DOCSLIB.ORG

Strategic Cyber Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

© 2011 NATO Cooperative Cyber Defence Centre of Excellence, June 2011 All rights reserved. No part of this pub- lication may be reprinted, reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence. Publisher: CCD COE Publication Filtri tee 12, 10132 Tallinn, Estonia Tel: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] www.ccdcoe.org Print: OÜ Greif Trükikoda Design & Layout: Marko Söönurm Legal notice NATO Cooperative Cyber Defence Centre of Excellence assumes no responsibility for any loss or harm arising from the use of information contained in this book. ISBN 978-9949-9040-5-1 (print) ISBN 978-9949-9040-6-8 (epub) ISBN 978-9949-9040-7-5 (pdf) KENNETH GEERS STRATEGIC CYBER SECURITY NATO Cooperative Cyber Defence Centre of Excellence Abstract This book argues that computer security has evolved from a technical discipline to a strategic concept. The world’s growing dependence on a powerful but vulnerable Internet – combined with the disruptive capabilities of cyber attackers – now threat- ens national and international security. Strategic challenges require strategic solutions. The author examines four nation- state approaches to cyber attack mitigation. • Internet Protocol version 6 (IPv6) • Sun Tzu’s Art of War • Cyber attack deterrence • Cyber arms control The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deter- rence is a mix of military and political considerations; arms control is a political/ technical approach. The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demon- strates that IPv6 is currently the most likely of the four examined strategies to improve a nation’s cyber defense posture. There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today – anonymity. About the Author Kenneth Geers, PhD, CISSP, Naval Criminal Investigative Service (NCIS), is a Scientist and the U.S. Representative to the North Atlantic Treaty Organization Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) in Tallinn, Estonia. To Jeanne 6 CONTENTS I. INTRODUCTION �����������������������������������������������������������������������������������������������9 1. Cyber Security and National Security ����������������������������������������������������������������9 THE NATURE AND SCOPE OF THIS BOOK �����������������������������������������������������������������������������16 RESEARCH OUTLINE ������������������������������������������������������������������������������������������������������17 II. BIRTH OF A CONCEPT: STRATEGIC CYBER SECURITY �������������������������������19 2. Cyber Security: A Short History ������������������������������������������������������������������������19 THE POWER OF COMPUTERS �������������������������������������������������������������������������������������������19 THE RISE OF MALICIOUS CODE �����������������������������������������������������������������������������������������20 LONE HACKER TO CYBER ARMY ����������������������������������������������������������������������������������������25 NATIONAL SECURITY PLANNING ���������������������������������������������������������������������������������������28 MORE QUESTIONS THAN ANSWERS �����������������������������������������������������������������������������������31 3. Cyber Security: A Technical Primer ������������������������������������������������������������������33 CYBER SECURITY ANALYSIS ���������������������������������������������������������������������������������������������33 CASE STUDY: SAUDI ARABIA ��������������������������������������������������������������������������������������������42 MODELING CYBER ATTACK AND DEFENSE IN A LABORATORY ����������������������������������������������������50 4. Cyber Security: Real-World Impact �������������������������������������������������������������������63 CYBER SECURITY AND INTERNAL POLITICAL SECURITY �����������������������������������������������������������63 CASE STUDY: BELARUS ���������������������������������������������������������������������������������������������������72 INTERNATIONAL CONFLICT IN CYBERSPACE �������������������������������������������������������������������������80 III. NATION-STATE CYBER ATTACK MITIGATION STRATEGIES �����������������������87 5. Next Generation Internet: Is IPv6 the Answer? ������������������������������������������������87 IPV6 ADDRESS SPACE ����������������������������������������������������������������������������������������������������87 IMPROVED