and the attacks it withstands. We propose an approach to determine such a value and illustrate it for SCION, a networking software system with provable security properties.