Pub Crawl - December 2023
Selections by dgoff
Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
As the power of digital signal processors has increased, adaptive filters are now routinely used in many devices as varied as mobile phones, printers, cameras, power systems, GPS devices and medical monitoring equipment. An adaptive filter uses an optimization algorithm in a system with a linear filter to adjust parameters that have a transfer function controlled by variable parameter. Because of the complexity of the optimization algorithms, most of these adaptive filters are digital filters. They are required for some applications because some parameters of the desired processing operation are not known in advance or are changing. The works cited here are articles about adaptive filtering as it relates to the Science of Security hard problems of scalability, resilience, and metrics.
Advanced Persistent Threat 2022 
(all)
Advanced persistent threats are the subject of considerable research of interest to the Science of Security community. Research areas address the hard problems of human behavior, scalability, resilience, and metrics.
The need to understand adversarial behavior in light of new technologies is always important. Using models to understand their behavior is an important element in the Science of Security, particularly in the context of threats to privacy—data privacy, location, privacy, and other forms. It relates to the hard problems of human behavior, resiliency, and scalability.
Minimizing privacy risk is one of the major problems in the development of social media and hand-held smart phone technologies, vehicle ad hoc networks, and wireless sensor networks. For the Science of Security community, the research issues addressed relate to the hard problems of resiliency, composability, metrics, and human behavior.
Information Theoretic Security 2022 
(all)
A cryptosystem is said to be information-theoretically secure if its security derives purely from information theory and cannot be broken even when the adversary has unlimited computing power. For example, the one-time pad is an information-theoretically secure cryptosystem proven by Claude Shannon, inventor of information theory, to be secure. Information-theoretically secure cryptosystems are often used for the most sensitive communications such as diplomatic cables and high-level military communications, because of the great efforts enemy governments expend toward breaking them. Because of this importance, methods, theory and practice in information theory security also remains high. It is fundamentally related to the concept of Science of Security and all the hard problems.
Provenance refers to information about the origin and activities of system data and processes. With the growth of shared services and systems, including social media, cloud computing, and service-oriented architectures, finding tamperproof methods for tracking files is a major challenge. Provenance is important to the Science of Security relative to human behavior, metrics, resilience, and composability.
QR codes are used to store information in two dimensional grids which can be decoded quickly. The work here deals with extending its encoding and decoding implementation for user authentication and access control as well as tagging. For the Science of Security community, the work is relevant to cyber physical systems, cryptography, and resilience.
Quantum Computing Security 2022 (all)
While quantum computing is still in its early stage of development, large-scale quantum computers promise to be able to solve certain problems much more quickly than any classical computer using the best currently known algorithms. Quantum algorithms, such as Simon's algorithm, run faster than any possible probabilistic classical algorithm. For the Science of Security, the speed, capacity, and flexibility of qubits over digital processing offers still greater promise and relate to the hard problems of resilience, predictive metrics and composability. To the Science of Security community, they are interest in terms of scalability.
Science of Security 2022 (all)
The Science of Security is the general topic for defining a rigorous systematic approach to addressing cybersecurity issues, including technical, policy, and human issues. It touches on all five of the Hard Problems.
As systems become larger and more complex, the surface that hackers can attack also grows. Is this set of recent research articles, topics are explored that include smartphone malware, zero-day polymorphic worm detection, source identification, drive-by download attacks, two-factor face authentication, semantic security, and code structures. Of particular interest to the Science of Security community are the research articles focused on measurement and on privacy.
Time Frequency Analysis and Security 2022 (all)
Time-frequency analysis is a useful method that allows simultaneous consideration of both the time and frequency domains. It is useful to the Science of Security community for analysis in cyber-physical systems and toward solving the hard problems of resilience, predictive metrics, and scalability.
Trojan Horse Detection 2022 (all)
Detection and neutralization of hardware-embedded Trojans is a difficult problem. Current research is attempting to find ways to develop detection methods and processes and to automate the process. This research is relevant to cyber physical systems security, resilience and composability, as well as being an issue in supply chain security.
Trusted Platform Modules 2022 (all)
A Trusted Platform Module (TPM) is a computer chip that can securely store artifacts used to authenticate a network or platform. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Interest in TPMs is growing due to their potential for solving hard problems in security such as composability and cyber-physical system security and resilience.
Trust routing schemes are a key component for building resilient architectures and for composable and scalable security systems.
Trustworthiness is created in information security through cryptography to assure the identity of external parties. They are essential to cybersecurity and to the Science of Security hard problem of composability.
Trustworthy Systems 2022 (all)
Trust is created in information security to assure the identity of external parties. Trustworthy systems are a key element in the security of cyber physical systems, resiliency, and composability.
