Pub Crawl #9
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Acoustic couplers such as modems bridge the gap between analog voice and electronic communications. At this interface, there is a security gap. For the Science of Security community, this work is relevant to security of cyber-physical systems and to the hard problems of resilience, human, behavior, and scalability.
As the power of digital signal processors has increased, adaptive filters are now routinely used in many devices as varied as mobile phones, printers, cameras, power systems, GPS devices and medical monitoring equipment. An adaptive filter uses an optimization algorithm is a system with a linear filter to adjust parameters that have a transfer function controlled by variable parameter. Because of the complexity of the optimization algorithms, most of these adaptive filters are digital filters. They are required for some applications because some parameters of the desired processing operation are not known in advance or are changing. For the Science of Security community, they are relevant to the problems of resiliency and scalability.
Because they are dynamic, done over shared wireless facilities, and proliferating, ad hoc networks are an important area for security research. For the Science of Security community, ad hoc networks security it related to the problems of resiliency, scalability, and human behavior.
The need to understand adversarial behavior in light of new technologies is always important. Using models to understand their behavior is an important element in the Science of Security, particularly in the context of threats to privacy—data privacy, location, privacy, and other forms. It relates to the hard problems of human behavior, resiliency, and scalability.
Anonymous Messaging 2016 (all)
Anonymous messages contain embedded information about where to send them next. In theory, message strings can become untraceable and anonymity maintained. This is a double-edged issue, offering security and privacy on the one hand and creating an attribution problem on the other. For the Science of Security community, this work is relevant to the problems of resiliency and scalability.
Asymmetric Encryption 2016 (all)
Asymmetric, or public key, encryption is a cornerstone of cybersecurity. The research presented here looks at key distribution, compares symmetric and asymmetric security, and evaluates cryptographic algorithms, among other approaches. For the Science of Security community, encryption is a primary element for resiliency, compositionality, metrics, and behavior.
Attribute Based Encryption 2016 (all)
The role of Attribute Based Encryption (ABE) is being examined as a scalable means of addressing security in the Cloud. For the Science of Security community, this research is relevant to scalability, resilience, and metrics.
Automated Response Actions 2016 (all)
A recurring problem in cybersecurity is the need to automate systems to reduce human effort and error and to be able to react rapidly and accurately to an intrusion or insertion. The articles cited here describe a number of interesting approaches related to the Science of Security hard topics, including resilience and composability.
Bitcoin is the allegedly secure electronic currency used for both open and nefarious purposes such as ransomware transactions. It does have security issues, however. For the Science of Security community, it is relevant to scalability, resiliency, and human behavior, relative to ransomware.
Botnets, a common security threat, are used for a variety of attacks: spam, distributed denial of service (DDOS), ad and spyware, scareware and brute forcing services. Their reach and the challenge of detecting and neutralizing them is compounded in the cloud and on mobile networks. For the Science of Security community they are relevant to the problems of resiliency, scalability, predictive metrics, and human behavior.
CAPTCHA (the acronym for Completely Automated Public Turing test to tell Computers and Humans Apart) technology has become a standard security tool. In the research presented here, some novel uses are presented, including use of Captchas as graphical passwords, motion-based captchas, and defeating a captcha using a gaming technique. For the Science of Security community, they are relevant to human behavior, scalability and resilience.
Computing Theory and Trust 2016 (all)
The works cited here combine research into computing theory with research into trust between humans and humans, humans and computers, and between computers.
Computing Theory and Compositionality 2016 (all)
The work cited here combine research into computing theory with research into composability and compositionality.
Computing Theory and Privacy 2016 (all)
Getting to the Science of Security will both require and generate fresh looks at computing theory. Privacy, too, is a research area with a theoretical underpinning worth researching. The work cited here is relevant to the Science of Security community problems of human behavior, resilience, and scalability.
Computing Theory and Resilience 2016 (all)
The works cited here combine research into computing theory with research into security resilience.
Computing Theory and Security Metrics 2016 (all)
The works cited here combine research into computing theory with research into security metrics.
Conversational Agents 2016 (all)
Conversational agents are being developed to allow for fully automated interactions between humans and computers using voice, gestures, and other attributes. For the Science of Security community, this work is relevant to the hard problems in human behavior, scalability, and metrics.
Coupled Congestion Control 2016 (all)
Congestion control algorithms are used to quickly restore normal operation of a network when congestion occurs. For the Science of Security community, this work is relevant to resilience and scalability.
Increased dependence on cyber systems has created a variety of effects of interest to the Science of Security community. The related hard problems are scalability, resilience, and human behavior.
The ability to assess damage accurately and quickly is critical to resilience. These articles address those challenges.
Expert Systems and Privacy 2016 (all)
Expert systems have potential for efficiency, scalability, and economy in systems security. The research work cited here looks at the problem of privacy. For the Science of Security community, the work is relevant to scalability and human factors.
Forward Error Correction and Security 2016 (all)
Controlling errors in data transmission in noisy or lossy circuits is a problem often solved by channel coding or forward error correction. Security resilience can be impacted by loss or noise. The articles cited here look are related to this Science of Security concern and are relevant to resiliency and scalability.
ICS Anomaly Detection 2016 (all)
Industrial control systems are a vital part of the critical infrastructure. Anomaly detection in these systems is requirement to successfully build resilient and scalable systems. The work cited here addresses these two hard problems in the Science of Security.
