Pub Crawl #23
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
John McCarthy, coined the term "Artificial Intelligence" in 1955 and defined it as "the science and engineering of making intelligent machines." (as quoted in Poole, Mackworth & Goebel, 1998) AI research is highly technical and specialized, and has been characterized as "deeply divided into subfields that often fail to communicate with each other." (McCorduck, Pamela (2004), Machines Who Think (2nd ed.)) These divisions are attributed to both technical and social factors. The research cited here looks at the privacy implications of artificial intelligence. For the Science of Security community, AI is relevant to human factors, scalability, and resilience.
Air gaps—the physical separation of one computing system from another—is a classical defense mechanism based upon the assumption that data is safe if it cannot be touched electronically. However, air gaps may not be designed with adequate consideration for electronic emanations, thermal radiation, or other physical factors that might be exploited. For the Science of Security community, this research is relevant to the hard problems of composability, resilience, human behavior, and metrics.
Analogical Transfer 2018 (all)
Analogical transfer is a theory in psychology concerned with overcoming fixed ways of viewing particular problems or objects. In security, this problem is manifested in one example by system developers and administrators overlooking critical security requirements due to lack of tools and techniques that allow them to tailor security knowledge to their particular context. The works cited here use analogy and simulations to achieve break-through thinking. The topic relates to the hard problem of human factors in the Science of Security.
The proliferation and increased capability of "smart phones" has also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to the Android operating system. For the Science of Security community, this research is relevant to scalability, human behavior, metrics, and resilience.
Minimizing privacy risk is one of the major problems in the development of social media and hand-held smart phone technologies, vehicle ad hoc networks, and wireless sensor networks. For the Science of Security community, the research issues addressed relate to the hard problems of resiliency, composability, metrics, and human behavior.
Anonymous Messaging 2018 (all)
Anonymous messages contain embedded information about where to send them next. In theory, message strings can become untraceable and anonymity maintained. This is a double-edged issue, offering security and privacy on the one hand and creating an attribution problem on the other. For the Science of Security community, this work is relevant to the problems of resiliency and scalability.
Applications Programming Interfaces, APIs, are definitions of interfaces to systems or modules. As code is reused, more and more are modified from earlier code. For the Science of Security community, the problems of compositionality and resilience are direct.
Artificial Intelligence Security 2018 (all)
John McCarthy, coined the term "Artificial Intelligence" in 1955 and defined it as "the science and engineering of making intelligent machines." (as quoted in Poole, Mackworth & Goebel, 1998) AI research is highly technical and specialized, and has been characterized as "deeply divided into subfields that often fail to communicate with each other." (McCorduck, Pamela (2004), Machines Who Think (2nd ed.) These divisions are attributed to both technical and social factors. For the Science of Security community, AI research has implications for resilience, composability, metrics, and human behavior.
Artificial Neural Networks 2018 (all)
Artificial neural networks have been used to solve a wide variety of tasks that are hard to solve using ordinary rule-based programming. What has attracted much interest in neural networks is the possibility of learning. Tasks such as function approximation, classification pattern and sequence recognition, anomaly detection, filtering, clustering, blind source separation and compression and controls all have security implications. Cyber physical systems, resiliency, policy-based governance and metrics are the Science of Security interests.
Asymmetric Encryption 2018 (all)
Asymmetric, or public key, encryption is a cornerstone of cybersecurity. The research presented here looks at key distribution, compares symmetric and asymmetric security, and evaluates cryptographic algorithms, among other approaches. For the Science of Security community, encryption is a primary element for resiliency, compositionality, metrics, and behavior.
Security analysts use attack graphs for detection, defense and forensics. An attack graph is defined as a representation of all paths through a system that end in a state where an intruder has successfully breached the system. They are an important tool for the Science of Security related to predictive metrics, resiliency, and composability.
Keeping the attack surface as small as possible is a basic security measure. That attack surface is the sum of the different points where an adversary or unauthorized user can attempt to access in order to try to enter data to or extract data. For the Science of Security community, attack surface is a key concept for scalability, resilience, and metrics.
