Pub Crawl #5
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Cyber physical system security requires the need to build secure sensors and actuators. The research work here addresses the Science of Security hard problems of human behavior, resiliency, metrics and composability for actuator security.
Analogical Transfer 2016 (all)
Analogical transfer is a theory in psychology concerned with overcoming fixed ways of viewing particular problems or objects. In security, this problem is manifested in one example by system developers and administrators overlooking critical security requirements due to lack of tools and techniques that allow them to tailor security knowledge to their particular context. The works cited here use analogy and simulations to achieve break-through thinking. The topic relates to the hard problem of human factors in the Science of Security.
Applications Programming Interfaces, APIs, are definitions of interfaces to systems or modules. As code is reused, more and more are modified from earlier code. For the Science of Security community, the problems of compositionality and resilience are direct.
Bluetooth is a standard for short-range wireless interconnection of cellular phones, computers, and other electronic devices. In common use, it is important to the Science of Security because of its relevance to human behavior, resilient architectures, cyber physical systems, and composability.
Compositionality is one of the Hard Problems in the Science of Security. It refers to the development of methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
Concurrency and Security 2016 (all)
Concurrency, that is, support for simultaneous access, is relevant to the Science of Security hard problems of resiliency, composability, and predictive metrics and to cyberphysical systems in general.
In photonics, confinement is important to loss avoidance. In quantum theory, it relates to energy levels. Containment is important in the contexts of cyber-physical systems, privacy, resiliency, and composability.
Controller Area Network Security 2016 (all)
Controller area networks connect the main electrical units in automobiles. They are relevant to the Science of Security because of their relationship to cyber-physical systems, resiliency, and the internet of Things.
The research work cited here looks at the Science of Security hard problem of human factors and privacy in the context of cyber physical systems.
The research work cited here looks at the Science of Security hard problem of Resiliency in the context of cyber physical systems.
Cryptology, the use of techniques for secure communication in the presence of adversaries, is one of the core subjects of the Science of Security and impacts study into all of the hard problems.
Deep Packet Inspection 2016 (all)
Deep Packet Inspection offers providers a new range of use cases, some with the potential to eavesdrop on non-public communication. Current research is almost exclusively concerned with raising the capability on a technological level, but critics question it with regard to privacy, net neutrality, and other implications. These latter issues are not being raised within research communities as much as by politically interested groups.
Finding ways both technical and behavioral to provide disincentives to threats is a promising area of research. Since most cybersecurity is “bolt on” rather than embedded, and since detection, response, and forensics are expensive, time-consuming processes, discouraging attacks can be a cost-effective cybersecurity approach.
Differential Privacy 2016 (all)
The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of problems. This research looks at big data and cyber physical systems, as well as theoretic approaches. For the Science of Security community, differential privacy relates to composability and scalability, resiliency, and human behavior.
Research into dynamical systems cited here focuses on non-linear and chaotic dynamical systems and in proving abstractions of dynamical systems through numerical simulations. Many of the applications studied are cyber-physical systems and are relevant to the Science of Security hard problems of resiliency, predictive metrics and composability.
The expansion of a network to more nodes creates security problems. For the Science of Security community, expandability relates to resilience and compositionality.
Exponentiation, the mathematical operations that underlie encryption and coding, is important to the Science of Security because complexity adds delay. In creating resilient architectures, for example, slow processing may make a security feature too heavy to include.
Fog computing is a concept that extends the Cloud concept to the end user. As with most new technologies, a survey of the scope and types of security problems is necessary. Much of this research relates to the Internet of Things. The articles cited here were presented in 2015.
Game Theoretic Security 2016 (all)
Game theory has historically been the province of social sciences such as economics, political science, and psychology. Game theory has developed into an umbrella term for the logical side of science that includes both human and non-human actors like computers. It has been used extensively in wireless networks research to develop understanding of stable operation points for networks made of autonomous/selfish nodes. The nodes are considered as the players. Utility functions are often chosen to correspond to achieved connection rate or similar technical metrics. In security, the computer game framework is used to anticipate and analyze intruder and administrator concurrent interactions within the network. Research cited here was presented in 2015.
Hashing algorithms are used extensively in information security and forensics. Research focuses on new methods and techniques to optimize security. For the Science of Security community, this work is related to the hard problems of resiliency, composability and scalability, and metrics.
Human behavior creates the most complex of hard problems for the Science of Security community. The research work cited here was presented in 2015.
Human behavior is complex and that complexity creates a tremendous problem for cybersecurity. The works cited here address a range of human trust issues related to behaviors, deception, enticement, sentiment and other factors difficult to isolate and quantify. For the Science of Security community, human behavior is a Hard Problem.
Information Theoretic Security 2016 (all)
A cryptosystem is said to be information-theoretically secure if its security derives purely from information theory and cannot be broken even when the adversary has unlimited computing power. For example, the one-time pad is an information-theoretically secure cryptosystem proven by Claude Shannon, inventor of information theory, to be secure. Information-theoretically secure cryptosystems are often used for the most sensitive communications such as diplomatic cables and high-level military communications, because of the great efforts enemy governments expend toward breaking them. Because of this importance, methods, theory and practice in information theory security also remains high.
Intrusion Detection Systems (IDS) 2016 (all)
Intrusion detection systems defend communications, computer and other information systems against malicious attacks by identifying attacks and attackers. The topic relates to the Science of Security issues of resilience and composability. This collection cites publications of interest addressing new methods of building secure fault tolerant systems.
