Pub Crawl #13
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Ad Hoc Network Security 2017 (all)
Because they are dynamic, done over shared wireless facilities, and proliferating, ad hoc networks are an important area for security research. For the Science of Security community, they are relevant to the issues of resilience, composability, and human behavior.
John McCarthy, coined the term "Artificial Intelligence" in 1955 and defined it as "the science and engineering of making intelligent machines." (as quoted in Poole, Mackworth & Goebel, 1998) AI research is highly technical and specialized, and has been characterized as "deeply divided into subfields that often fail to communicate with each other." (McCorduck, Pamela (2004), Machines Who Think (2nd ed.)) These divisions are attributed to both technical and social factors. The research cited here looks at the privacy implications of artificial intelligence. For the Science of Security community, AI is relevant to human factors, scalability, and resilience.
The proliferation and increased capability of “smart phones” has also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to the Android operating system. For the Science of Security community, this research is relevant to scalability, human behavior, metrics, and resilience.
Artificial Intelligence Security 2017 (all)
John McCarthy, coined the term "Artificial Intelligence" in 1955 and defined it as "the science and engineering of making intelligent machines." (as quoted in Poole, Mackworth & Goebel, 1998) AI research is highly technical and specialized, and has been characterized as "deeply divided into subfields that often fail to communicate with each other." (McCorduck, Pamela (2004), Machines Who Think (2nd ed.)) These divisions are attributed to both technical and social factors. The research cited here looks at the broad security implications of artificial intelligence. For the Science of Security community, AI is relevant to human factors, scalability, metrics and resilience.
Privacy issues related to Big Data are a growing area of interest for researchers. The work presented here addresses methodologies to protect personal information using both technical and policy solutions. For the Science of Security community, this work is relevant to human factors, resilience, scalability, and metrics.
Big Data Security in the Cloud 2017 (all)
Big data security in the Cloud is a growing area of interest for cybersecurity researchers. The work presented here ranges from cyber-threat detection in critical infrastructures to privacy protection. For the Science of Security community, it is relevant to the hard problems of resilience, scalability, and metrics.
Big Data Security Metrics 2017 (all)
Measurement is a hard problem in the Science of Security. Applied to Big Data, the problems of measurement in security systems are compounded. Scalability and resilience are also impacted.
Bitcoin is the allegedly secure electronic currency used for both open and nefarious purposes such as ransomware transactions. It does have security issues, however. For the Science of Security community, this research is relevant to human behavior and scalability.
The “clean slate” approach looks at designing networks and internets from scratch, with security built in, in contrast to the evolved Internet in place. The research presented here covers a range of research topics, and includes items of interest to the Science of Security, including human behavior, resilience, metrics, and policy governance.
Cross Site Scripting 2017 (all)
A type of computer security vulnerability typically found in Web applications, cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users. Attackers may use a cross-site scripting vulnerability to bypass access controls such as the same origin policy. Consequences may range from petty nuisance to significant security risk, depending on the value of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner. A frequent method of attack, research is being conducted on methods to prevent, detect, and mitigate XSS attacks. For the Science of Security community, this work is relevant to the hard problems of human behavior, scalability, and resilience.
Cryptology, the use of techniques for secure communication in the presence of adversaries, is one of the primary subjects of the Science of Security and impacts study into all of the hard problems.
Embedded Systems Security aims for a comprehensive view of security across hardware, platform software (including operating systems and hypervisors), software development processes, data protection protocols (both networking and storage), and cryptography. Critics say embedded device manufacturers often lack maturity when it comes to designing secure embedded systems. They say vendors in the embedded device and critical infrastructure market are starting to conduct classic threat modeling and risk analysis on their equipment, but they've not matured to the point of developing formal secure development standards. Research is beginning to bridge the gap between promise and performance, as the articles cited here suggest. For the Science of Security, this research addresses resilience, composability, and metrics.
Human behavior is complex and that complexity creates a tremendous problem for cybersecurity. The works cited here address a range of human trust issues related to behaviors, deception, enticement, sentiment and other factors difficult to isolate and quantify. For the Science of Security community, human behavior is a Hard Problem.
Identity Management 2017 (all)
The term identity management refers to the management of individual identities, their roles, authentication, authorizations and privileges within or across systems. For the Science of Security community, this research is relevant to scalability, resilience, and human behavior.
Internet of Vehicles 2017 (all)
The term “Internet of Vehicles” refers to a system of the Internet of Things related to automobiles and other vehicles. It may include Vehicular Ad-hoc Networks (VANETs). For the Science of Security community, it is important relative to cyber physical systems, resilience, human factors and metrics.
Successful key management is critical to the security of any cryptosystem. It is perhaps the most difficult part of cryptography including as it does system policy, user training, organizational and departmental interactions, and coordination between all of these elements and includes dealing with the generation, exchange, storage, use, and replacement of keys, key servers, cryptographic protocols, and user procedures. For researchers, key management is a challenge to create larger scale and faster systems to operate within the cloud and other complex environments, while ensuring validity and not adding weight to the process. For the Science of Security community, it is relevant to scalability, resilience, metrics, and human behavior.