Attack vectors are paths or means by which an adversary can gain access to a computer or network server to deliver malware. Attack vectors enable exploitation of system vulnerabilities, including the human element. For the Science for Security community, this problem is related to resiliency and scalability, as well as human behavior.
Attestation is the verification of changes to software as part of trusted computing. For the Science of Security community, it is relevant to composability, resilience, and human behavior.
Attribute-based Encryption 2018 (all)
In an attribution-based encryption system, the decryption of a ciphertext should be possible only if the set of attributes of the user key matches the attributes of the ciphertext. The two types of attribute-based encryption schemes are key-policy attribute-based encryption and ciphertext-policy attribute-based encryption. For the Science of Security community, this research is relevant to the hard problems of scalability, human behavior, and policy-based governance.
Honeypots area traps set up to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. With increased network size and complexity, the need for advanced methods is growing. Specifically, cloud and virtual security need advanced methods for malware detection and collection. For the Science of Security community, this work is relevant to resiliency, scalability, and human factors.
System recovery following an attack is a core cybersecurity issue. Current research into methods to undo data manipulation and to recover lost or extruded data in distributed, cloud-based or other large scale complex systems is discovering new approaches and methods. For the Science of Security community, it is an essential element of resiliency.
Taint analysis is an important method for analyzing software to determine possible paths for exploitation. As such, it relates to the problems of composability and metrics.
Tamper resistance is an important element for composability of software systems and for security of cyber physical system resilience. For the Science of Security community, it is also relevant to scalability, metrics, and human factors.
The term “text analytics” refers to linguistic, statistical, and machine learning techniques that model and structure the information content of textual sources for intelligence, exploratory data analysis, research, or investigation. The research cited here focuses on large volumes of text mined to identify insider threats, intrusions, and malware detection. It is of interest to the Science of Security community relative to metrics, scalability and composability, and human factors.
Theoretical Cryptography 2018 (all)
Cryptography can only exist if there is a mathematical hardness to it constructed to maintain a desired functionality, even under malicious attempts to change or destroy the prescribed functionality. The foundations of theoretical cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural 'security concerns' mathematically using probability-based definitions, various constructions, complexity theoretic primitives and proofs of security. For the Science of Security community, this work is relevant to the broad problem of developing a science, as well as contributing to the solution of the hard problems of composability and compositionality.
Threat mitigation is a continuous need in cybersecurity. For the Science of Security community, threat mitigation is related to resiliency, metrics, and human behavior.
Trustworthy Systems 2018 (all)
Trust is created in information security to assure the identity of external parties. Trustworthy systems are a key element in the security of cyber physical systems, resiliency, and composability.
Two Factor Authentication 2018 (all)
Two factor authentication or 2FA is regarded as a solution to common attacks. However, it sometimes becomes a form of bait for attackers, because it is often used to secure high value information. For the Science of Security community, it is relevant to the hard problem of human factors.
User Privacy in the Cloud 2018 (all)
Privacy is a major problem for distributed file systems, that is, in the Cloud. For the Science of Security community, this work is relevant to scalability, resilience, and metrics.
Video surveillance is a fast growing area of public security. With it have come policy issues related to privacy. Technical issues and opportunities have also arisen, including the potential to use advanced methods to provide positive identification, abnormal behaviors in crowds, intruder detection, and information fusion with other data. For the Science of Security community, it is relevant to human behavior, metrics, and resiliency.
Virtual Machine Security 2018 (all)
Arguably, virtual machines are more secure than actual machines. This idea is based on the notion that an attacker cannot jump the gap between the virtual and the actual. The growth of interest in cloud computing suggest it is time for a fresh look at the vulnerabilities in virtual machines. In the articles presented below, security concerns are addressed in some interesting ways. For the Science of Security community, virtualization is related to composability, resiliency, cyber physical systems, and cryptography.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.