Pub Crawl #4
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
6LoWPAN, IPv6 over Low power Wireless Personal Area Networks, is an architecture intended to allow low power devices to participate in the Internet of Things. The IEEE specification allows for operation in either a secure or non-secure mode. For the Science of Security community, the creation of secure process in low power and ad hoc environments relates to the hard problems of resilience and composability. In the IoT context, it also relates to cyber physical system security.
Anonymity in Wireless Networks 2016 (all)
Minimizing privacy risk is one of the major problems in the development of social media and hand-held smart phone technologies, vehicle ad hoc networks, and wireless sensor networks. For the Science of Security community, the research issues addressed relate to the hard problems of resiliency, composability, metrics, and human behavior.
Attestation is he process of validating the integrity of a computing device needed for trusted computing. For the Science of Security community, it is important in addressing the hard problems of predictive metrics and resilience.
Big Data Security in the Cloud 2016 (all)
Big data security in the Cloud is a growing area of interest for cybersecurity researchers. For the Science of Security community, research in this area relates to the hard problems of resiliency, composability and human behavior. The work presented here ranges from cyber-threat detection in critical infrastructures to privacy protection.
Big Data Security Metrics 2016 (all)
Measurement is a hard problem in the Science of Security. Applied to Big Data, the problems of measurement in security systems are compounded. The works cited here addresses those problems.
Black Box Cryptography 2016 (all)
According to Stack Exchange, black box security is "security of a cryptographic algorithm is studied in the 'black-box' model: e.g., for symmetric encryption, the attacker is given access to a "device" which runs the encryption algorithm with a given key, and can submit plaintexts and ciphertexts, the goal of the attacker being to be able to decrypt a given block without submitting that exact block as ciphertext." For the Science of Security community, back box cryptography is important to composability, metrics, and resilience.
The “clean slate” approach looks at designing networks and internets from scratch, with security built in, in contrast to the evolved Internet in place. The research presented here covers a range of research topics, and includes items of interest to the Science of Security, including human behavior, resilience, metrics, and policy governance.
Cross Site Scripting 2016 (all)
A type of computer security vulnerability typically found in Web applications, cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users. Attackers may use a cross-site scripting vulnerability to bypass access controls such as the same origin policy. Consequences may range from petty nuisance to significant security risk, depending on the value of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner. A frequent method of attack, research is being conducted on methods to prevent, detect, and mitigate XSS attacks. For the Science of Security community XSS is relevant to resilience, composability, and human behavior.
Mathematical decomposition is often used to address network flows. For the Science of Security community, decomposition is a useful method of dealing with cyber physical systems issues, metrics, and compositionality.
Networked Control Systems Security 2016 (all)
Network control systems (NCS) offer a relatively inexpensive way for communications networks to provide diagnostics, flexibility, and robustness. To the Science of Security community, NCS research is relevant to the hard problems of resiliency, composability, and predictive metrics. The research work cited here was presented in 2015.
Network on Chip Security 2016 (all)
Securing hardware as well as software is important in developing resilient systems, particularly cyber-physical systems. The exponential growth of capacity on a single chip, now grown to network scale, presents substantial security problems.
Network Reconnaissance 2016 (all)
The capacity to survey, analyze and assess a network is a critical aspect of developing resilient systems. The work cited here addresses multiple methods and approaches to network reconnaissance. All were presented in 2015.
Neural Network Security and Resiliency 2016 (all)
Neural networks have been used to solve a wide variety of tasks that are hard to solve using ordinary rule-based programming. What has attracted much interest in neural networks is the possibility of learning. Tasks such as function approximation, classification pattern and sequence recognition, anomaly detection, filtering, clustering, blind source separation and compression and controls all have security implications. Cyber physical systems, resiliency, policy-based governance and metrics are the Science of Security interests.
Phishing remains a primary method for social engineering access to computers and information. Much research work has been done in this area in recent years. For the Science of Security community, phishing is relevant to the hard problem of human behavior.
Physical Layer Security 2016 (all)
Physical layer security presents the theoretical foundation of a new model for secure communications by exploiting the noise inherent to communications channels. Based on information-theoretic limits of secure communications at the physical layer, the concept has challenges and opportunities related to designing of physical layer security schemes. The works presented here address the information-theoretical underpinnings of physical layer security and present various approaches and outcomes for communications systems. For the Science of Security community, physical layer security relates to resilience, metrics, and composability.
Resiliency is one of the five hard problems for the Science of Security. Research work in this area has been growing.
Situational Awareness 2016 (all)
Situational awareness is an important human factor for cyber security that impacts resilience, predictive metrics, and composability.
Virtual Machine Security 2016 (all)
Arguably, virtual machines are more secure than actual machines. This idea is based on the notion that an attacker cannot jump the gap between the virtual and the actual. The growth of interest in cloud computing suggest it is time for a fresh look at the vulnerabilities in virtual machines. In the articles presented below, security concerns are addressed in some interesting ways. For the Science of Security community, virtualization is related to composability, resiliency, cyber physical systems, and cryptography.
White Box Cryptography 2016 (all)
Open devices such as PCs, tablets or smartphones are extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself in the form of a white box attack. The goal of white-box cryptography is create a successful cryptographic algorithm so that assets remain secure even while under white-box attacks. For the Science of Security community, the subject is relevant to the Science of Security Hard Problems of composability, resilience, and metrics. The work cited here has been presented over a period of years.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.