Pub Crawl #7
Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
Minimizing privacy risk is one of the major problems in the development of social media and hand-held smart phone technologies, vehicle ad hoc networks, and wireless sensor networks. For the Science of Security community, the research issues addressed relate to the hard problems of resiliency, composability, metrics, and human behavior.
Security analysts use attack graphs for detection, defense and forensics. An attack graph is defined as a representation of all paths through a system that end in a state where an intruder has successfully breached the system. They are an important tool for the Science of Security related to predictive metrics, resiliency, and composability.
Belief networks are Bayesian models that represent sets of random variables and their conditional dependencies through a directed acyclic graph (DAG). These networks are used for modelling beliefs in complex physical networks or systems and are important to the Science of Security.
Biometric Encryption 2016 (all)
The use of biometric encryption to control access and authentication is well established. New concerns about privacy create new issues for biometric encryption, however. The increased use of Cloud architectures compounds the problem of providing continuous re-authentication. The research cited here examines these issues.
Control Theory and Privacy 2016 (all)
In the Science of Security, control theory offers methods and approaches to potentially solve hard problems in resiliency. The research work presented here specifically addresses issues in privacy.
Control Theory and Security 2016 (all)
In the Science of Security, control theory offers methods and approaches to potentially solve hard problems in resiliency. The research work presented here broadly addresses issues in security.
Cybersecurity Education 2016 (all)
As a discipline in higher education, cybersecurity is less than two decades old. But because of the large number of qualified professionals needed, many universities offer cybersecurity education in a variety of delivery formats—live, online, and hybrid. To date, much of the curriculum has been driven by NSTISSI standards written in the early 1990s. The articles cited here look at aspects of curriculum, methods, evaluation, and support technologies.
A digital signature is one of the most common ways to authenticate. Using a mathematical scheme, the signature assures the reader that the message was created and sent by a known sender. But not all signature schemes are secure. The research challenge is to find new and better ways to protect, transfer, and utilize digital signatures. For the Science of Security community, this work is relevant to scalability and resilience.
Efficient Encryption 2016 (all)
The term “efficient encryption” generally refers to the speed of an algorithm, that is, the time needed to complete the calculations to encrypt or decrypt a coded text. The research cited here shows a broader concept and looks both at hardware and software, as well as power consumption. The research relates to cyber physical systems, resilience and composability.
E-government and Cybersecurity 2016 (all)
Electronic government is a growing area for the delivery of services to citizens. However, attacks on government data bases create large problems for a government and its citizens through lost or manipulated information and personal privacy violations. For the Science of Security community, its issues related to human behavior, policy-based governance of information technology systems, and resilience.
Encryption audits not only test the validity and effectiveness of protection schemes, they also potentially provide data for developing and improving metrics about data security. For the Science of Security community, this work is relevant to helping solve the hard problems of predictive metrics, compositionality and resilience.
Insider threats are a difficult problem. The research cited here looks at both intentional and accidental threats, including the effects of social engineering, and methods of identifying potential threats. For the Science of Security, insider threat relates to human behavior, as well as metrics, policy-based governance and resilience.
I-O Systems Security 2016 (all)
Management of I/O devices is a critical part of the operating system. Entire I/O subsystems are devoted to its operation. These subsystems contend both with the movement towards standard interfaces for a wide range of devices to makes it easier to add newly developed devices to existing systems, and the development of entirely new types of devices for which existing standard interfaces can be difficult to apply. Typically, when accessing files, a security check is performed when the file is created or opened. The security check is typically not done again unless the file is closed and reopened. If an opened file is passed to an untrusted caller, the security system can, but is not required to prevent the caller from accessing the file. The research is relevant to the Science of Security problem of scalability.
Successful key management is critical to the security of any cryptosystem. It is perhaps the most difficult part of cryptography including as it does system policy, user training, organizational and departmental interactions, and coordination between all of these elements and includes dealing with the generation, exchange, storage, use, and replacement of keys, key servers, cryptographic protocols, and user procedures. For researchers, key management is a challenge to create larger scale and faster systems to operate within the cloud and other complex environments, while ensuring validity and not adding weight to the process. For the Science of Security community, it is relevant to scalability, resilience, metrics, and human behavior.
Machine learning offers potential efficiencies and is an important tool in data mining. However, the “learned” or derived data must maintain integrity. Machine learning can also be used to identify threats and attacks. Research in this field relates to the Science of Security hard problems of resilient architectures, composability, and privacy.
MANET Attack Prevention and Detection 2016 (all)
Security and privacy are important research issues for mobile ad hoc networks (MANETs). The work cited here looks at attack prevention and detection. For the Science of Security community, this work relates to the hard problems of resilience, metrics, and compositionality.
Measurement and Metrics Testing 2016 (all)
Measurement and metrics are hard problems in the Science of Security. The research cited here looks at methods and techniques for testing the validity measurement and metrics techniques.