SECURITY? ���������������������������������������������������������������������������������������������������88 IPV6 ANSWERS SOME QUESTIONS, CREATES OTHERS ��������������������������������������������������������������89 PRIVACY CONCERNS �����������������������������������������������������������������������������������������������������91 UNEVEN WORLDWIDE DEPLOYMENT ���������������������������������������������������������������������������������92 DIFFERENCES OF OPINION REMAIN....................................................................................94 6. Sun Tzu: Can Our Best Military Doctrine Encompass Cyber War? �������������������95 WHAT IS CYBER WARFARE? ���������������������������������������������������������������������������������������������95 WHAT IS ART OF WAR? ��������������������������������������������������������������������������������������������������96 STRATEGIC THINKING ����������������������������������������������������������������������������������������������������97 CULTIVATING SUCCESS ��������������������������������������������������������������������������������������������������99 OBJECTIVE CALCULATIONS �������................................................................................... 102 TIME TO FIGHT ����������������������������������������������������������������������������������������������������������104 THE IDEAL COMMANDER ����������������������������������������������������������������������������������������������107 7 ART OF CYBER WAR: ELEMENTS OF A NEW FRAMEWORK �������������������������������������������������������109 7. Deterrence: Can We Prevent Cyber Attacks? ��������������������������������������������������111 CYBER ATTACKS AND DETERRENCE THEORY ����������������������������������������������������������������������111 CYBER ATTACK DETERRENCE BY DENIAL ���������������������������������������������������������������������������113 CYBER ATTACK DETERRENCE BY PUNISHMENT �������������������������������������������������������������������117 MUTUALLY ASSURED DISRUPTION (MAD) ��������������������������������������������������������������������������121 8. Arms Control: Can We Limit Cyber Weapons? �����������������������������������������������123 CYBER ATTACK MITIGATION BY POLITICAL MEANS ��������������������������������������������������������������123 THE CHEMICAL WEAPONS CONVENTION ���������������������������������������������������������������������������124 CWC: LESSONS FOR CYBER CONFLICT �������������������������������������������������������������������������������125 TOWARD A CYBER WEAPONS CONVENTION �����������������������������������������������������������������������127 THE CHALLENGES OF PROHIBITION AND INSPECTION �����������������������������������������������������������130 IV. DATA ANALYSIS AND RESEARCH RESULTS................................................132 9. DEMATEL and Strategic Analysis �������������������������������������������������������������������132 DEMATEL INFLUENCING FACTORS �����������������������������������������������������������������������������������133 NATIONAL SECURITY THREATS ���������������������������������������������������������������������������������������133 KEY CYBER ATTACK ADVANTAGES �����������������������������������������������������������������������������������135 CYBER ATTACK CATEGORIES ������������������������������������������������������������������������������������������137 STRATEGIC CYBER ATTACK TARGETS ��������������������������������������������������������������������������������138 CYBER ATTACK MITIGATION STRATEGIES ��������������������������������������������������������������������������139 10. Key Findings �������������������������������������������������������������������������������������������������142 THE “EXPERT KNOWLEDGE” MATRIX ��������������������������������������������������������������������������������142 CAUSAL LOOP DIAGRAM �����������������������������������������������������������������������������������������������146 CALCULATING INDIRECT INFLUENCE ��������������������������������������������������������������������������������147 ANALYZING TOTAL INFLUENCE ��������������������������������������������������������������������������������������150 V. CONCLUSION ������������������������������������������������������������������������������������������������155 11. Research contributions ���������������������������������������������������������������������������������155
Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)

    Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)

    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
  • A Solution to Php Code Injection Attacks and Web

    A Solution to Php Code Injection Attacks and Web

    INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS Vol.2 Issue.9, Pg.: 24-31 September 2014 www.ijrcar.com INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 A SOLUTION TO PHP CODE INJECTION ATTACKS AND WEB VULNERABILITIES Venkatesh Yerram1, Dr G.Venkat Rami Reddy2 ¹Computer Networks and Information Security, [email protected] ²Computer Science Engineering, 2nd [email protected] JNTU Hyderabad, India Abstract Over the decade web applications are grown rapidly. This leads to cyber crimes. Attacker injects various scripts to malfunction the web application. Attacker injects these scripts to text box of vulnerable web application from various compounds such as search bar, feedback form, login form etc and later which is executed by the server. Sometimes attacker modifies the URL to execute a successful attack. This execution of system calls and API on web server by attacker can damage the file system and or leaks information of web server. PHP is a server side scripting language, dynamic features and functionalities are controlled through the PHP language. Hence, the use of PHP language results in high possibility of successful execution of code injection attacks. The aim of this paper is first to understand the code web application vulnerability related to PHP code injection attack, the scenario has been developed. Secondly defeat the attack and fast incident determination from the developed domain dictionary. This proposed system is helpful for cyber forensics expert to gather and analyze the evidence effectively Keywords: Code Injection, vulnerabilities, Attack, cyber forensics 1. INTRODUCTION The web environment is growing rapidly day by day, the cyber crimes also increasing rapidly.
  • Hacking & Social Engineering

    Hacking & Social Engineering

    Hacking & Social Engineering Steve Smith, President Innovative Network Solutions, Inc. Presentation Contents Hacking Crisis What is Hacking/Who is a Hacker History of Hacking Why do Hackers hack? Types of Hacking Statistics Infrastructure Trends What should you do after being hacked Proactive Steps Social Engineering Objective What is Social Engineering What are they looking for? Tactics Protecting yourself INS Approach Infrastructure Assessment Network Traffic Assessment Social Engineering Assessment Conclusion Security is Everyone’s Responsibility – See Something, Say Something! Hacking Crisis Internet has grown very fast and security has lagged behind It can be hard to trace a perpetrator of cyber attacks because most are able to camouflage their identities Large scale failures on the internet can have a catastrophic impact on: the economy which relies heavily on electronic transactions human life, when hospitals or government agencies, such as first responders are targeted What is Hacking? The Process of attempting to gain or successfully gaining, unauthorized access to computer resources Who is a Hacker? In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. History of Hacking Began as early as 1903: Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium's projector The term “Hacker” originated in the 1960’s at MIT A network known as ARPANET was founded by the Department of Defense as a means to link government offices. In time, ARPANET evolved into what is today known as the Internet.
  • Durham E-Theses

    Durham E-Theses

    Durham E-Theses Black holes, vacuum decay and thermodynamics CUSPINERA-CONTRERAS, JUAN,LEOPOLDO How to cite: CUSPINERA-CONTRERAS, JUAN,LEOPOLDO (2020) Black holes, vacuum decay and thermodynamics, Durham theses, Durham University. Available at Durham E-Theses Online: http://etheses.dur.ac.uk/13421/ Use policy The full-text may be used and/or reproduced, and given to third parties in any format or medium, without prior permission or charge, for personal research or study, educational, or not-for-prot purposes provided that: • a full bibliographic reference is made to the original source • a link is made to the metadata record in Durham E-Theses • the full-text is not changed in any way The full-text must not be sold in any format or medium without the formal permission of the copyright holders. Please consult the full Durham E-Theses policy for further details. Academic Support Oce, Durham University, University Oce, Old Elvet, Durham DH1 3HP e-mail: [email protected] Tel: +44 0191 334 6107 http://etheses.dur.ac.uk Black holes, vacuum decay and thermodynamics Juan Leopoldo Cuspinera Contreras A Thesis presented for the degree of Doctor of Philosophy Institute for Particle Physics Phenomenology Department of Physics University of Durham England September 2019 To my family Black holes, vacuum decay and thermodynamics Juan Leopoldo Cuspinera Contreras Submitted for the degree of Doctor of Philosophy September 2019 Abstract In this thesis we study two fairly different aspects of gravity: vacuum decay seeded by black holes and black hole thermodynamics. The first part of this work is devoted to the study of black holes within the (higher dimensional) Randall- Sundrum braneworld scenario and their effect on vacuum decay rates.
  • Host-Based Code Injection Attacks: a Popular Technique Used by Malware