Industrial Control Systems 2016 (all)
Anomaly detection is a key to the development of resilient systems and resilient architectures. The work cited here looks at anomalies in industrial control systems. For the Science of Security community, this work is relevant to the hard problems of resilience, scalability, and metrics.
Information Centric Networks 2016 (all)
The move from host-centric to information-centric network security has major implications for the Science of Security community relative to scalability and resilience.
The Public Key Infrastructure (PKI) is designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. The research cited here looks at several of those models, particularly in the area of ad hoc networks. For the Science of Security community, this work is relevant to the hard problems of resiliency, scalability, human behavior, and metrics.
The technical implementation of privacy problems is fraught with challenges. For the Science of Security community, this research is relevant to the hard problems of scalability and to human behavior.
Protocol Verification 2016 (all)
Verifying the accuracy of security protocols is a primary goal of cybersecurity. Research into the area has sought to identify new and better algorithms and to identify better methods for verifying security protocols in myriad applications and environments. Verification has implications for compositionality and composability and for policy–based collaboration, as well as for privacy alone.
Return-oriented programming (ROP) attacks are becoming more prevalent. The research cited here looks at a variety of methods and techniques to detect, prevent and recover from them. For the Science of Security community, this work is relevant to the problems of resilience, composability and scalability, and metrics.
SCADA Systems Security 2016 (all)
SCADA system security issues have been identified as a problem for more than a decade. The work cited here addresses the issue relevant to the Science of Security hard problems of resiliency, compositionality, and human behavior.
Scalable Verification 2016 (all)
Verification of software and its security features can be done statically or dynamically. A challenge is to conduct verifications at scale to determine whether all the features do what they are intended to do. For the Science of Security community, scalable verification relates to scalability and compositionality, resilience, and predictive metrics.
Much of software security focuses on applications, but compiler security should also be an area of concern. Compilers can “correct” secure coding in the name of efficient processing. The works cited here look at various approaches and issues in compiler security. For the Science of Security community, this work relates to resilience, scalability and compositionality, and metrics.
The ability to conduct automated security audits rapidly and accurately helps to reduce the time between attack and its detection, hopefully reducing the consequences of the attack. Research into security audit methods and techniques supports addressing the hard problem of human behavior, as well as resiliency and scalability.
Security by Default 2016 (all)
One of the broad goals of the Science of Security project is to understand more fully the scientific underpinnings of cybersecurity. With this knowledge, the potential for developing systems that, if following these scientific principles, are presumed secure. In the meantime, security by default remains a topic of interest and some research. For the Science of Security community, this work relates directly to scalability and resilience.
Security Policies Analysis 2016 (all)
Systems for testing and validating the employment of policy-based security systems are an important step in achieving scalability. For the Science of Security community, this work relates not only to scalability, but also resiliency and human behavior.
The primary value of published research in smart grid technologies--the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources--is because of its strategic importance and the consequences of intrusion. Smart grid is of particular importance to the Science of Security and its problems embrace several of the hard problems, notably resiliency and metrics. The work cited here addresses privacy concerns.
Sensors represent are a both a point of vulnerability in the Smart Grid and a means of detection of intrusions. For the Science of Security community, research work into these industrial control systems is relevant to resiliency, compositionality, and human factors.
Agent-based modeling of human social behavior is an increasingly important research area. Efficient, scalable and robust social systems are difficult to engineer, both from the modeling perspective and the implementation perspective. The work cited here addresses these problems. It is relevant to the Science of Security community relative to human factors and scalability.
The Secure Socket Layer (SSL) is designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several SSL trust models are proposed in the literature to model trust relationship and trust propagation. The research cited here looks at several of those models, particularly in the area of ad hoc networks. For the Science of Security community, this work is relevant to the hard problems of resiliency, scalability, human behavior, and metrics.
Supply Chain Risk Assessment 2016 (all)
Threats to the supply chain in terms of delivery, integrity, content and the provenance of components and parts appear to be growing. The research cited here looks at methods to analyze risk to the security of the supply chain from multiple perspectives in order to develop accurate predictive metrics.
As malicious code—malware--continues to become more complex and as the threat adds worsened consequences financially, economically, and politically, the need to identify mitigation strategies, tools, and techniques is urgent. The work cited here addresses a series of approaches to the problem. For the Science of Security community, this work relates to the hard problems of human behavior, metrics, scalability, and resilience.
Trojan Horse Detection 2016 (all)
Detection and neutralization of hardware-embedded Trojans is a difficult problem. Current research is attempting to find ways to develop detection methods and processes and to automate the process. This research is relevant to cyber physical systems security, resilience and composability, as well as being an issue in supply chain security.
Underwater Networks 2016 (all)
Underwater networks have some unique security issues related to the environment they operate in. For the Science of security community, the research conducted and presented here is relevant to cyber-physical systems and work on resiliency, metrics, and scalability.
Visible Light Communications Security 2016 (all)
Visible light communication (VLC) offers an unregulated and free light spectrum and potentially could be a solution for overcoming overcrowded radio spectrum, especially for wireless communication systems, and doing it securely. For the Science of Security community, this work is relevant to resiliency, scalability, and metrics.
Wireless Mesh Network Security 2016 (all)
With more than 70 protocols vying for preeminence over wireless mesh networks, the security problem is magnified. The work cited here relates to the Science of Security hard problems of resiliency, metrics, and composability.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.