Pub Crawl #63
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
CAPTCHA (the acronym for Completely Automated Public Turing test to tell Computers and Humans Apart) technology has become a standard security tool. In the research presented here, some novel uses are presented, including use of Captchas as graphical passwords, motion-based captchas, and defeating a captcha using a gaming technique. For the Science of Security community, they are relevant to human behavior and composability.
Adversaries look for ways to combine multiple exploits into one large attack. To be effective, the attacker must think outside the box, know many different technologies, and chain together a number of attacks to achieve his goal. For the Science of Security community, such attacks relate to the hard problems of scalability and resilience.
Channel coding, also known as Forward Error Correction, are methods for controlling errors in data transmissions over noisy or unreliable communications channels. For cybersecurity, these methods can also be used to ensure data integrity, as some of the research cited below shows. The work cited here relates to the Science of Security problems of metrics, resiliency, and composability.
Chaotic Cryptography 2021 (all)
Chaos-based cryptography systems are gaining interest as a way to provide robust protection, especially against statistical attacks. For the Science of Security community, this approach is related to the hard problems of scalability, resilience, metrics.
The “clean slate” approach looks at designing networks and internets from scratch, with security built in, in contrast to the evolved Internet in place. The research presented here covers a range of research topics and includes items of interest to the Science of Security, including human behavior, resilience, metrics, and policy governance.
Coding Theory and Security 2021 (all)
Coding theory examines the properties of codes and their aptness for a specific application. For the Science of Security, coding theory is relevant to compositionality, resilience, cryptography, and metrics.
Cognitive Radio Security 2021 (all)
Cognitive radio (CR) is a form of dynamic spectrum management--an intelligent radio that can be programmed and configured dynamically to use the best wireless channels near it. Its capability allows for great network resilience.
Cryptojacking is a new method criminals are using to take over computers and using the hijacked processing power to earn cryptocurrency. For the Science of Security community, this new attack vector is relevant to resiliency, metrics, and human behavior.
Cryptology, the use of techniques for secure communication in the presence of adversaries, is one of the primary subjects of the Science of Security and impacts study into all of the hard problems.
Physical systems, particularly critical infrastructure, are increasingly dependent upon cyber systems. Risks to those cyber systems create potential adverse consequences for the physical systems. Research exploring these problems is growing and is of interest to the Science of Security community relative to the hard problems of compositionality and scalability, human factors, resiliency, and metrics.
Cybersecurity Education 2021 (all)
As a discipline in higher education, cybersecurity is less than two decades old. But because of the large number of qualified professionals needed, many universities offer cybersecurity education in a variety of delivery formats—live, online, and hybrid. To date, much of the curriculum has been driven by NSTISSI standards written in the early 1990s. The articles cited here look at aspects of curriculum, methods, evaluation, and support technologies. For the Science of Security community, these items are relevant to the areas of hard problems, privacy and cyber-physical systems.
Exponentiation, the mathematical operations that underlie encryption and coding, is important to the Science of Security because complexity adds delay. In creating resilient architectures, for example, slow processing may make a security feature too heavy to include. It is relevant to the hard problems of scalability and resiliency.
Facial recognition tools have long been the stuff of action-adventure films. In the real world, they present opportunities and complex problems being examined by researchers. For the Science of Security community, their work relates to the hard problems of human behavior, metrics, and resilience.
False Data Detection 2021 (all)
False data injection attacks against electric power grids potentially have major consequences. For the Science of Security community, the detection of false data injection is relevant to resiliency, composability, cyber physical systems, and human behavior.
Hashing algorithms are used extensively in information security and forensics. Research focuses on new methods and techniques to optimize security. For the Science of Security community, this work is relevant to compositionality and resilience.
Homomorphic Encryption 2021 (all)
Homomorphic encryption shows promise but continues to demand a heavy processing load in practice. Research into homomorphism is focused on creating greater efficiencies, as well as elaborating on the underlying theory. For the Science of Security community, this work is relevant to resiliency, scalability, human factors, and metrics.
Honeypots are traps set up to detect, deflect, or in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. With increased network size and complexity, the need for advanced methods is growing. Specifically, cloud and virtual security need advanced methods for malware detection and collection. For the Science of Security community, this work is relevant to resiliency, scalability, and human factors.
Human-in-the-loop (HITL) machine learning is a blend of supervised machine learning and active learning. A human influences the outcome in such a way that is difficult to reproduce. The practice of uniting human and machine intelligence to create effective machine learning algorithms is relevant to the Science of Security hard problems of Human Factors and Scalability.
Human-in-the-loop (HITL) machine learning is a blend of supervised machine learning and active learning. A human influences the outcome in such a way that is difficult to reproduce. The practice of uniting human and machine intelligence to create effective machine learning algorithms is relevant to the Science of Security hard problems of Human Factors and Scalability.
Human-in-the-loop (HITL) machine learning is a blend of supervised machine learning and active learning. A human influences the outcome in such a way that is difficult to reproduce. The practice of uniting human and machine intelligence to create effective machine learning algorithms is relevant to the Science of Security hard problems of Human Factors and Scalability.
Pervasive Computing Security 2021 (all)
Also called ubiquitous computing, pervasive computing is the concept that all man-made and some natural products will have embedded hardware and software technology and connectivity. This evolution has been proceeding exponentially as computing devices become progressively smaller and more powerful. For the Science of Security community, work in this area is related to resilience, scalability, human factors, and metrics.
QR codes are used to store information in two dimensional grids which can be decoded quickly. The work here deals with extending its encoding and decoding implementation for user authentication and access control as well as tagging. For the Science of Security community, the work is relevant to cyber physical systems, cryptography, and resilience.
Quantum Computing Security 2021 (all)
While quantum computing is still in its early stage of development, large-scale quantum computers promise to be able to solve certain problems much more quickly than any classical computer using the best currently known algorithms. Quantum algorithms, such as Simon's algorithm, run faster than any possible probabilistic classical algorithm. For the Science of Security, the speed, capacity, and flexibility of qubits over digital processing offers still greater promise and relate to the hard problems of resilience, predictive metrics and composability. To the Science of Security community, they are interest in terms of scalability.
Random Key Generation 2021 (all)
Random and pseudorandom numbers can be used for the generation, exchange, storage, use, and replacement of keys, key servers, cryptographic protocols, and user procedures. For researchers, random key generation is a challenge to create larger scale and faster systems to operate within the cloud and other complex environments, while ensuring validity and not adding weight to the process. For the Science of Security community, it is relevant to scalability, resilience, metrics, and human behavior.
“Ransomware” is the name given to malicious software that locks a computer until an extorted fee or ransom is paid for the key to unlock it. This ransom is usually paid in bitcoin. For the Science of Security community, there are implications for resiliency, composability, and metrics.
Recommender Systems 2021 (all)
Recommender systems are rating systems filters used to predict a user’s preferences for a particular item. Frequently they are used to identify related objects of interest based on a user’s preference to market similar items. As such they create a problem for cybersecurity and privacy related to the hard problems of human factors, scalability, and resilience.
Relational Database Security 2021 (all)
A majority of enterprises store their most sensitive data in relational databases, including personally identifiable information (PII), financial records, and supply chain information. These databases are also the most frequently hacked. For the Science of Security community, relational database security is important for resilience, composability human behavior, and metrics.
Science of Security 2020 (all)
Many more articles and research studies are appearing with “Science of Security” as a keyword. The articles cited here discuss the degree to which security is a science and various issues surrounding its development, ranging from basic approach to essential elements. The articles cited here address the fundamental concepts of the Science of Security.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.