Pub Crawl #32
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Analogies and Transference 2018 (all)
The use of analogies and simulations is used to overcome fixed ways of viewing particular problems or objects to achieve break-through thinking. The topic relates to the hard problem of human factors in the Science of Security.
Channel coding, also known as Forward Error Correction, are methods for controlling errors in data transmissions over noisy or unreliable communications channels. For cybersecurity, these methods can also be used to ensure data integrity, as some of the research cited below shows. The work cited here relates to the Science of Security problems of metrics, resiliency, and composability.
Chaotic Cryptography 2018 (all)
Adding chaos theory to cryptography allows the development of lighter, stronger and more efficient methods. For the Science of Security community, work in this area relates to resiliency, composability, and predictive metrics.
The "clean slate" approach looks at designing networks and internets from scratch, with security built in, in contrast to the evolved Internet in place. The research presented here covers a range of research topics, and includes items of interest to the Science of Security, including human behavior, resilience, metrics, and policy governance.
Coding Theory and Security 2018 (all)
Coding theory examines the properties of codes and their aptness for a specific application. For the Science of Security, coding theory is relevant to compositionality, resilience, cryptography, and metrics.
Cognitive Radio Security 2018 (all)
Cognitive radio (CR) is a form of dynamic spectrum management--an intelligent radio that can be programmed and configured dynamically to use the best wireless channels near it. Its capability allows for great network resilience.
Command Injection Attacks 2018 (all)
Command or shell injection is one of the most critical vulnerabilities. To the Science of Security community, command injection attacks impact cyber-physical systems and are related to composability, resiliency, and metrics.
Much of software security focuses on applications, but compiler security should also be an area of concern. Compilers can "correct" secure coding in the name of efficient processing. The works cited here look at various approaches and issues in compiler security. For the Science of Security community, this work relates to resilience, scalability and compositionality, and metrics.
Composability of security processes is one of the five hard problems for the Science of Security.
Compressive Sampling 2018 (all)
Compressive sampling (or compressive sensing) is an important theory in signal processing. It allows efficient acquisition and reconstruction of a signal and may also be the basis for user identification. For the Science of Security, the topic has implications for resilience, cyber-physical systems, privacy, and composability.
Computational Intelligence 2018 (all)
Computational intelligence includes such constructs as artificial neural networks, evolutionary computation and fuzzy logic. It embraces biologically inspired algorithms such as swarm intelligence and artificial immune systems and includes broader fields such as image processing, data mining, and natural language processing. Its relevance to the Science of Security is related to composability and compositionality, as well as cryptography.
Computing Theory and Compositionality 2018 (all)
The works cited here combine research into computing theory with research into the Science of Security hard problem of trust between humans and humans, humans and computers, and between computers.
Computing Theory and Resilience 2018 (all)
The work cited here combine research into computing theory with research into the Science of Security hard problem of resilience.
Computing Theory and Trust 2018 (all)
The work cited here combine research into computing theory with research into the Science of Security hard problem of composability and compositionality.
Concurrency and Security 2018 (all)
Concurrency, that is, support for simultaneous access, is relevant to the Science of Security hard problems of resiliency, composability, and predictive metrics and to cyber-physical systems in general.
In photonics, confinement is important to loss avoidance. In quantum theory, it relates to energy levels. Containment is important in the contexts of cyber-physical systems, privacy, resiliency, and composability.
Controller Area Network Security 2018 (all)
Controller area networks connect the main electrical units in automobiles. They are relevant to the Science of Security because of their relationship to cyber-physical systems, resiliency, and the Internet of Things.
Control Theory and Privacy 2018 (all)
Control theory offers a way to address the Science of Security hard problems of scalability, resilience, and human behavior, particularly as they relate to cyber-physical systems. The research work presented here specifically addresses issues in privacy.
Control Theory and Resiliency 2018 (all)
Control theory offers a way to address the Science of Security hard problems of scalability, resilience, and human behavior, particularly as they relate to cyber-physical systems. The work cited here focuses on resiliency.