Kerberos supports authentication in distributed systems. Used in intelligent systems, it is an encrypted data structure naming a user and a service the user may access. For the Science of Security community, it is relevant to the broad issues of cryptography and to resilience, human behavior, resiliency, and metrics. The work cited here was presented in 2015.
Location Privacy in Wireless Networks 2016 (all)
Privacy services on mobile devices are a major issue in cybersecurity. For the Science of Security community, the problem relates to resiliency, metrics, human behavior, and compositionality. The work cited here was presented in 2015.
Multicore Computing Security 2016 (all)
As high performance computing has evolved into larger and faster computing solutions, new approaches to security have been identified. The articles cited here address security issues related to multicore environments and are relevant to the Science of Security Hard Problems of resilience, scalability, and metrics.
Oscillating Behaviors 2016 (all)
The oscillation of a function or a sequence quantifies the variance between its extreme values as it approaches infinity or a point. As such, oscillating behaviors are important to the Science of Security in terms of predictive metrics and resilience.
Privacy Models and Measurement 2016 (all)
Measurement is one of the five hard problems in the Science of Security. The research work cited here looks at the development of metrics in the area of privacy. All work was presented in 2015.
Provenance refers to information about the origin and activities of system data and processes. With the growth of shared services and systems, including social media, cloud computing, and service-oriented architectures, finding tamperproof methods for tracking files is a major challenge. Research into the security of software of unknown provenance (SOUP) is also included. Provenance is important to the Science of Security relative to human behavior, metrics, resilience, and composability.
Quantum Computing Security 2016 (all)
While quantum computing is still in its early stage of development, large-scale quantum computers promise to be able to solve certain problems much more quickly than any classical computer using the best currently known algorithms. Quantum algorithms, such as Simon's algorithm, run faster than any possible probabilistic classical algorithm. For the Science of Security, the speed, capacity, and flexibility of qubits over digital processing offers still greater promise and relate to the hard problems of resilience, predictive metrics and composability. They are a hard problem of interest to cryptography.
Remanence is the property that allows an attacker to recreate files that have been overwritten. For the Science of Security community, it is a topic relevant to the hard problem of resilience. The work cited here was presented over a several year period.
Safe Coding Standards 2016 (all)
Coding standards encourage programmers to follow a set of uniform rules and guidelines determined by the requirements of the project and organization, rather than by the programmer's personal familiarity or preference. Developers and software designers apply these coding standards during software development to create secure systems. The development of secure coding standards is a work in progress by security researchers, language experts, and software developers. The articles cited here cover topics related to the Science of Security hard problems of resilience, metrics, human factors, and policy-based governance.
Measurement is at the core of science. The development of accurate metrics is a major element for achieving a true Science of Security.It is also one of the hard problems to solve.
Security Scalability 2016 (all)
Scalability is one of the Hard Problems in the Science of Security.
SQL injection is used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution to dump the database contents to the attacker. One of the most common hacker techniques, SQL injection is used to exploit security vulnerabilities in an application's software. It is mostly used against websites but can be used to attack any type of SQL database. Because of its prevalence and ease of use from the hacker perspective, it is an important area for research and of interest to the Science of Security community relative to human behavior, metrics, resiliency, privacy and policy-based governance. The articles cited here focus on prevention, detection, and testing.
Static Code Analysis 2016 (all)
Static code analysis is a standard method of testing software prior to production and marketing. Much of the work done in the Science of Security to look at code suggests that these analyses need to address security issues. Methods and practices cited in the research referenced here relate to human behavior, composability, and resiliency. The work was presented in 2015.
Supply Chain Security 2016 (all)
Threats to the supply chain in terms of delivery, integrity, content and the provenance of components and parts appear to be growing. The research cited here looks at the security in the supply chain from multiple perspectives, including resilient architectures. The workwas presented in 2015.
A Sybil attack occurs when a node in a network claims multiple identities. The attacker may subvert the entire reputation system of the network by creating a large number of false identities and using them to gain influence. For the Science of Security community, these attacks are relevant to resilience, metrics, and composability.
System recovery following an attack is a core cybersecurity issue. Current research into methods to undo data manipulation and to recover lost or extruded data in distributed, cloud-based or other large scale complex systems is discovering new approaches and methods. For the Science of Security community, it is an essential element of resiliency.
The term “text analytics” refers to linguistic, statistical, and machine learning techniques that model and structure the information content of textual sources for intelligence, exploratory data analysis, research, or investigation. The research cited here focuses on large volumes of text mined to identify insider threats, intrusions, and malware detection. It is of interest to the Science of Security community relative to metrics, scalability and composability, and human factors.
As systems become larger and more complex, the surface that hackers can attack also grows. Is this set of recent research articles, topics are explored that include smartphone malware, zero-day polymorphic worm detection, source identification, drive-by download attacks, two-factor face authentication, semantic security, and code structures. The research articles focused on measurement and privacy are of particular interest to the Science of Security community.
Trustworthiness is created in information security through cryptography to assure the identity of external parties. They are essential to cybersecurity and to the Science of Security hard problem of composability.
Work Factor Metrics 2016 (all)
It is difficult to measure the relative strengths and weaknesses of modern information systems when the safety, security, and reliability of those systems must be protected. Developers often apply security to systems without the ability to evaluate the impact of those mechanisms to the overall system. Few efforts are directed at actually measuring the quantifiable impact of information assurance technology on the potential adversary. The research cited here describes analytic tools, methods and processes for measuring and evaluating software, networks, and authentication and is related to the Science of Security Hard Problems of resiliency, scalability, and metrics.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.