Pub Crawl #11
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Autonomic computing refers to the self-management of complex distributed computing resources that can adapt to unpredictable changes with transparency to operators and users. Security is one of the four key elements of autonomic computing and includes proactive identification and protection from arbitrary attacks. For the Science of Security community, this work is relevant to the hard problems of resiliency, scalability, and predictive metrics.
Botnets, a common security threat, are used for a variety of attacks: spam, distributed denial of service (DDOS), ad and spyware, scareware and brute forcing services. Their reach and the challenge of detecting and neutralizing them is compounded in the cloud and on mobile networks. For the Science of Security community, research in this area is related to resiliency, compositionality, and metrics.
CAPTCHA (the acronym for Completely Automated Public Turing test to tell Computers and Humans Apart) technology has become a standard security tool. In the research presented here, some novel uses are presented, including use of Captchas as graphical passwords, motion-based captchas, and defeating a captcha using a gaming technique. For the Science of Security community, they are relevant to human behavior and composability.
Cognitive Radio Security 2017 (all)
Cognitive radio (CR) is a form of dynamic spectrum management--an intelligent radio that can be programmed and configured dynamically to use the best wireless channels near it. Its capability allows for great network resilience.
A covert channel is a simple, effective mechanism for sending and receiving data between machines without alerting any firewalls or intrusion detectors on the network. In cybersecurity science, they have value both as a means for defense and attack. For the Science of Security community, this work is relevant to the hard problems of resilience, scalability and compositionality.
Elliptic Curve Cryptography 2017 (all)
Elliptic curve cryptography is a major research area globally. It is relevant to solving the hard problems of interest to the Science of Security community of scalability, resilience, and metrics.
Information Reuse and Security 2017 (all)
The objective of information reuse is to maximize the value of information by creating simple, rich, and reusable knowledge representations and integrating it into systems and applications. With reuse comes inherent security risk. For the Science of Security community, this problem is relevant to compositionality and resiliency.
Insider threats are a difficult problem. The research cited here looks at both intentional and accidental threats, including the effects of social engineering, and methods of identifying potential threats. For the Science of Security, insider threat relates to human behavior, as well as metrics, policy-based governance and resilience.
The term Internet of Things (IT) refers to advanced connectivity of the Internet with devices, systems and services that include both machine-to-machine communications (M2M) and a variety of protocols, domains and applications. Since the concept incorporates literally billions of devices, the security implications are huge. For the Science of Security community, this work is relevant to the hard problems of resilience, composability, human behavior, and metrics.
Magnetic remanence is the property that allows an attacker to recreate files that have been overwritten. For the Science of Security community, it is a topic relevant to the hard problems of resilience and compositionality and has major implications for the Internet of Things and other cyber physical systems.
Metadata Discovery Problem 2017 (all)
Metadata is often described as “data about data.” Usage varies from virtualization to data warehousing to statistics. Because of its volume and complexity, metadata has the potential to tax security procedures and processes. For the Science of Security community, work in this area is relevant to the problems of scalability, resilience, and compositionality.
Oscillating Behaviors 2017 (all)
Broadly speaking, signal processing covers signal acquisition and reconstruction, quality improvement, signal compression and feature extraction. Each of these processes introduces vulnerabilities into communications and other systems. The research articles cited here explore trust between networks, steganalysis, tracing passwords across networks, and certificates. They address the Science of Security hard problems related to privacy, resilience, metrics, and composability.
Phishing remains a primary method for social engineering access to computers and information. Much research work has been done in this area in recent years. For the Science of Security community, phishing is relevant to the hard problem of human behavior.
Provenance refers to information about the origin and activities of system data and processes. With the growth of shared services and systems, including social media, cloud computing, and service-oriented architectures, finding tamperproof methods for tracking files is a major challenge. Provenance is important to the Science of Security relative to human behavior, metrics, resilience, and composability.
Radio frequency identification (RFID) has become a ubiquitous identification system used to provide positive identification for items as diverse as cheese and pets. Research into RFID technologies continues and the security of RFID tags is being increasingly questioned. The work is related to the Science of Security issues of resiliency and human behaviors.
Scientific Computing Security 2017 (all)
Scientific computing is concerned with constructing mathematical models and quantitative analysis techniques and using computers to analyze and solve scientific problems. As a practical matter, scientific computing is the use of computer simulation and other forms of computation from numerical analysis and theoretical computer science to solve specific problems such as cybersecurity. For the Science of Security community, it relates to predictive metrics, compositionality, and resilience.
Security Policies Analysis 2017 (all)
Policy-based access controls and security policies are intertwined in most commercial systems. Analytics use abstraction and reduction to improve policy-based security. For the Science of Security community, policy-based governance is one of the five Hard Problems.
Cyber physical system security requires the need to build secure sensors and actuators. The research work here addresses the Science of Security hard problems of human behavior, resiliency, metrics and composability for actuator security.
Signal Processing Security 2017 (all)
Broadly speaking, signal processing covers signal acquisition and reconstruction, quality improvement, signal compression and feature extraction. Each of these processes introduces vulnerabilities into communications and other systems. The research articles cited here explore trust between networks, steganalysis, tracing passwords across networks, and certificates. They address the Science of Security hard problems related to privacy, resilience, metrics, and composability.
System recovery following an attack is a core cybersecurity issue. Current research into methods to undo data manipulation and to recover lost or extruded data in distributed, cloud-based or other large scale complex systems is discovering new approaches and methods. For the Science of Security community, it is an essential element of resiliency.
Web Browser Security 2017 (all)
Web browsers are vulnerable to a range of threats. To the Science of Security community, they are often the first vector for attacks and are relevant to the issues of compositionality, resilience, predictive metrics, and human behavior.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.