    Host-Based Code Injection Attacks: a Popular Technique Used by Malware

    Host-Based Code Injection Attacks: A Popular Technique Used By Malware Thomas Barabosch Elmar Gerhards-Padilla Fraunhofer FKIE Fraunhofer FKIE Friedrich-Ebert-Allee 144 Friedrich-Ebert-Allee 144 53113 Bonn, Germany 53113 Bonn, Germany [email protected] [email protected] c 2014 IEEE. Personal use of this material is per- implemented with different goals in mind, they share one mitted. Permission from IEEE must be obtained for all common feature: they all inject code locally into foreign other uses, in any current or future media, including process spaces. One reason for this behaviour is detection reprinting/republishing this material for advertising or avoidance. However, code injections are not limited to tar- promotional purposes, creating new collective works, for geted malware. Mass-malware also uses code injections in resale or redistribution to servers or lists, or reuse of any order to stay under the radar (ZeroAccess, ZeusP2P or Con- copyrighted component of this work in other works. ficker). Detection avoidance is not the only advantage of us- ing code injections from a malware author’s point of view. Abstract Further reasons for using code injections are interception of critical information, privilege escalation or manipulation of Common goals of malware authors are detection avoid- security products. ance and gathering of critical information. There exist The above mentioned examples are all malware fami- numerous techniques that help these actors to reach their lies for Microsoft Windows. However, code injections are goals. One especially popular technique is the Host-Based platform-independent. In fact all established multitasking Code Injection Attack (HBCIA).
  • Defeating Web Code Injection Attacks Using Web Element Attribute Mutation

    Defeating Web Code Injection Attacks Using Web Element Attribute Mutation

    Session 1: New Moving Target Defenses MTD’17, October 30, 2017, Dallas, TX, USA WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation Amirreza Niakanlahiji Jafar Haadi Jafarian UNC Charlotte University of Colorado Denver [email protected] [email protected] ABSTRACT injection and server-side script injection, they are still one of the Existing mitigation techniques for Web code injection attacks have most common attack vectors on Web applications; examples are the not been widely adopted, primarily due to incurring impractical recently discovered XSS vulnerabilities on Amazon [4] and Ebay overheads on the developer, Web applications, or Web browsers. [7] Websites. According to OWASP [21], XSS, the most prevalent They either substantially increase Web server/client execution time, type of Web code injection attacks, is the third Web application enforce restrictive coding practices on developers, fail to support security risk. legacy Web applications, demand browser code modification, or Methodologies for countering code injection attacks could be fail to provide browser backward compatibility. Moving Target De- broadly divided into two categories: (I) input validation techniques fense (MTD) is a novel proactive class of techniques that aim to that prevent injection of malicious code, but are highly suscepti- defeat attacks by imposing uncertainty in attack reconnaissance ble to evasion [23]; and, (II) code differentiation techniques that and planning. This uncertainty is achieved by frequent and ran- prevent execution of injected code, including BEEP [15] , ISR [17], dom mutation (randomization) of system configuration in a manner CSP [25], Noncespaces [27] and xJS [2]. However, as demonstrated that is not traceable (predictable) by attackers.
  • Internet Freedom in Vladimir Putin's Russia: the Noose Tightens

    Internet Freedom in Vladimir Putin's Russia: the Noose Tightens

    Internet freedom in Vladimir Putin’s Russia: The noose tightens By Natalie Duffy January 2015 Key Points The Russian government is currently waging a campaign to gain complete control over the country’s access to, and activity on, the Internet. Putin’s measures particularly threaten grassroots antigovernment efforts and even propose a “kill switch” that would allow the government to shut down the Internet in Russia during government-defined disasters, including large-scale civil protests. Putin’s campaign of oppression, censorship, regulation, and intimidation over online speech threatens the freedom of the Internet around the world. Despite a long history of censoring traditional media, the Russian government under President Vladimir Putin for many years adopted a relatively liberal, hands-off approach to online speech and the Russian Internet. That began to change in early 2012, after online news sources and social media played a central role in efforts to organize protests following the parliamentary elections in December 2011. In this paper, I will detail the steps taken by the Russian government over the past three years to limit free speech online, prohibit the free flow of data, and undermine freedom of expression and information—the foundational values of the Internet. The legislation discussed in this paper allows the government to place offending websites on a blacklist, shut down major anti-Kremlin news sites for erroneous violations, require the storage of user data and the monitoring of anonymous online money transfers, place limitations on 1 bloggers and scan the network for sites containing specific keywords, prohibit the dissemination of material deemed “extremist,” require all user information be stored on data servers within Russian borders, restrict the use of public Wi-Fi, and explore the possibility of a kill-switch mechanism that would allow the Russian government to temporarily shut off the Internet.
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.
  • Secure Network Design

