Biblio

Accountability is the property of a system that enables the uncovering of causes for events and helps understand who or what is responsible for these events. Definitions and interpretations of accountability differ; however, they are typically expressed in natural language that obscures design decisions and the impact on the overall system. This paper presents a formal model to express the accountability properties of cyber-physical systems. To illustrate the usefulness of our approach, we demonstrate how three different interpretations of accountability can be expressed using the proposed model and describe the implementation implications through a case study. This formal model can be used to highlight context specific-elements of accountability mechanisms, define their capabilities, and express different notions of accountability. In addition, it makes design decisions explicit and facilitates discussion, analysis and comparison of different approaches.

The Knight Foundation performed an analysis on the spread of fake news via Twitter before and after the 2016 U.S. election campaign. Evidence suggests that most accounts used to spread fake or conspiracy news during this time were bots or semi-automated accounts.

Mathematicians revealed a mathematical model of fake news. This model can be used to help lawmakers mitigate the impact of fake news.

Computer scientists at Binghamton University are working to increase the effectiveness of cyber deception tools against malicious hackers. Cyber deception is a security defense method that can be used to detect, deceive, and lure attackers away from sensitive data once they have infiltrated a system. Researchers want to improve the consistency of deception. The goal is to reduce the use of ‘bad lies’ in cyber deception. 

Twitter bots played a significant role in the spread of misinformation during the 2016 U.S. presidential election. People often deem messages trustworthy when they appear to be shared by many sources. The research behind this discovery highlights the amplification of misinformation through the use of bots.

Blockchains are one solution for secure distributed interaction, but security vulnerabilities have already been exposed in existing programs. Obsidian, a new blockchain programming language, seeks to prevent some of these vulnerabilities using typestate and linearity. We evaluate the current design of Obsidian by implementing a blockchain application for parametric insurance as a case study. We compare this implementation to one written in Solidity, and find that Obsidian can provide stronger safety guarantees.

Blockchains are one solution for secure distributed interaction, but security vulnerabilities have already been exposed in existing programs. Obsidian, a new blockchain programming language, seeks to prevent some of these vulnerabilities using typestate and linearity. We evaluate the current design of Obsidian by implementing a blockchain application for parametric insurance as a case study. We compare this implementation to one written in Solidity, and find that Obsidian can provide stronger safety guarantees.

The manipulation of social media metadata by bad actors for the purpose of creating more powerful disinformation campaigns was explored. It has been argued that disinformation campaigns can be detected and combatted by understanding data craft.

Approaches for programming language design used commonly in the research community today center around theoretical and performance-oriented evaluation. Recently, researchers have been considering more approaches to language design, including the use of quantitative and qualitative user studies that examine how different designs might affect programmers. In this paper, we argue for an interdisciplinary approach that incorporates many different methods in the creation and evaluation of programming languages. We argue that the addition of user-oriented design techniques can be helpful at many different stages in the programming language design process.

This article is the second in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the central role that authenticity plays in the establishment of deception as a practical defense and cyber risk reduction measure.

The primary functional computing requirements for achieving authenticity in deployed deception can be listed as follows: Interface, Performance, Content, Access, and Behavior.
 

According to a report released by Menlo Security, the padlock in a browser's URL bar gives users a false sense of security as cloud hosting services are being used by attackers to host malware droppers. The use of this tactic allows attackers to hide the origin of their attacks and further evade detection. The exploitation of trust is a major component of such attacks.

Due to the evolution of programming languages, interpreted languages have gained widespread use in scientific and research computing. Interpreted languages excel at being portable, easy to use, and fast in prototyping than their ahead-of-time (AOT) counterparts, including C, C++, and Fortran. While traditionally considered as slow to execute, advancements in Just-in-Time (JIT) compilation techniques have significantly improved the execution speed of interpreted languages and in some cases outperformed AOT languages. In this paper, we explore some challenges and design strategies in developing a high performance parallel discrete event simulation engine, called Simian, written with interpreted languages with JIT capabilities, including Python, Lua, and Javascript. Our results show that Simian with JIT performs similarly to AOT simulators, such as MiniSSF and ROSS. We expect that with features like good performance, userfriendliness, and portability, the just-in-time parallel simulation will become a common choice for modeling and simulation in the near future.
 

Adaptive systems are expected to adapt to unanticipated run-time events using imperfect information about themselves, their environment, and goals. This entails handling the effects of uncertainties in decision-making, which are not always considered as a first-class concern. This paper contributes a formal analysis technique that explicitly considers uncertainty in sensing when reasoning about the best way to adapt, together with uncertainty reduction mechanisms to improve system utility. We illustrate our approach on a Denial of Service (DoS) attack scenario and present results that demonstrate the benefits of uncertainty-aware decision-making in comparison to using an uncertainty-ignorant approach, both in the presence and absence of uncertainty reduction mechanisms.

The evolution of modern enterprise networking has progressed to the point where two conditions make deception an important and urgent control to introduce to a target environment now: Inevitability of attacks and Context-awareness of attacks.

