This is the webapp for playing with the analysis results of Pareto-Optimal Defensive Strategies for Securing the Web.
Workflow:
Select an attacker from the respective dropdown menu.
Activate the mitigations you want to be considered in the analysis.
The default costs are displayed next to the mitigations. You are able to edit these cost and by that potentially change the resulting optimal defensive strategy and total cost. For computing the total cost, the cost of a mitigation is multiplied with the number of domains for which it is implemented.
You can find 1) the number of affected visitors in % without additional mitigations, 2) the number of secured visitors in % after applying the mitigations, and 3) the total cost of the mitigations below.
Additional features:
You can also have a look at the frontier with all Pareto-optimal defense strategies only considering subsets of your selected mitigations and your given costs. The Pareto frontier shows the total cost, percentage of still affected visitors and mitigations for every Pareto-optimal strategy.
You can download the resulting Pareto frontier as a JSON file.
You can save your own mitigation cost assignment in a config JSON file and import an existing config file.
1. Select an attacker.
You can select between some countries, important infrastructure providers and a hacker group mimicking the 2018 attack on MyEtherwallet.
2. Activate the mitigation you want to consider and chose cost.
Activate the mitigations you want to be considered in the analysis. The
default costs are displayed next to the mitigations. You are able to edit these
cost and by that potentially change the resulting optimal defensive strategy
and total cost. For computing the total cost, the cost of a mitigation is
multiplied with the number of domains for which it is implemented.
IPsec
$
DNSSEC
$
DANE
$
Certificate Transparency
$
SRI
$
Upgrade Requests HTTPS
$
Secure HTTPS inclusions
$
H3 (HTTPS, HTTPS-Redirection, HSTS)
$
HTTPS
$
Redirection to HTTPS
$
HSTS
$
3. Investigate effectiveness and cost.
Affected visitors:
Secured visitors:
Total cost:
4. Inspect Pareto frontier.
The Pareto frontier contains of all combinations of these mitigations that
are not dominated by another combinations, i.e., the other combination has
lower cost while achieving the same or even better decrease of attack success
or vice versa.
The remaining combinations are plotted on a graph mapping cost to how many
visitors are still affected. Hover next to each point on the plot to find out how they
combine.
Due to the high relative cost of IPSec, cheaper mitigations are clustered to the left; please use the zoom tool to inspect those.