-
Optimal security hardening over a probabilistic attack graph: a case study of an industrial control system using the CySecTool tool
Authors:
Przemysław Buczkowski,
Pasquale Malacaria,
Chris Hankin,
Andrew Fielder
Abstract:
CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating pri…
▽ More
CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating privileges, and controls reduce the probabilities of some vulnerabilities being exploited. The tool builds on an optimisation algorithm published by Khouzani et al. (2019), enabling a user to quickly create, edit, and incrementally improve models, analyse results for given portfolios and display the best solutions for all possible budgets in the form of a Pareto frontier. A case study was performed utilising a system graph and suspected attack paths prepared by industrial security engineers based on an industrial source with which they work. The goal of the case study is to model a supervisory control and data acquisition (SCADA) industrial system which, due to having the potential to harm people, necessitates strong protection while not allowing the use of typical penetration tools like vulnerability scanners. Results are analysed to show how a cyber-security analyst would use CySecTool to store cyber-security intelligence and draw further conclusions.
△ Less
Submitted 25 April, 2022;
originally announced April 2022.
-
Certified Federated Adversarial Training
Authors:
Giulio Zizzo,
Ambrish Rawat,
Mathieu Sinn,
Sergio Maffeis,
Chris Hankin
Abstract:
In federated learning (FL), robust aggregation schemes have been developed to protect against malicious clients. Many robust aggregation schemes rely on certain numbers of benign clients being present in a quorum of workers. This can be hard to guarantee when clients can join at will, or join based on factors such as idle system status, and connected to power and WiFi. We tackle the scenario of se…
▽ More
In federated learning (FL), robust aggregation schemes have been developed to protect against malicious clients. Many robust aggregation schemes rely on certain numbers of benign clients being present in a quorum of workers. This can be hard to guarantee when clients can join at will, or join based on factors such as idle system status, and connected to power and WiFi. We tackle the scenario of securing FL systems conducting adversarial training when a quorum of workers could be completely malicious. We model an attacker who poisons the model to insert a weakness into the adversarial training such that the model displays apparent adversarial robustness, while the attacker can exploit the inserted weakness to bypass the adversarial training and force the model to misclassify adversarial examples. We use abstract interpretation techniques to detect such stealthy attacks and block the corrupted model updates. We show that this defence can preserve adversarial robustness even against an adaptive attacker.
△ Less
Submitted 20 December, 2021;
originally announced December 2021.
-
MaxSAT Evaluation 2020 -- Benchmark: Identifying Maximum Probability Minimal Cut Sets in Fault Trees
Authors:
Martín Barrère,
Chris Hankin
Abstract:
This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as th…
▽ More
This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as the optimal cost and solution for each case.
△ Less
Submitted 16 July, 2020;
originally announced July 2020.
-
CyRes -- Avoiding Catastrophic Failure in Connected and Autonomous Vehicles (Extended Abstract)
Authors:
Carsten Maple,
Peter Davies,
Kerstin Eder,
Chris Hankin,
Greg Chance,
Gregory Epiphaniou
Abstract:
Existing approaches to cyber security and regulation in the automotive sector cannot achieve the quality of outcome necessary to ensure the safe mass deployment of advanced vehicle technologies and smart mobility systems. Without sustainable resilience hard-fought public trust will evaporate, derailing emerging global initiatives to improve the efficiency, safety and environmental impact of future…
▽ More
Existing approaches to cyber security and regulation in the automotive sector cannot achieve the quality of outcome necessary to ensure the safe mass deployment of advanced vehicle technologies and smart mobility systems. Without sustainable resilience hard-fought public trust will evaporate, derailing emerging global initiatives to improve the efficiency, safety and environmental impact of future transport. This paper introduces an operational cyber resilience methodology, CyRes, that is suitable for standardisation. The CyRes methodology itself is capable of being tested in court or by publicly appointed regulators. It is designed so that operators understand what evidence should be produced by it and are able to measure the quality of that evidence. The evidence produced is capable of being tested in court or by publicly appointed regulators. Thus, the real-world system to which the CyRes methodology has been applied is capable of operating at all times and in all places with a legally and socially acceptable value of negative consequence.
△ Less
Submitted 3 July, 2020; v1 submitted 26 June, 2020;
originally announced June 2020.
-
Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT
Authors:
Martín Barrère,
Chris Hankin
Abstract:
In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient.
In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient.
△ Less
Submitted 5 May, 2020;
originally announced May 2020.