A malware attack that disrupted the opening ceremony of the 2018 Winter Olympics highlights false flag operations. The malware called the "Olympic Destroyer" contained code deriving from other well-known attacks launched by different hacking groups. This lead different cybersecurity companies to accuse Russia, North Korea, Iran, or China.

Hackers often perform deception through the use of false flag operations. False flags allow nation-state actors to pose as others in order to further complicate attribution. Russian hackers planted destructive malware, called the "Olympic Destroyer", which contained code deriving from other well-known attacks launched by different hacking groups. This discovery highlights the evolution of deceptive tactics used by hackers.  

In addition to luring attackers away from your real assets, deception tools trick attackers into revealing their hands early. With deception systems, there is no question of false positives and false alerts. 

Stormwater infrastructure is required to safely manage uncertain precipitation events of varying intensity, while protecting natural ecosystems, under restricted financial budgets. In practice, candidate designs for stormwater detention or retention systems are commonly evaluated assuming that a given system operates independently from nearby systems and is initially empty prior to an extreme storm event. In recent work, we demonstrate the use of a control-theoretic method, called reachability analysis, to provide a more realistic design-phase indicator of system performance [1]. In particular, reachability analysis predicts the response of a dynamically-coupled stormwater storage network to a deterministic storm event under a wide range of initial conditions simultaneously [1]. The outcomes of this analysis can be viewed as measures of system robustness that inform the evaluation of safety-critical design choices [1]. Here we discuss how to extend the recent work to incorporate the stochastic nature of surface runoff. We represent surface runoff as a random disturbance to a dynamic system model of a stormwater storage network. Using a probability distribution of surface runoff derived from a Monte Carlo method, we apply an existing algorithm [2] for stochastic reachability analysis to the problem of designing robust stormwater storage systems. We discuss particular advantages and disadvantages of using stochastic reachability analysis, deterministic reachability analysis, or random sampling to assess system robustness.

The possible interactions between a controller and its environment can naturally be modelled as the arena of a two-player game, and adding an appropriate winning condition permits to specify desirable behavior. The classical model here is the positional game, where both players can (fully or partially) observe the current position in the game graph, which in turn is indicative of their mutual current states. In practice, neither sensing or actuating the environment through physical devices nor data forwarding to and signal processing in the controller are instantaneous. The resultant delays force the controller to draw decisions before being aware of the recent history of a play. It is known that existence of a winning strategy for the controller in games with such delays is decidable over finite game graphs and with respect to ω-regular objectives. The underlying reduction, however, is impractical for non-trivial delays as it incurs a blow-up of the game graph which is exponential in the magnitude of the delay. For safety objectives, we propose a more practical incremental algorithm synthesizing a series of controllers handling increasing delays and reducing game-graph size in between. It is demonstrated using benchmark examples that even a simplistic explicit-state implementation of this algorithm outperforms state-of-the-art symbolic synthesis algorithms as soon as non-trivial delays have to be handled. We furthermore shed some light on the practically relevant case of non-order-preserving delays, as arising in actual networked control, thereby considerably extending the scope of regular game theory under delay pioneered by Klein and Zimmermann.

The Tularosa study was designed to understand how defensive deception—including both cyber and psychological—affects cyber attackers. Over 130 red teamers participated in a network penetration test over two days in which we controlled both the presence of and explicit mention of deceptive defensive techniques. To our knowledge, this represents the largest study of its kind ever conducted on a professional red team population. The design was conducted with a battery of questionnaires (e.g., experience, personality, etc.) and cognitive tasks (e.g., fluid intelligence, working memory, etc.), allowing for the characterization of a "typical" red teamer, as well as physiological measures (e.g., galvanic skin response, heart rate, etc.) to be correlated with the cyber events. This paper focuses on the design, implementation, population characteristics, lessons learned, and planned analyses.

Enterprises and their Security Operations Centers (SOCs) are under siege. Security events are being triggered from all corners of the security stack – from the firewall, endpoints, and servers, from intrusion detection systems and other security solutions.

Here are the five ways deception tech is disrupting cybersecurity:
•    Maximum accuracy with minimal human investment
•    Get personal with your business
•    Ensure a post-breach defense for any type of attack
•    Triggers threat hunting operations
•    Empowers organizations towards strategy and active defense
 

Due to the increase in use of automation and virtualization, deception technology may make inroads into healthcare. This article is about one pharmaceutical company's approach to using the deception technology.

Deception technology gives defenders a rare advantage against attackers by doing something that other forms of cybersecurity don’t, it provides early and accurate detection by laying a minefield of attractive decoy systems and content to trip up attackers.

Deception has been a key tactic in warfare since the ancient days. The growing frequency and complexity of cyberattacks has created the potential for cyber warfare.  Deception has become an important tactic in cyber defense as it allows security teams to learn more about the techniques and tools used by attackers as well as the weaknesses of organizations’ defense approaches.