Microelectronic Security 2017 (all)
Microelectronics is at the center of the IT world. Their security—provenance, integrity of their manufacture, and capacity for providing embedded security—is both an opportunity and a problem for cybersecurity research. For the Science of Security community, microelectronic security is a constituent component of resiliency, composability, and predictive metrics.
Multicore Computing Security 2017 (all)
As high performance computing has evolved into larger and faster computing solutions, new approaches to security have been identified. The articles cited here focus on security issues related to multicore environments. Multicore computing relates to the Science of Security hard topics of scalability, resilience, and metrics.
Multifactor Authentication 2017 (all)
Multifactor authentication is of general interest within cryptography. For the Science of Security community, it relates to human factors, resilience, and metrics.
Multiple Fault Diagnosis 2017 (all)
According to Shakeri, “the computational complexity of solving the optimal multiple-fault isolation problem is super exponential.” Most processes and procedures assume that there will be only one fault at any given time. Many algorithms are designed to do sequential diagnostics. With the growth of cloud computing and multicore processors and the ubiquity of sensors, the problem of multiple fault diagnosis has grown even larger. For the Science if Security community, multiple fault diagnosis is relevant to cyber physical systems, resiliency, metrics, and human factors.
Network Reconnaissance 2017 (all)
The capacity to survey, analyze and assess a network is a critical aspect of developing resilient systems. The work cited here addresses multiple methods and approaches to network reconnaissance.
Network Security Architecture 2017 (all)
The requirement for security and resilience in network security architecture is one of the hard problems in the Science of Security.
Predictive security metrics are one of the five hard problems in the Science of Security.
Quantum Computing Security 2017 (all)
While quantum computing is still in its early stage of development, large-scale quantum computers promise to be able to solve certain problems much more quickly than any classical computer using the best currently known algorithms. Quantum algorithms, such as Simon's algorithm, run faster than any possible probabilistic classical algorithm. For the Science of Security, the speed, capacity, and flexibility of qubits over digital processing offers still greater promise and relate to the hard problems of resilience, predictive metrics and composability. To the Science of Security community, they are interest in terms of scalability.
Resilient Security Architectures 2016 (all)
The development of resilient security architectures is one of the five hard problems for the Science of Security.
Resilient Security Architectures 2017 (all)
The development of resilient security architectures is one of the five hard problems for the Science of Security.
Searchable Encryption 2017 (all)
Searchable encryption allows one to store encrypted data externally, but still allow for easy data searches that do not require the search to download everything before decrypting and to allow others to search data without having access to plaintext. As an application, it is becoming increasingly important in the Cloud environment. For the Science of Security community, it is an area of research related to cryptography, resilience, and composability.
Security Risk Estimation 2017 (all)
Calculating risk in cyberphysical systems is a complex process. The work cited here approaches the problem relative to the Science of Security hard problems of human factors, scalability, resilience, and metrics.
Situational Awareness 2017 (all)
Situational awareness is an important human factor for cyber security that impacts resilience, predictive metrics, and composability.
Privacy is a specific problem within the general area of cybersecurity in the Smart Grid. The protection of customer data and usage is of particular importance. To the Science of Security community, this research is relevant to the hard problems of resiliency, scalability, and human factors.
Smart Grid Security 2017 (all)
The primary value of published research in smart grid technologies--the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources-- is because of its strategic importance and the consequences of intrusion. Smart grid is of particular importance to the Science of Security and its problems embrace several of the hard problems, notably resiliency, scalability, and metrics.
Software assurance is an essential element in the development of scalable and composable systems. For a complete system to be secure, each subassembly must be secure.
The term “text analytics” refers to linguistic, statistical, and machine learning techniques that model and structure the information content of textual sources for intelligence, exploratory data analysis, research, or investigation. The research cited here focuses on large volumes of text mined to identify insider threats, intrusions, and malware detection. It is of interest to the Science of Security community relative to metrics, scalability and composability, and human factors.
Trusted Platform Modules 2017 (all)
A Trusted Platform Module (TPM) is a computer chip that can securely store artifacts used to authenticate a network or platform. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Interest in TPMs is growing due to their potential for solving hard problems in security such as composability and cyber-physical system security and resilience.
Trustworthy Systems 2017 (all)
Trust is created in information security to assure the identity of external parties. Trustworthy systems are a key element in the security of cyber physical systems, resiliency, and composability.
Ubiquitous Computing Security 2017 (all)
Ubiquitous computing is a concept in software engineering and computer science where computing is made to appear anytime and everywhere. In contrast to desktop computing, ubiquitous computing can occur using any device, in any location, and in any format. Incorporating all aspects of the cyber world, including the internet, the processor, the Cloud, and so on, ubiquitous computing has significant security challenges. The Science of Security community, the work cited here is relevant to scalability, metrics, human factors and resilience.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.