-
Assessing Cyber-Physical Security in Industrial Control Systems
Authors:
Martín Barrère,
Chris Hankin,
Demetrios G. Eliades,
Nicolas Nicolau,
Thomas Parisini
Abstract:
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependenc…
▽ More
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlap** manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
△ Less
Submitted 21 November, 2019;
originally announced November 2019.
-
Adversarial Attacks on Time-Series Intrusion Detection for Industrial Control Systems
Authors:
Giulio Zizzo,
Chris Hankin,
Sergio Maffeis,
Kevin Jones
Abstract:
Neural networks are increasingly used for intrusion detection on industrial control systems (ICS). With neural networks being vulnerable to adversarial examples, attackers who wish to cause damage to an ICS can attempt to hide their attacks from detection by using adversarial example techniques. In this work we address the domain specific challenges of constructing such attacks against autoregress…
▽ More
Neural networks are increasingly used for intrusion detection on industrial control systems (ICS). With neural networks being vulnerable to adversarial examples, attackers who wish to cause damage to an ICS can attempt to hide their attacks from detection by using adversarial example techniques. In this work we address the domain specific challenges of constructing such attacks against autoregressive based intrusion detection systems (IDS) in an ICS setting.
We model an attacker that can compromise a subset of sensors in a ICS which has a LSTM based IDS. The attacker manipulates the data sent to the IDS, and seeks to hide the presence of real cyber-physical attacks occurring in the ICS.
We evaluate our adversarial attack methodology on the Secure Water Treatment system when examining solely continuous data, and on data containing a mixture of discrete and continuous variables. In the continuous data domain our attack successfully hides the cyber-physical attacks requiring 2.87 out of 12 monitored sensors to be compromised on average. With both discrete and continuous data our attack required, on average, 3.74 out of 26 monitored sensors to be compromised.
△ Less
Submitted 3 October, 2021; v1 submitted 8 November, 2019;
originally announced November 2019.
-
MaxSAT Evaluation 2019 -- Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs
Authors:
Martín Barrère,
Chris Hankin,
Nicolas Nicolau,
Demetrios G. Eliades,
Thomas Parisini
Abstract:
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND…
▽ More
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case.
△ Less
Submitted 1 November, 2019;
originally announced November 2019.
-
Deep Latent Defence
Authors:
Giulio Zizzo,
Chris Hankin,
Sergio Maffeis,
Kevin Jones
Abstract:
Deep learning methods have shown state of the art performance in a range of tasks from computer vision to natural language processing. However, it is well known that such systems are vulnerable to attackers who craft inputs in order to cause misclassification. The level of perturbation an attacker needs to introduce in order to cause such a misclassification can be extremely small, and often imper…
▽ More
Deep learning methods have shown state of the art performance in a range of tasks from computer vision to natural language processing. However, it is well known that such systems are vulnerable to attackers who craft inputs in order to cause misclassification. The level of perturbation an attacker needs to introduce in order to cause such a misclassification can be extremely small, and often imperceptible. This is of significant security concern, particularly where misclassification can cause harm to humans.
We thus propose Deep Latent Defence, an architecture which seeks to combine adversarial training with a detection system. At its core Deep Latent Defence has a adversarially trained neural network. A series of encoders take the intermediate layer representation of data as it passes though the network and project it to a latent space which we use for detecting adversarial samples via a $k$-nn classifier. We present results using both grey and white box attackers, as well as an adaptive $L_{\infty}$ bounded attack which was constructed specifically to try and evade our defence. We find that even under the strongest attacker model that we have investigated our defence is able to offer significant defensive benefits.
△ Less
Submitted 27 September, 2020; v1 submitted 9 October, 2019;
originally announced October 2019.
-
Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems
Authors:
Martín Barrère,
Chris Hankin,
Nicolas Nicolau,
Demetrios G. Eliades,
Thomas Parisini
Abstract:
In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently ide…
▽ More
In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.
△ Less
Submitted 12 May, 2019;
originally announced May 2019.
