Pub Crawl #10
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Artificial Neural Networks 2016 (all)
Artificial neural networks have been used to solve a wide variety of tasks that are hard to solve using ordinary rule-based programming. What has attracted much interest in neural networks is the possibility of learning. Tasks such as function approximation, classification pattern and sequence recognition, anomaly detection, filtering, clustering, blind source separation and compression and controls all have security implications. Cyber physical systems, resiliency, policy-based governance and metrics are the Science of Security interests.
Keeping the attack surface as small as possible is a basic security measure. That attack surface is the sum of the different points where an adversary or unauthorized user can attempt to access in order to try to enter data to or extract data. For the Science of Security community, attack surface is a key concept for scalability, resilience, and metrics.
Attack vectors are paths or means by which an adversary can gain access to a computer or network server to deliver malware. Attack vectors enable exploitation of system vulnerabilities, including the human element. For the Science for Security community, this problem is related to resiliency and scalability, as well as human behavior.
Blockchain Security 2016 (all)
The blockchain is the “public ledger” of all Bitcoin transactions. It is a so-called “trustless” proof mechanism of all the transactions on the network. Access to it is public. Since the blockchain is the record of all Bitcoin transactions, it has a special need for security. For the Science of Security community, research into this problem is related to resiliency and scalability.
Adversaries look for ways to combine multiple exploits into one large attack. To be effective, the attacker must think outside the box, know many different technologies, and chain together a number of attacks to achieve his goal. For the Science of Security community, such attacks relate to the hard problems of scalability and resilience.
The Dark Web, or Darknet, is a subset of the deep web that is not indexed and requires something special to access it. Much of the activity on it is extra- or illegal, pornographic, or otherwise unseemly. For the Science of Security community, understanding of the activities on the Dark Web related to human behavior issues.
Elliptic Curve and Cryptography 2016 (all)
Elliptic curve cryptography is a major research area globally. The work cited here focuses on areas of specific interest to the Science of Security community, including cyber physical systems security. They relate to the hard problems of resiliency, composability, and predictive metrics.
Expert Systems and Security 2016 (all)
An expert system is an artificial intelligence (AI) application that uses a knowledge base of human expertise for problem solving. Its success is based on the quality of the data and rules obtained from the human expert. Some perform above and some below the level of humans, For the Science of Security, expert systems are relevant to the hard problems of scalability, human behavior, and resilience.
Middleware and Security 2016 (all)
Middleware facilitates distributed processing, and is of significant interest to the security world with the development of cloud and mobile applications. It is important to the Science of Security community relative to resilience, policy-based governance and composability.
Power Grid Vulnerability Analysis 2016 (all)
Cyber-Physical Systems such as the power grid are complex networks linked with cyber capabilities. The complexity and potential consequences of cyber-attacks on the grid make them an important area for scientific research. For the Science of Security community, this research is relevant to composability, resilience, and predictive metrics.
“Ransomware” is the name given to malicious software that locks a computer until an extorted fee or ransom is paid for the key to unlock it. This ransom is usually paid in bit coin. For the Science of Security community, there are implications for human behavior, resiliency, composability, and metrics.
At a recent Lablet quarterly meeting and at HotSoS, sandboxing was discussed as an important tool for the Science of Security, particularly with regard to developing composable systems and policy-governed systems. To many researchers, it is a promising method for preventing and containing damage. Sandboxing, frequently used to test unverified programs that may contain malware, allows the software to run without harming the host device.
Scalability is one of the hard problems in the Science of Security. Applied to larger data sets, increases in interoperability, and greater computing capacity, particularly in critical infrastructures and the Internet of Things, the development of effective automated scalable systems is compounded.
Security Heuristics 2016 (all)
Heuristic analysis is a method employed by many computer antivirus programs designed to detect “Zero Day” or previously unknown computer viruses and new variants of viruses already “in the wild." It is an expert-based analytic method that uses various decision rules or weighing methods. For the Science of Security community, it is relevant to the hard problems of resilience, scalability, and predictability.
Policy-based access controls and security policies are intertwined in most commercial systems. Analytics use abstraction and reduction to improve policy-based security. For the Science of Security community, policy-based governance is one of the five Hard Problems.
Security Weaknesses 2016 (all)
Attackers need only find one or a few exploitable vulnerabilities to mount a successful attack while defenders must shore up as many weaknesses as practicable. The research presented here covers a range of weaknesses and approaches for identifying and securing against attacks. Many articles focus on key systems, both public and private. Hard problems addressed include human behavior, policy-based governance, resilience and metrics.
Tamper resistance is an important element for composability of software systems and for security of cyber physical system resilience.
Time Frequency Analysis and Security 2016 (all)
Time-frequency analysis is a useful method that allows simultaneous consideration of both the time and frequency domains. It is useful to the Science of Security community for analysis in cyber-physical systems and toward solving the hard problems of resilience, predictive metrics, and scalability.
Trusted Platform Modules 2016 (all)
A Trusted Platform Module (TPM) is a computer chip that can securely store artifacts used to authenticate a network or platform. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Interest in TPMs is growing due to their potential for solving hard problems in security such as composability and cyber-physical system security and resilience.
Video surveillance is a fast growing area of public security. With it have come policy issues related to privacy. Technical issues and opportunities have also arisen, including the potential to use advanced methods to provide positive identification, abnormal behaviors in crowds, intruder detection, and information fusion with other data. For the Science of Security community, it is relevant to human behavior, metrics, and resiliency.
Vulnerability Detection 2016 (all)
Vulnerability detection is a topic for which a great deal of research is being done. For the Science of Security community, vulnerability detection research is relevant to human behavior, resiliency, compositionality, and metrics.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.