    Secure Network Design

    NUREG/CR-7117 SAND2010-8222P Secure Network Design Office of Nuclear Regulatory Research AVAILABILITY OF REFERENCE MATERIALS IN NRC PUBLICATIONS NRC Reference Material Non-NRC Reference Material As of November 1999, you may electronically access Documents available from public and special technical NUREG-series publications and other NRC records at libraries include all open literature items, such as NRC’s Public Electronic Reading Room at books, journal articles, and transactions, Federal http://www.nrc.gov/reading-rm.html. Publicly released Register notices, Federal and State legislation, and records include, to name a few, NUREG-series congressional reports. Such documents as theses, publications; Federal Register notices; applicant, dissertations, foreign reports and translations, and licensee, and vendor documents and correspondence; non-NRC conference proceedings may be purchased NRC correspondence and internal memoranda; from their sponsoring organization. bulletins and information notices; inspection and investigative reports; licensee event reports; and Copies of industry codes and standards used in a Commission papers and their attachments. substantive manner in the NRC regulatory process are maintained at— NRC publications in the NUREG series, NRC The NRC Technical Library regulations, and Title 10, Energy, in the Code of Two White Flint North Federal Regulations may also be purchased from one 11545 Rockville Pike of these two sources. Rockville, MD 20852–2738 1. The Superintendent of Documents U.S. Government Printing Office These standards are available in the library for Mail Stop SSOP reference use by the public. Codes and standards are Washington, DC 20402–0001 usually copyrighted and may be purchased from the Internet: bookstore.gpo.gov originating organization or, if they are American Telephone: 202-512-1800 National Standards, from— Fax: 202-512-2250 American National Standards Institute 2.
  • Secure by Design, Secure by Default: Requirements and Guidance

    Secure by Design, Secure by Default: Requirements and Guidance

    Biometrics and Surveillance Camera Commissioner Secure by Design, Secure by Default Video Surveillance Products Introduction This guidance is for any organisation manufacturing Video Surveillance Systems (VSS), or manufacturing or assembling components intended to be utilised as part of a VSS. It is intended to layout the Biometrics and Surveillance Camera Commissioners (BSCC) minimum requirements to ensure such systems are designed and manufactured in a manner that assures they are Secure by Design. It also contains certain component requirements that will ensure a configuration that is Secure by Default when the component is shipped, thereby making it more likely that the system will be installed and left in a secure state. This guidance forms part of a wider suite of documentation being developed as part of the SCC Strategy, in support of the SCC Code of Practice. Background and Context The nature of the Internet means that connected devices can be subjected to a cyber attack from anywhere in the world. Widespread attacks on connected products is a current and real threat, and a number of highly publicised attacks have already occurred. The Mirai malware targeted devices such as internet-enabled cameras (IP cameras). Mirai was successful because it exploited the use of common default credentials (such as a username and password being set by the manufacturer as ‘admin’) and poor security configuration of devices. Ultimately, this facilitated attacks on a range of commercial and social media services and included an outage of streaming services such as Netflix. An evolution of Mirai, called Reaper, has also been discovered. Reaper used publicly and easily available exploits that remained unfixed (patched) and highlighted the problem around non patching of known security vulnerabilities, allowing attackers to utilise them to cause harm.
  • (“Spider-Man”) Cr