-
Improving ICS Cyber Resilience through Optimal Diversification of Network Resources
Authors:
Tingting Li,
Cheng Feng,
Chris Hankin
Abstract:
Network diversity has been widely recognized as an effective defense strategy to mitigate the spread of malware. Optimally diversifying network resources can improve the resilience of a network against malware propagation. This work proposes an efficient method to compute such an optimal deployment, in the context of upgrading a legacy Industrial Control System with modern IT infrastructure. Our a…
▽ More
Network diversity has been widely recognized as an effective defense strategy to mitigate the spread of malware. Optimally diversifying network resources can improve the resilience of a network against malware propagation. This work proposes an efficient method to compute such an optimal deployment, in the context of upgrading a legacy Industrial Control System with modern IT infrastructure. Our approach can tolerate various constraints when searching for an optimal diversification, such as outdated products and strict configuration policies. We explicitly measure the vulnerability similarity of products based on the CVE/NVD, to estimate the infection rate of malware between products. A Stuxnet-inspired case demonstrates our optimal diversification in practice, particularly when constrained by various requirements. We then measure the improved resilience of the diversified network in terms of a well-defined diversity metric and Mean-time-to-compromise (MTTC), to verify the effectiveness of our approach. We further evaluate three factors affecting the performance of the optimization, such as the network structure, the variety of products and constraints. Finally, we show the competitive scalability of our approach in finding optimal solutions within a couple of seconds to minutes for networks of large scales (up to 10,000 hosts) and high densities (up to 240,000 edges).
△ Less
Submitted 16 May, 2019; v1 submitted 31 October, 2018;
originally announced November 2018.
-
DEFENDER: Detecting and Forecasting Epidemics using Novel Data-analytics for Enhanced Response
Authors:
Donal Simmie,
Nicholas Thapen,
Chris Hankin
Abstract:
In recent years social and news media have increasingly been used to explain patterns in disease activity and progression. Social media data, principally from the Twitter network, has been shown to correlate well with official disease case counts. This fact has been exploited to provide advance warning of outbreak detection, tracking of disease levels and the ability to predict the likelihood of i…
▽ More
In recent years social and news media have increasingly been used to explain patterns in disease activity and progression. Social media data, principally from the Twitter network, has been shown to correlate well with official disease case counts. This fact has been exploited to provide advance warning of outbreak detection, tracking of disease levels and the ability to predict the likelihood of individuals develo** symptoms. In this paper we introduce DEFENDER, a software system that integrates data from social and news media and incorporates algorithms for outbreak detection, situational awareness, syndromic case tracking and forecasting. As part of this system we have developed a technique for creating a location network for any country or region based purely on Twitter data. We also present a disease count tracking approach which leverages counts from multiple symptoms, which was found to improve the tracking of diseases by 37 percent over a model that used only previous case data. Finally we attempt to forecast future levels of symptom activity based on observed user movement on Twitter, finding a moderate gain of 5 percent over a time series forecasting model.
△ Less
Submitted 16 April, 2015;
originally announced April 2015.
-
The Early Bird Catches The Term: Combining Twitter and News Data For Event Detection and Situational Awareness
Authors:
Nicholas Thapen,
Donal Simmie,
Chris Hankin
Abstract:
Twitter updates now represent an enormous stream of information originating from a wide variety of formal and informal sources, much of which is relevant to real-world events. In this paper we adapt existing bio-surveillance algorithms to detect localised spikes in Twitter activity corresponding to real events with a high level of confidence. We then develop a methodology to automatically summaris…
▽ More
Twitter updates now represent an enormous stream of information originating from a wide variety of formal and informal sources, much of which is relevant to real-world events. In this paper we adapt existing bio-surveillance algorithms to detect localised spikes in Twitter activity corresponding to real events with a high level of confidence. We then develop a methodology to automatically summarise these events, both by providing the tweets which fully describe the event and by linking to highly relevant news articles. We apply our methods to outbreaks of illness and events strongly affecting sentiment. In both case studies we are able to detect events verifiable by third party sources and produce high quality summaries.
△ Less
Submitted 9 April, 2015;
originally announced April 2015.
-
Comparing Decision Support Approaches for Cyber Security Investment
Authors:
Andrew Fielder,
Emmanouil Panaousis,
Pasquale Malacaria,
Chris Hankin,
Fabrizio Smeraldi
Abstract:
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision-support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation and a hybrid of the tw…
▽ More
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision-support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. In terms of game theory we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. We compare these approaches on a case study that was built on SANS top critical controls. The main achievements of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment.
△ Less
Submitted 19 February, 2015;
originally announced February 2015.
-
A short note on Simulation and Abstraction
Authors:
Chris Hankin
Abstract:
This short note is written in celebration of David Schmidt's sixtieth birthday. He has now been active in the program analysis research community for over thirty years and we have enjoyed many interactions with him. His work on characterising simulations between Kripke structures using Galois connections was particularly influential in our own work on using probabilistic abstract interpretation…
▽ More
This short note is written in celebration of David Schmidt's sixtieth birthday. He has now been active in the program analysis research community for over thirty years and we have enjoyed many interactions with him. His work on characterising simulations between Kripke structures using Galois connections was particularly influential in our own work on using probabilistic abstract interpretation to study Larsen and Skou's notion of probabilistic bisimulation. We briefly review this work and discuss some recent applications of these ideas in a variety of different application areas.
