Table of Contents
Summary…………………………………………………………………………………xi
Samenvatting (Dutch Summary)…………………………………………………. xv
Doctoral Propositions ……………………………………………………………… xxi
Foreword ……………………………………………………………………………. xxiii
Introduction ……………………………………………………………… 1
1.1 Problem Definition ……………………………………………………………. 1
1.2 Research Questions…………………………………………………………… 4
1.3 Dissertation Outline…………………………………………………………… 7
The Economics of Cybersecurity………………………………… 11
2.1 Introduction……………………………………………………………………. 11
2.2 Cybersecurity as an Economic Problem ……………………………… 14
2.3 Software and Platform Security ………………………………………….. 18
2.4 End-User and Organizational Security ………………………………… 21
2.5 Internet Intermediaries…………………………………………………….. 25
2.6 Attacker Behavior……………………………………………………………. 33
2.7 Policy Options ………………………………………………………………… 35
2.8 Conclusion …………………………………………………………………….. 40
The Role of ISPs in Botnet Mitigation …………………………… 41
3.1 Introduction……………………………………………………………………. 41
3.2 Economic Incentives of Attackers and Defenders …………………. 42
3.3 Methodology………………………………………………………………….. 43
3.4 Do ISPs Make a Difference? ………………………………………………. 49
3.5 Why Do Some ISPs Perform Better?…………………………………….. 52
3.6 Which Policies Are Effective? ……………………………………………. 55
3.7 Conclusion …………………………………………………………………….. 56
Conficker Botnet Cleanup After Six Years……………………. 59
4.1 Introduction……………………………………………………………………. 59
4.2 Background……………………………………………………………………. 61
4.3 Methodology………………………………………………………………….. 66
4.4 Modeling Infections…………………………………………………………. 72
4.5 Findings ………………………………………………………………………… 77
4.6 Discussion……………………………………………………………………… 84
4.7 Conclusion …………………………………………………………………….. 86
viii
Security Economics of Certificate Authorities ………………. 91
5.1 Introduction……………………………………………………………………. 91
5.2 Systemic Vulnerabilities in the HTTPS Model……………………….. 93
5.3 Methodology………………………………………………………………….. 98
5.4 The Market for TLS/SSL Certificates………………………………….. 101
5.5 Analysis of HTTPS Market Incentives ………………………………… 109
5.6 Improving HTTPS Governance ………………………………………… 117
5.7 Conclusion …………………………………………………………………… 122
ISP Incentives to Deploy Deep Packet Inspection ……….. 123
6.1 Introduction………………………………………………………………….. 123
6.2 Background………………………………………………………………….. 124
6.3 Methodology………………………………………………………………… 126
6.4 DPI Trends …………………………………………………………………… 128
6.5 Multivariate Modeling ……………………………………………………. 130
6.6 Discussion……………………………………………………………………. 135
6.7 Conclusion …………………………………………………………………… 136
Security Measurements and Public Policy: Mind the Gap. 139
7.1 Introduction………………………………………………………………….. 139
7.2 Accessible Measurements ………………………………………………. 140
7.3 The Case of Analyzing Glasnost……………………………………….. 143
7.4 Other Cases …………………………………………………………………. 147
7.5 Discussion……………………………………………………………………. 148
7.6 Conclusion …………………………………………………………………… 149
Conclusions ………………………………………………………….. 151
8.1 Summary of the Empirical Findings ………………………………….. 152
8.2 Reflections on Analyzing Security Measurements ……………….. 155
8.3 Implications for Cybersecurity Policy……………………………….. 159
8.4 Future Work …………………………………………………………………. 164
References …………………………………………………………………………… 167
Appendix – pyasn 1.5 Manual………………………………………………….. 189
Acknowledgements……………………………………………………………….. 193
Curriculum Vitae…………………………………………………………………… 195
List of Publications…………………………………………………………………. 196
Abstract
Research in the field of information security economics has clarified how attacker and defender incentives affect cybersecurity. It has also highlighted the role of intermediaries in strengthening cybersecurity. Intermediaries are organizations and firms that provide the Internet’s infrastructure and platforms. This dissertation looks at how intermediary behavior and incentives can be understood from measurements—such as incident data and network logs. The question is answered through a literature review, four empirical studies, and two reflection chapters. The studies researched the role of ISPs in mitigating botnets, the success of anti-botnet initiatives in Conficker cleanup, vulnerabilities in the certificate authority ecosystem, and ISP incentives to deploy deep packet inspection, all using cross-country and longitudinal measurements. The dissertation concludes by reflecting on both the methodology and the broader implications for cybersecurity policy.