SR3R Project Forum

Discussion and debate for the SR3R Project
It is currently Wed Nov 20, 2019 4:20 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Random Background Tally
PostPosted: Fri Feb 15, 2008 5:12 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
Cut from Decking Suggestions Thread:

Q) Create a 'false positive' background count for security tally
1. 1d6-1 for >50 users, 2d6-2 50-500, 3d6-3 >500
-For ease of calculation, drop the -1/-2/-3 and just start the sheaf higher
2. Is tally based on the host, the network, the PLTG, or the most popular host connected to it?
3. Should background tally be linked to the rating of the host? Red 4d6, Orange 3d6, etc.?
4. Tally decreases by 6 for blue, 4 for green, 2 for orange, 1 for red every twenty minutes, + die roll again

The basic idea is that, since Tally is meant to be more of a vague representation of a host's unease, and not have an exact 1-to-1 relationship with the host being hacked recently, then it stands to reason that there should be a set of false positives occurring fairly regularly, behind which the decker hides when he generates his *real* tally. IMO, the best way to represent this would be a randomized "background tally," a sea of noise and false positives that the host notices and eventually discards.

We can discuss details in a moment, but just for now, do you think this is a good idea? Note also that this rule will almost ensure that some IC will be active on all hosts basically all the time, so we'll probably have to ensure that IC doesn't automatically target the decker, just to keep things from getting silly. What do you think?


Top
 Profile  
 
PostPosted: Fri Feb 15, 2008 8:01 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
I think if we're going to go with our current understanding of security tally, this extension is just logical. I think it's a good idea to make sure it's a multiple d6 so we get a nice, round probability curve. No adding or subtracting unless it's so we can throw more d6s.

This also brings up two other interesting points. Firstly, a lot of systems will likely offset the sheaf up a few notches, so instead of the first probe coming out at step 4 maybe it comes out at step 10. If we assume that all instances of a piece of IC take significant processing power, less secure, less expensive systems will tolerate a higher amount of 'noise'. This is important to note if we use feral's universe security sheaf or just when writing sample sheafs.

Secondly, this means that if the security tally is regularly increased by legitimate icons doing legitimate things, when an invading decker drives the tally up all of those regular icons that accidentally bump up the tally are likely going to be hit by grey or even black IC. Presumably this means when the system goes on active alert it urges all users to go to cold-asist or log off altogether. This also means if a smart decker happened to say have an 'increase tally' utility, he could target one of the local security deckers, cause him to increase the tally, and watch as the host's own black IC targets its own security deckers.


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 7:59 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
nezumi wrote:
I think if we're going to go with our current understanding of security tally, this extension is just logical. I think it's a good idea to make sure it's a multiple d6 so we get a nice, round probability curve. No adding or subtracting unless it's so we can throw more d6s.
Indeed yes. I'm thinking of basing it off of the number of users. An RTG with its hundreds of thousands or even millions of users will always be swimming in tally, something like 4d6-4 or 6d6-6 (explaining why they don't pass it down to their LTGs), while your average PLTG or host with fewer than 100 active users would only have say (2d6-2)/2 tally.

Quote:
This also brings up two other interesting points. Firstly, a lot of systems will likely offset the sheaf up a few notches, so instead of the first probe coming out at step 4 maybe it comes out at step 10. If we assume that all instances of a piece of IC take significant processing power, less secure, less expensive systems will tolerate a higher amount of 'noise'. This is important to note if we use feral's universe security sheaf or just when writing sample sheafs.
Possibly, but then keep in mind that this is the purpose of Probe IC in the first place, to institute passive, then non-lethal countermeasures at the lower tally points and ratchet it up at higher levels. At tally 6 or so the probe will come out and just annoy random people, but at tally 47 the threat is great enough it's okay to risk some black IC frying a couple of innocent people's brains by mistake. After all, they signed the EULA by walking in the front "door"

Quote:
Secondly, this means that if the security tally is regularly increased by legitimate icons doing legitimate things, when an invading decker drives the tally up all of those regular icons that accidentally bump up the tally are likely going to be hit by grey or even black IC. Presumably this means when the system goes on active alert it urges all users to go to cold-asist or log off altogether. This also means if a smart decker happened to say have an 'increase tally' utility, he could target one of the local security deckers, cause him to increase the tally, and watch as the host's own black IC targets its own security deckers.
Oh absolutely. He might even try to spoof a command to the black IC (using the Inject program) to have him target the decker, or even target the nearby corp CEO to distract the guards while he makes a getaway.


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 8:57 pm 
Offline
Site Admin

Joined: Tue Jul 17, 2007 11:39 am
Posts: 875
Location: Boston
I've actually been brainstorming to try to find a way we can make "confusing the deputy" a valid approach to decking in general. Haven't been able to come up with enough approaches or details to really go anywhere with yet, though.

~J

_________________
Failure: when your best just isn't good enough.


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 9:13 pm 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
You already can, with a little creativity. Cloak to Evade Detection for the quick escape, then you start going around using the Alter Icon task on everything you see, to pull off a Thomas Crown Affair run, but with unwilling people instead of paid accomplices. :mrgreen:


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 9:59 pm 
Offline
Forum Admin

Joined: Tue Jul 17, 2007 11:50 am
Posts: 827
Location: DeeCee
Would tally (and response) be based off of USERS or ICONS? I assume there are tons of automated things running on a host that aren't driven by people, but I don't know if a process running on a host can trip that own host's security.


Top
 Profile  
 
PostPosted: Mon Feb 18, 2008 12:21 am 
Offline
Forum Admin

Joined: Wed Jul 18, 2007 3:11 am
Posts: 903
It would probably work best if it were for all icons, not just active users, otherwise most important research servers would be switched to have black IC running at tally 1 at night, when noone is using them.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group