△ Less
Submitted 19 September, 2013;
originally announced September 2013.
-
Fast Multi-Scale Community Detection based on Local Criteria within a Multi-Threaded Algorithm
Authors:
Erwan Le Martelot,
Chris Hankin
Abstract:
Many systems can be described using graphs, or networks. Detecting communities in these networks can provide information about the underlying structure and functioning of the original systems. Yet this detection is a complex task and a large amount of work was dedicated to it in the past decade. One important feature is that communities can be found at several scales, or levels of resolution, indi…
▽ More
Many systems can be described using graphs, or networks. Detecting communities in these networks can provide information about the underlying structure and functioning of the original systems. Yet this detection is a complex task and a large amount of work was dedicated to it in the past decade. One important feature is that communities can be found at several scales, or levels of resolution, indicating several levels of organisations. Therefore solutions to the community structure may not be unique. Also networks tend to be large and hence require efficient processing. In this work, we present a new algorithm for the fast detection of communities across scales using a local criterion. We exploit the local aspect of the criterion to enable parallel computation and improve the algorithm's efficiency further. The algorithm is tested against large generated multi-scale networks and experiments demonstrate its efficiency and accuracy.
△ Less
Submitted 5 February, 2013; v1 submitted 5 January, 2013;
originally announced January 2013.
-
Fast Multi-Scale Detection of Relevant Communities
Authors:
Erwan Le Martelot,
Chris Hankin
Abstract:
Nowadays, networks are almost ubiquitous. In the past decade, community detection received an increasing interest as a way to uncover the structure of networks by grou** nodes into communities more densely connected internally than externally. Yet most of the effective methods available do not consider the potential levels of organisation, or scales, a network may encompass and are therefore lim…
▽ More
Nowadays, networks are almost ubiquitous. In the past decade, community detection received an increasing interest as a way to uncover the structure of networks by grou** nodes into communities more densely connected internally than externally. Yet most of the effective methods available do not consider the potential levels of organisation, or scales, a network may encompass and are therefore limited. In this paper we present a method compatible with global and local criteria that enables fast multi-scale community detection. The method is derived in two algorithms, one for each type of criterion, and implemented with 6 known criteria. Uncovering communities at various scales is a computationally expensive task. Therefore this work puts a strong emphasis on the reduction of computational complexity. Some heuristics are introduced for speed-up purposes. Experiments demonstrate the efficiency and accuracy of our method with respect to each algorithm and criterion by testing them against large generated multi-scale networks. This study also offers a comparison between criteria and between the global and local approaches.
△ Less
Submitted 6 June, 2012; v1 submitted 4 April, 2012;
originally announced April 2012.
-
Secondary use of data in EHR systems
Authors:
Fan Yang,
Chris Hankin,
Flemming Nielson,
Hanne Riis Nielson
Abstract:
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies - policies based on the future behavior of a program. A novel feature of our approach is that advice is able to analyze the future use of…
▽ More
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies - policies based on the future behavior of a program. A novel feature of our approach is that advice is able to analyze the future use of data. We consider a number of different security policies, concerning both primary and secondary use of data, some of which can only be enforced by analysis of process continuations.
△ Less
Submitted 20 January, 2012;
originally announced January 2012.
-
Multi-scale Community Detection using Stability Optimisation within Greedy Algorithms
Authors:
Erwan Le Martelot,
Chris Hankin
Abstract:
Many real systems can be represented as networks whose analysis can be very informative regarding the original system's organisation. In the past decade community detection received a lot of attention and is now an active field of research. Recently stability was introduced as a new measure for partition quality. This work investigates stability as an optimisation criterion that exploits a Markov…
▽ More
Many real systems can be represented as networks whose analysis can be very informative regarding the original system's organisation. In the past decade community detection received a lot of attention and is now an active field of research. Recently stability was introduced as a new measure for partition quality. This work investigates stability as an optimisation criterion that exploits a Markov process view of networks to enable multi-scale community detection. Several heuristics and variations of an algorithm optimising stability are presented as well as an application to overlap** communities. Experiments show that the method enables accurate multi-scale network analysis.
△ Less
Submitted 16 January, 2012;
originally announced January 2012.
-
Quantifying Timing Leaks and Cost Optimisation
Authors:
Alessandra Di Pierro,
Chris Hankin,
Herbert Wiklicky
Abstract:
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation.
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation.
△ Less
Submitted 24 July, 2008;
originally announced July 2008.