Multiple Fault Diagnosis 2016 (all)
According to Shakeri, “the computational complexity of solving the optimal multiple-fault isolation problem is super exponential.” Most processes and procedures assume that there will be only one fault at any given time. Many algorithms are designed to do sequential diagnostics. With the growth of cloud computing and multicore processors and the ubiquity of sensors, the problem of multiple fault diagnosis has grown even larger. For the Science if Security community, multiple fault diagnosis is relevant to cyber physical systems, resiliency, metrics, and human factors.
Nearest Neighbor Search 2016 (all)
The search for secure privacy protecting nearest neighbor searches is an issue in cybersecurity related to the Science of Security community hard problem of measurement and predictive metrics.
Network coding methods are used to improve a network's throughput, efficiency and scalability. It can also be a method for dealing with attacks and eavesdropping. For the Science of Security community, research into network coding is relevant to the general network problems associated with the hard problems of resiliency, composability, and predictive metrics, as well as cyber physical systems.
Network Intrusion Detection 2016 (all)
Network intrusion detection is one of the chronic problems in cybersecurity. The growth of cellular and ad hoc networks has increased the threat and risks and research into this area of concern reflects its importance. For the Science of Security community, NID is relevant to metrics, composability, and resilience.
Outsourced Database Security 2016 (all)
The outsourcing of database security adds complexity and risk to the challenges of security. For the Science of Security community, the problems created are related to the hard problems of scalability, human behavior, predictive metrics, and resiliency.
Pattern locks are best known as the access codes using a series of lines connecting dots. Primarily familiar to Android users, research into pattern locks shows promise for many more uses.
Pervasive Computing 2016 (all)
Also called ubiquitous computing, pervasive computing is the concept that all man-made and some natural products will have embedded hardware and software technology and connectivity. This evolution has been proceeding exponentially as computing devices become progressively smaller and more powerful. The goal of pervasive computing, which combines current network technologies with wireless computing, voice recognition, Internet capability and artificial intelligence, is to create an environment where the connectivity of devices is embedded in such a way that the connectivity is unobtrusive and always available. This work is related to the Science of Security issues of scalability, resilience, and human behavior.
The term “provable security” refers to those security methods which can be confirmed mathematically through a formal process. For the Science of Security community, these methods are important to solving the problems of resiliency, predictive metrics, and compositionality.
Recommender Systems 2016 (all)
Recommender systems are rating systems filters used to predict a user’s preferences for a particular item. Frequently they are used to identify related objects of interest based on a user’s preference to market similar items. As such they create a problem for cybersecurity and privacy.
Repudiation and non-repudiation are core topics in cybersecurity. For the Science of Security community, they relate to resilience, human behavior, metrics, and composability.
Signature Based Defense 2016 (all)
Research into the use of malware signatures to inform defensive methods is a standard research exercise for the Science of Security community. This work addresses issues related to scalability and resilience.
Smart Grid Consumer Privacy 2016 (all)
Concerns about consumer privacy and electric power usage have impacted utilities fielding of smart-meters. Securing power meter readings in a way that addresses while protecting consumer privacy is a concern of research designed to help alleviate those concerns. For the Science of Security community, privacy is a core topic.
Steganography Detection 2016 (all)
Digital steganography detection is one of the primary areas or science of security research. For the Science of Security community, it is relevant to the hard problems are privacy, metrics and composability.
Support Vector Machines 2016 (all)
The Support Vector Machine (SVM) algorithm has been used to analyze data for classification and to perform regression analysis. For the Science of Security community, SVM is related to machine learning and relevant to solving the hard problems of composability, resilience and predictive metrics.
Swarm Intelligence is a concept using the metaphor of insect colonies to describe decentralized, self-organized systems. The method is often used in artificial intelligence, and there are about a dozen variants ranging from ant colony optimization to stochastic diffusion. For cybersecurity, these systems have significant value both offensively and defensively. For the Science of Security, swarm intelligence relates to composability and compositionality.
Theoretical Cryptography 2016 (all)
Cryptography can only exist if there is a mathematical hardness to it constructed to maintain a desired functionality, even under malicious attempts to change or destroy the prescribed functionality. The foundations of theoretical cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural ``security concerns' mathematically using probability-based definitions, various constructions, complexity theoretic primitives and proofs of security. For the Science of Security community, this work is relevant to the broad problem of developing a science, as well as contributing to the solution of the hard problems of composability and compositionality.
Trust routing schemes are a key component for building resilient architectures and for composable and scalable security systems.
Virtualization Privacy 2016 (all)
Virtualization is seen as a means of enhancing security by maintaining a gap between the end user and the host. But privacy or virtual data is a growing problem, especially when the virtual system is in the Cloud. For the Science of Security community, virtualization privacy is related to the hard problems of resilience, composability, metrics, and privacy, an issue in human behavior.
The creation of trust across networks is an important aspect of cybersecurity. Current research is focusing on graph theory as a means to develop a “web of trust.” For the Science of Security community, resiliency and composability are related hard problems.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
Select a hard problem to retrieve related publications.
- - Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
- - Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
- - Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
- - Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
- - Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.