Dissertation Defense

Nation-State Attackers and their Effects on Computer Security

Andrew Springall

Nation-state intelligence agencies have long attempted to operate in secret, but
recent revelations have drawn the attention of security researchers as well as
the general public to their operations. The scale, aggressiveness, and
untargeted nature of many of these now public operations were not only alarming,
but also baffling as many were thought impossible or at best infeasible at
scale. The security community has since made many efforts to protect end-users
by identifying, analyzing, and mitigating these now known operations.

While much-needed, the security community's response has largely been
reactionary to the oracled existence of vulnerabilities and the disclosure of
specific operations. Nation-State Attackers, however, are dynamic,
forward-thinking, and surprisingly agile adversaries who do not rest on their
laurels and are continually advancing their efforts to obtain information.
Without the ability to conceptualize their actions, understand their
perspective, or account for their presence, the security community's advances
will slowly become antiquated and unable to defend against the progress of
Nation-State Attackers.

In this work, we present and discuss a high-level model of Nation-State
Attackers that we believe can be used to represent their attributes, behavior
patterns, and world view. We use this representation of Nation-State Attackers
to A) show that real-world threat models do not account for such highly
privileged attackers, B) identify and support technical explanations of known
but ambiguous operations, and C) identify and analyze vulnerabilities in current
systems that are favorable to Nation-State Attackers."

Sponsored by

Alex J. Halderman