Conversational Agents 2018 (all)
Conversational agents are being developed to allow for fully automated interactions between humans and computers using voice, gestures, and other attributes. For the Science of Security community, this work is relevant to the hard problems in human behavior, scalability, and metrics.
Cross Site Scripting 2018 (all)
A type of computer security vulnerability typically found in Web applications, cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users. Attackers may use a cross-site scripting vulnerability to bypass access controls such as the same origin policy. Consequences may range from petty nuisance to significant security risk, depending on the value of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner. A frequent method of attack, research is being conducted on methods to prevent, detect, and mitigate XSS attacks. For the Science of Security community, this work is relevant to the hard problems of human behavior, scalability, and resilience.
For security researchers, privacy protection during data mining is a major concern. Sharing information over the Internet or holding it in a database requires methods of sanitizing data so that personal information cannot be obtained. For the Science of Security community, this work is relevant to human behavior and privacy, resilience, and compositionality.
DDoS Attack Detection 2018 (all)
Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. Detection is a key step in dealing the problem. For the Science of Security community, this research is related to the problems of resilience, composability, metrics, and human behavior.
DDoS Attack Mitigation 2018 (all)
Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. Mitigation is a key step in dealing the problem. For the Science of Security community, this research is related to the problems of resilience, composability, metrics, and human behavior.
DDoS Attack Prevention 2018 (all)
Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. Prevention is the first step in dealing the problem. For the Science of Security community, this research is related to the problems of resilience, composability, metrics, and human behavior.
Finding ways both technical and behavioral to provide disincentives to threats is a promising area of research. Since most cybersecurity is "bolt on" rather than embedded, and since detection, response, and forensics are expensive, time-consuming processes, discouraging attacks can be a cost-effective cybersecurity approach. The topic is relevant to the Science of Security hard problems of human behavior, scalability, and resilience.
Outsourced Database Integrity 2018 (all)
The growth of distributed storage systems such as the Cloud has produced novel security problems. The works cited here address untrusted servers, generic trusted data, trust extension on commodity computers, defense against frequency-based attacks in wireless networks, and other topics. For the Science of Security community, these topics relate to composability, metrics, and resilience.
Pattern locks are best known as the access codes using a series of lines connecting dots. Primarily familiar to Android users, research into pattern locks shows promise for many more uses. For the Science of Security community, they are important relative to the hard problems of human behavior, scalability and resilience.
Peer to Peer Security 2018 (all)
Peer-to-peer systems pose considerable challenges for computer security. Like other forms of software, P2P applications can contain vulnerabilities, but what makes security particularly dangerous for P2P software is that peer-to-peer applications act as servers as well as clients, making them more vulnerable to remote exploits. For the Science of Security community, this work is relevant to the hard problems of scalability, resilience, metrics, and human factors.
Pervasive Computing Security 2018 (all)
Also called ubiquitous computing, pervasive computing is the concept that all man-made and some natural products will have embedded hardware and software technology and connectivity. This evolution has been proceeding exponentially as computing devices become progressively smaller and more powerful. For the Science of Security community, work in this area is related to resilience, scalability, human factors, and metrics.
Phishing remains a primary method for social engineering access to computers and information. Much research work has been done in this area in recent years. For the Science of Security community, phishing is relevant to the hard problem of human behavior.
Physical Layer Security 2018 (all)
Physical layer security presents the theoretical foundation for a new model for secure communications by exploiting the noise inherent to communications channels. Based on information-theoretic limits of secure communications at the physical layer, the concept has challenges and opportunities related to designing of physical layer security schemes. The works presented here address the information-theoretical underpinnings of physical layer security and present various approaches and outcomes for communications systems. For the Science of Security community, physical layer security relates to resilience, metrics, and composability.
Science of Security 2018 (all)
Many more articles and research studies are appearing with "Science of Security" as a keyword. The articles cited here discuss the degree to which security is a science and various issues surrounding its development, ranging from basic approach to essential elements. The articles cited here address the fundamental concepts of the Science of Security.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.