Summary: Towards Better Definitions and Measures of Internet Security
J. Aspnes and J. Feigenbaum
M. Mitzenmacher and D. Parkes
January 30, 2003
The conventional wisdom is that "the Internet is very insecure." The subtitle of this workshop, namely
"deployment obstacles," implies that network owners, operators, and users could have solved pervasive
security problems if they had deployed existing security technology. Is there solid evidence that either
of these statements is true?
Clearly, there have been some well publicized Internet security problems (e.g., viruses and distributed
denial-of-service attacks) during the past five years, and some loss by individuals and businesses is
attributable to them. Does this mean that Internet insecurity is really a significant problem? Is it a
more serious problem than it was, say, ten years ago, or is there simply more awareness of it now than
there was then? What fraction of Internet activity or potential activity is disrupted or prevented because
of actual or perceived insecurity? Is this fraction higher or lower than it was ten years ago?