Intro
So this particular entry is a bit… Different. At least I’m circling back to Cybersecurity, which I hadn’t mentioned for a while.
I have spent some time lately just “thinking” about what to do for the Master’s final project (aka Master Thesis). And here are some thoughts.
About the process
In a book (this one was called “Where good ideas come from”, by S. Johnson) some years ago, I read about how good ideas come to exist (sic!): Through “mixing” of disparate concepts (and I would agree, it seems plausible at the very least).
In other words, one would use concepts from different fields and/or totally unrelated things, shake that together, and that’s precisely where some of the best ideas would come from.
Nothing new under the Sun, I know. So I’ve been trying to apply the concepts learnt (or to be learnt) in the MSc I’m studying (“Computational Engineering & Mathematics”, it’s called) to the field I have some experience with, i.e. Cybersecurity.
And then whatever comes out of that, some of it I’ll implement in R ๐
A few possibilities
I’ve already hinted at possibilities of applying Simulation concepts to a “Security Operations Center” (here & here) in the past. That door is still open, as much more could probably be done there.
As we’ve looked in passing recently into Chaos and mentioned differential and predator-prey equations, maybe (maybe, meaning I don’t really know) I could look into how vulnerabilities appear and patches are applied. There is a lag there (vulnerabilities are discovered first, sometimes exploited “in the wild”, much before a patch is developed, not to mention when it is finally applied across a company’s network…). Or maybe (probably, again, I haven’t investigated much here) a model for infectious diseases would be more appropriate (and then patching would be the equivalent of vaccines…).
Then again, one could also use the above to illustrate the value (or balance) of heterogeneity: Instead of using consolidated software (which could potentially be cheaper to operate?), maybe using two or more alternatives CAN be better? Example: If you only use one version of Apache, you can have specialists, fine tuned maintenance, etc. for a consolidated install base of Apache servers. That’s great, but if a vulnerability appears affecting that platform, you’re affected all over (I’m simplifying, but I hope I’m getting the concept across). IF INSTEAD, you ensure your platform is a mix, somewhat/somehow separated, so that you have some IIS servers in there, MAYBE you can keep working with those if your Apaches are down… I don’t know if I’m explaining myself here (it’s the bad side of “writing” instead of “chatting”…), but I’ve always been curious about that idea: Somehow, in IT as in other fields, heterogeneity/variety makes (or well, can make) things more resilient. Does this warrant further research applied to Cybersecurity maybe?
Network Graphs also come to mind, particularly for things that are connected together in one way or another – and then “infection models” (again… Maybe these weird times of Covid are affecting my thinking?) so as to simulate how much an attacker that’s able to “access” can spread (get further and further inside the network, that is). Things like exposure, detection/reaction times, nodes with higher degrees (more important somehow?), centrality, radius & al… Could be studied and maybe used to reflect on security measures.
Or maybe, related to the above, one could simulate and study different strategies to be applied to each “network graph”, so as to evaluate the alternatives such as “increasing network segmentation”, “reducing shared infrastructure” (i.e. thereby reducing the reach of an attack to a constrained subset of the infrastructure or data), etc. But then, one could think in terms of Operational Research, looking for the right balance of Cost (how much does it cost to segment further the network? How much to separate a DBMS into 5 separate DBMS? How much to have separate farms of front-end servers?) vs impact reduction (i.e. benefit here).
Actually, such Operational Research concepts could be mixed and applied to our SOC Simulators mentioned earlier.
In discussing the fact that I was looking for ideas with colleagues (more minds definitely better than me thinking alone…), somehow the idea of math and cybersecurity seems to hint towards “anomaly detection” (which we mentioned here and here for instance). I’m not convinced this aligns greatly with the concepts studied in this particular Master degree though. Maybe. (Regardless: Thanks to the colleagues!)
When Math and Cybersecurity are mentioned together one tends to think “cryptography”. I don’t feel like it: It’s a well studied (and very complex!) topic. More importantly, I don’t see how I could add any value in that field, it’s not my specialty. So that’s probably a no right there.
Then again those are only a few ideas I’m thinking about these days. At the end, one of them (or maybe a mix?) will probably be the subject of my MSc Thesis. I simply don’t know yet.
Side note
I just started learning about High Performance Computing, and although very interesting… I don’t think I’ll be using much of that particular topic in the final project – although my readers know I like thinking about faster, parallel & distributed computing, as can be observed here, here or here, in no particular order. ๐
Somehow the NLP part and studying logs (which is another interest of mine) I don’t foresee will be useful in the context of this Master Degree.
Visualisations, on the other hand, will always come in handy; and if my thesis ends up looking more like a product than a paper, then things like Docker, Shiny, Plumber, coding best practices and other stuff will find their way into it, of course.
Conclusions
Mixing different things one learns along the way might (just might) help produce something of value in the end.
Some say good ideas are like that. I’m trying to see whether I can apply that, by mixing the (few) things I understand (or at least that I am curious about) and come up with something “fresh”, or at the very least interesting (at least to me, which would already be alright).
I’ll probably dive a bit into each of the above ideas in upcoming blog entries, just to explain each a bit better.
Some of them I’m curious about, particularly on how to approach them with sufficient “rigor”: Coming up with a representative mathematical equation (or system of equations) for a situation might prove challenging, and I am guessing I will have to make many assumptions/simplifications.
But then again, even if it only serves the purpose of thinking about a concept, I’ll be interested anyway… We’ll see ๐