Pub Crawl #12

Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Acoustic Fingerprints 2017 (all)

Acoustic fingerprints can be used to identify an audio sample or quickly locate similar items in an audio database. As a security tool, fingerprints offer a modality of biometric identification of a user. Current research is exploring various aspects and applications, including the use of these fingerprints for mobile device security, antiforensics, use of image processing techniques, and client side embedding. For the Science of Security community, they are relevant to the problems of resiliency, human behavior and composability.

Automated Response Actions 2017 (all)

A recurring problem in cybersecurity is the need to automate systems to reduce human effort and error and to be able to react rapidly and accurately to an intrusion or insertion. The articles cited here describe a number of interesting approaches related to the Science of Security hard topics, including resilience and composability.

BIOS Security 2017 (all)

Recent revelations that processors have had long-standing vulnerabilities have triggered a greater interest in relooking at firmware in general. Research into BIOS has produced some work relevant to the Science of Security issues of human factors, resilience, metrics, and scalability.

Chaotic Cryptography 2016 (all)

Adding chaos theory to cryptography allows the development of lighter, stronger and more efficient methods. For the Science of Security community, work in this area relates to resiliency, composability, and predictive metrics.

Chaotic Cryptography 2017 (all)

Compiler Security 2017 (all)

Much of software security focuses on applications, but compiler security should also be an area of concern. Compilers can “correct” secure coding in the name of efficient processing. The works cited here look at various approaches and issues in compiler security. For the Science of Security community, this work is relevant to the problems of resiliency and composability.

Cross Layer Security 2016 (all)

Protocol architectures traditionally followed strict layering principles to ensure interoperability, rapid deployment, and efficient implementation. But a lack of coordination between layers limits the performance of these architectures. More important, the lack of coordination may introduce security vulnerabilities and potential threat vectors. For the Science of Security community, this work is relevant to the problems of resiliency and composability.

Cross Layer Security 2017 (all)

Data Sanitization 2017 (all)

For security researchers, privacy protection during data mining is a major concern. Sharing information over the Internet or holding it in a database requires methods of sanitizing data so that personal information cannot be obtained. For the Science of Security community, this work is relevant to human behavior and privacy, resilience, and compositionality.

DDoS Attack Detection 2017 (all)

Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. Detection is a key step in dealing the problem. For the Science of Security community, this research is related to the problems of resilience, composability, metrics, and human behavior.

DDoS Attack Mitigation 2017 (all)

Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. Mitigation is a key step in dealing the problem. For the Science of Security community, this research is related to the problems of resilience, composability, metrics, and human behavior.

DDoS Attack Prevention 2017 (all)

Decomposition 2017 (all)

Mathematical decomposition is often used to address network flows. For the Science of Security community, decomposition is a useful method of dealing with cyber physical systems issues, metrics, and compositionality.

DNA Cryptography 2017 (all)

DNA-based cryptography is a developing interdisciplinary area combining cryptography, mathematical modeling, biochemistry and molecular biology as the basis for encryption. For the Science of Security committee, it is relevant to the hard problems of human behavior, resilience, predictive metrics, and privacy.

Hash Algorithms 2017 (all)

Hashing algorithms are used extensively in information security and forensics. Research focuses on new methods and techniques to optimize security. For the Science of Security community, this work is relevant to compositionality and resilience.

Homomorphic Encryption 2017 (all)

Homomorphic encryption shows promise, but continues to demand a heavy processing load in practice. Research into homomorphism is focused on creating greater efficiencies, as well as elaborating on the underlying theory. For the Science of Security community, this work is relevant to resiliency, scalability, human factors, and metrics.

Immersive Systems 2017 (all)

Immersion systems, commonly known as “virtual reality”, are used for a variety of functions such as gaming, rehabilitation, and training. These systems mix the virtual with the actual, and have implications for cybersecurity because attackers may make the jump from virtual to actual systems. For the Science of Security community, this work is relevant to resilience, human factors, cyber physical systems, privacy, and composability.