    (“Spider-Man”) Cr

    PRIVILEGED ATTORNEY-CLIENT COMMUNICATION EXECUTIVE SUMMARY SECOND AMENDED AND RESTATED LICENSE AGREEMENT (“SPIDER-MAN”) CREATIVE ISSUES This memo summarizes certain terms of the Second Amended and Restated License Agreement (“Spider-Man”) between SPE and Marvel, effective September 15, 2011 (the “Agreement”). 1. CHARACTERS AND OTHER CREATIVE ELEMENTS: a. Exclusive to SPE: . The “Spider-Man” character, “Peter Parker” and essentially all existing and future alternate versions, iterations, and alter egos of the “Spider- Man” character. All fictional characters, places structures, businesses, groups, or other entities or elements (collectively, “Creative Elements”) that are listed on the attached Schedule 6. All existing (as of 9/15/11) characters and other Creative Elements that are “Primarily Associated With” Spider-Man but were “Inadvertently Omitted” from Schedule 6. The Agreement contains detailed definitions of these terms, but they basically conform to common-sense meanings. If SPE and Marvel cannot agree as to whether a character or other creative element is Primarily Associated With Spider-Man and/or were Inadvertently Omitted, the matter will be determined by expedited arbitration. All newly created (after 9/15/11) characters and other Creative Elements that first appear in a work that is titled or branded with “Spider-Man” or in which “Spider-Man” is the main protagonist (but not including any team- up work featuring both Spider-Man and another major Marvel character that isn’t part of the Spider-Man Property). The origin story, secret identities, alter egos, powers, costumes, equipment, and other elements of, or associated with, Spider-Man and the other Creative Elements covered above. The story lines of individual Marvel comic books and other works in which Spider-Man or other characters granted to SPE appear, subject to Marvel confirming ownership.
  • “I Am the Villain of This Story!”: the Development of the Sympathetic Supervillain

    “I Am the Villain of This Story!”: the Development of the Sympathetic Supervillain

    “I Am The Villain of This Story!”: The Development of The Sympathetic Supervillain by Leah Rae Smith, B.A. A Thesis In English Submitted to the Graduate Faculty of Texas Tech University in Partial Fulfillment of the Requirements for the Degree of MASTER OF ARTS Approved Dr. Wyatt Phillips Chair of the Committee Dr. Fareed Ben-Youssef Mark Sheridan Dean of the Graduate School May, 2021 Copyright 2021, Leah Rae Smith Texas Tech University, Leah Rae Smith, May 2021 ACKNOWLEDGMENTS I would like to share my gratitude to Dr. Wyatt Phillips and Dr. Fareed Ben- Youssef for their tutelage and insight on this project. Without their dedication and patience, this paper would not have come to fruition. ii Texas Tech University, Leah Rae Smith, May 2021 TABLE OF CONTENTS ACKNOWLEDGMENTS………………………………………………………….ii ABSTRACT………………………………………………………………………...iv I: INTRODUCTION……………………………………………………………….1 II. “IT’S PERSONAL” (THE GOLDEN AGE)………………………………….19 III. “FUELED BY HATE” (THE SILVER AGE)………………………………31 IV. "I KNOW WHAT'S BEST" (THE BRONZE AND DARK AGES) . 42 V. "FORGIVENESS IS DIVINE" (THE MODERN AGE) …………………………………………………………………………..62 CONCLUSION ……………………………………………………………………76 BIBLIOGRAPHY …………………………………………………………………82 iii Texas Tech University, Leah Rae Smith, May 2021 ABSTRACT The superhero genre of comics began in the late 1930s, with the superhero growing to become a pop cultural icon and a multibillion-dollar industry encompassing comics, films, television, and merchandise among other media formats. Superman, Spider-Man, Wonder Woman, and their colleagues have become household names with a fanbase spanning multiple generations. However, while the genre is called “superhero”, these are not the only costume clad characters from this genre that have become a phenomenon.