Two Factor Authentication 2022 (all)
Two factor authentication or 2FA is regarded as a solution to common attacks. However, it sometimes becomes a form of bait for attackers because it is often used to secure high value information. For the Science of Security community, it is relevant to the hard problem of human factors.
Ubiquitous Computing Security 2022 (all)
Ubiquitous computing is a concept in software engineering and computer science where computing is made to appear anytime and everywhere. In contrast to desktop computing, ubiquitous computing can occur using any device, in any location, and in any format. Incorporating all aspects of the cyber world, including the internet, the processor, the Cloud, and so on, ubiquitous computing has significant security challenges. The Science of Security community, the work cited here is relevant to scalability, metrics, human factors and resilience.
Underwater Networks 2022 (all)
Underwater networks have some unique security issues related to the environment they operate in. For the Science of security community, the research conducted and presented here is relevant to cyber-physical systems and work on resiliency, metrics, and scalability.
User Privacy in the Cloud 2022 (all)
Privacy is a major problem for distributed file systems, that is, in the Cloud. For the Science of Security community, this work is relevant to scalability, resilience, and metrics.
Video surveillance is a fast growing area of public security. With it have come policy issues related to privacy. Technical issues and opportunities have also arisen, including the potential to use advanced methods to provide positive identification, abnormal behaviors in crowds, intruder detection, and information fusion with other data. For the Science of Security community, it is relevant to human behavior, metrics, and resiliency.
Virtualization Privacy 2022 (all)
Virtualization is seen as a means of enhancing security by maintaining a gap between the end user and the host. But privacy or virtual data is a growing problem, especially when the virtual system is in the Cloud. For the Science of Security community, virtualization privacy is related to the hard problems of resilience, composability, metrics, and privacy, an issue in human behavior.
Virtualization Security 2022 (all)
Virtualization is seen as a means of enhancing security by maintaining a gap between the end user and the host. But security of the virtual data is a growing problem, especially when the virtual system is in the Cloud. For the Science of Security community, virtualization security is related to the hard problems of resilience, composability, metrics, and privacy, an issue in human behavior.
Virtual Machine Security 2022 (all)
Arguably, virtual machines are more secure than actual machines. This idea is based on the notion that an attacker cannot jump the gap between the virtual and the actual. The growth of interest in cloud computing suggest it is time for a fresh look at the vulnerabilities in virtual machines. In the articles presented below, security concerns are addressed in some interesting ways. For the Science of Security community, virtualization is related to composability, resiliency, cyber physical systems, and cryptography.
Visible Light Security 2022 (all)
Visible light communication (VLC) offers an unregulated and free light spectrum and potentially could be a solution for overcoming overcrowded radio spectrum, especially for wireless communication systems, and doing it securely. For the Science of Security community, this work is relevant to resiliency, scalability, and metrics.
Vulnerability Detection 2022 (all)
Vulnerability detection is a topic for which a great deal of research is being done. For the Science of Security community, vulnerability detection research is relevant to human behavior, resiliency, compositionality, and metrics.
The proliferation of personal wearable devices to track athletic performance and their adaptation and adaptation for health monitoring presents challenges for security. The small processing power and storage and the potential for compromise have stimulated research. For the Science of Security community, this research is relevant to the hard problems of human behavior and privacy, resiliency, and scalability.
Web Caching Security 2022 (all)
Web caches offer a potential for mischief. With the expanded need for caching capability with the cloud and mobile communications, the need for more and better security has also grown. This research is relevant to the Science of Security hard problems of resilience, scalability, and metrics.
The creation of trust across networks is an important aspect of cybersecurity. Much of current research is focusing on graph theory as a means to develop a “web of trust.” For the Science of Security community, resiliency and composability are related hard problems.
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests for removal via email of the links or modifications to specific citations. Please include the URL of the specific citation in your correspondence.
Pub Crawl contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security community.
How recent are these publications?
These bibliographies include recent scholarly research on topics that have been presented or published within the stated year. Some represent updates from work presented in previous years; others are new topics.
How are topics selected?
The specific topics are selected from materials that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers.
How can I submit or suggest a publication?
Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.
What are the hard problems?
The Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gauge progress. These 5 were selected for their level of technical challenge, their potential operational significance, and their likelihood of benefiting from emphasis on scientific research methods and improved measurement capabilities. The five are not intended to be all inclusive of everything that needs to be done in cybersecurity but rather five specific areas that need scientific progress. The five problems are: Scalability and Composability; Policy-Governed Secure Collaboration; Security Metrics Driven Evaluation, Design, Development, and Deployment; Resilient Architectures; and Understanding and Accounting for Human Behavior.
Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.