Information Theoretic Security 2017 (all)

A cryptosystem is said to be information-theoretically secure if its security derives purely from information theory and cannot be broken even when the adversary has unlimited computing power. For example, the one-time pad is an information-theoretically secure cryptosystem proven by Claude Shannon, inventor of information theory, to be secure. Information-theoretically secure cryptosystems are often used for the most sensitive communications such as diplomatic cables and high-level military communications, because of the great efforts enemy governments expend toward breaking them. Because of this importance, methods, theory and practice in information theory security also remains high. It is fundamentally related to the concept of Science of Security and all the hard problems.

Intrusion Tolerance 2016 (all)

Intrusion tolerance refers to a fault-tolerant design approach to defending communications, computer and other information systems against malicious attack. Rather than detecting all anomalies, tolerant systems only identify those intrusions which lead to security failures. The topic relates to the Science of Security issues of resilience and composability.

Intrusion Tolerance 2017 (all)

IP Piracy 2017 (all)

Theft of Intellectual Property, that is, piracy, continues to be a matter of major research interest. The topic is related to the Science of Security regarding resilience, policy-based governance, and composability.

IP Protection 2017 (all)

Intellectual Property protection continues to be a matter of major research interest. The topic is related to the Science of Security regarding resilience, policy-based governance, and composability.

Malware Analysis 2017 (all)

Malware analysis, along with detection and classification, is a major issue in cybersecurity. For the Science of Security community, malware classification is related to privacy, predictive metrics, human behavior and resiliency.

Moving Target Defense 2017 (all)

Moving Target (MT) research and development results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber target. For the Science of Security community, MTD is related to resilience and predictive metrics.

Natural Language Processing 2017 (all)

Natural language processing research focuses on developing efficient algorithms to process texts and to make their information accessible to computer applications. Texts can contain information with different complexities ranging from simple word or token-based representations, to rich hierarchical syntactic representations, to high-level logical representations across document collections. For the Science of Security community, this work is relevant to scalability, resilience, and human behavior.

Operating Systems Security 2017 (all)

Operating system security is a component of resiliency, composability, and an area of concern for predictive metrics.

Outsourced Database Integrity 2016 (all)

The growth of distributed storage systems such as the Cloud has produced novel security problems. The works cited here address untrusted servers, generic trusted data, trust extension on commodity computers, defense against frequency-based attacks in wireless networks, and other topics. For the Science of Security community, these topics relate to composability, metrics, and resilience.

Outsourced Database Integrity 2017 (all)

Pervasive Computing Security 2017 (all)

Also called ubiquitous computing, pervasive computing is the concept that all man-made and some natural products will have embedded hardware and software technology and connectivity. This evolution has been proceeding exponentially as computing devices become progressively smaller and more powerful. For the Science of Security community, work in this area is related to resilience, scalability, human factors, and metrics.

Policy-based Governance 2017 (all)

Governance is one of the five hard problems in the Science of Security. The work cited here includes some work of specific interest in this difficult topic.

Predictive Security Metrics 2017 (all)

Measurement is at the core of science. The development of accurate metrics is a major element for achieving a true Science of Security. It is also one of the hard problems to solve.

QR Codes 2017 (all)

QR codes are used to store information in two dimensional grids which can be decoded quickly. The work here deals with extending its encoding and decoding implementation for user authentication and access control as well as tagging. For the Science of Security community, the work is relevant to cyber physical systems, cryptography, and resilience.

Scalable Security 2017 (all)

Scalability of security is one of the five hard problem in the Science of Security. The work cited here includes some work of specific interest in this difficult topic.

Science of Security 2016 (all)

Many more articles and research studies are appearing with “Science of Security” as a keyword. The articles cited here discuss the degree to which security is a science and various issues surrounding its development, ranging from basic approach to essential elements.

Science of Security 2017 (all)

Security Scalability 2017 (all)

Scalability, along with compositionality, is one of the five hard problems for the Science of Security community. Work in this area seems to be increasing.

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.

Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.

How recent are these publications?

These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.

How are topics selected?

The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.

How can I submit or suggest a publication?

Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.

What are the hard problems?

Select a hard problem to retrieve related publications.

- Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.

Submitted by Anonymous on Wed, 12/27/2017 - 09:24