Biblio

Found 19604 results

2014-09-26
Kashyap, V., Wiedermann, B., Hardekopf, B..  2011.  Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach. Security and Privacy (SP), 2011 IEEE Symposium on. :413-428.

Secure information flow guarantees the secrecy and integrity of data, preventing an attacker from learning secret information (secrecy) or injecting untrusted information (integrity). Covert channels can be used to subvert these security guarantees, for example, timing and termination channels can, either intentionally or inadvertently, violate these guarantees by modifying the timing or termination behavior of a program based on secret or untrusted data. Attacks using these covert channels have been published and are known to work in practiceâ as techniques to prevent non-covert channels are becoming increasingly practical, covert channels are likely to become even more attractive for attackers to exploit. The goal of this paper is to understand the subtleties of timing and termination-sensitive noninterference, explore the space of possible strategies for enforcing noninterference guarantees, and formalize the exact guarantees that these strategies can enforce. As a result of this effort we create a novel strategy that provides stronger security guarantees than existing work, and we clarify claims in existing work about what guarantees can be made.

2017-05-16
Cortier, Veronique, Warinschi, Bogdan.  2011.  A Composable Computational Soundness Notion. Proceedings of the 18th ACM conference on Computer and communications security. :63–74.

Computational soundness results show that under certain conditions it is possible to conclude computational security whenever symbolic security holds. Unfortunately, each soundness result is usually established for some set of cryptographic primitives and extending the result to encompass new primitives typically requires redoing most of the work. In this paper we suggest a way of getting around this problem. We propose a notion of computational soundness that we term deduction soundness. As for other soundness notions, our definition captures the idea that a computational adversary does not have any more power than a symbolic adversary. However, a key aspect of deduction soundness is that it considers, intrinsically, the use of the primitives in the presence of functions specified by the adversary. As a consequence, the resulting notion is amenable to modular extensions. We prove that a deduction sound implementation of some arbitrary primitives can be extended to include asymmetric encryption and public data-structures (e.g. pairings or list), without repeating the original proof effort. Furthermore, our notion of soundness concerns cryptographic primitives in a way that is independent of any protocol specification language. Nonetheless, we show that deduction soundness leads to computational soundness for languages (or protocols) that satisfy a so called commutation property.

2014-10-01
Vorobeychik, Yevgeniy, Mayo, Jackson R., Armstrong, Robert C., Ruthruff, Joseph R..  2011.  Noncooperatively Optimized Tolerance: Decentralized Strategic Optimization in Complex Systems. Phys. Rev. Lett.. 107:108702.

We introduce noncooperatively optimized tolerance (NOT), a game theoretic generalization of highly optimized tolerance (HOT), which we illustrate in the forest fire framework. As the number of players increases, NOT retains features of HOT, such as robustness and self-dissimilar landscapes, but also develops features of self-organized criticality. The system retains considerable robustness even as it becomes fractured, due in part to emergent cooperation between players, and at the same time exhibits increasing resilience against changes in the environment, giving rise to intermediate regimes where the system is robust to a particular distribution of adverse events, yet not very fragile to changes.

2019-12-18
Zadig, Sean M., Tejay, Gurvirender.  2010.  Securing IS assets through hacker deterrence: A case study. 2010 eCrime Researchers Summit. :1–7.
Computer crime is a topic prevalent in both the research literature and in industry, due to a number of recent high-profile cyber attacks on e-commerce organizations. While technical means for defending against internal and external hackers have been discussed at great length, researchers have shown a distinct preference towards understanding deterrence of the internal threat and have paid little attention to external deterrence. This paper uses the criminological thesis known as Broken Windows Theory to understand how external computer criminals might be deterred from attacking a particular organization. The theory's focus upon disorder as a precursor to crime is discussed, and the notion of decreasing public IS disorder to create the illusion of strong information systems security is examined. A case study of a victim e-commerce organization is reviewed in light of the theory and implications for research and practice are discussed.
2021-04-08
Chrysikos, T., Dagiuklas, T., Kotsopoulos, S..  2010.  Wireless Information-Theoretic Security for moving users in autonomic networks. 2010 IFIP Wireless Days. :1–5.
This paper studies Wireless Information-Theoretic Security for low-speed mobility in autonomic networks. More specifically, the impact of user movement on the Probability of Non-Zero Secrecy Capacity and Outage Secrecy Capacity for different channel conditions has been investigated. This is accomplished by establishing a link between different user locations and the boundaries of information-theoretic secure communication. Human mobility scenarios are considered, and its impact on physical layer security is examined, considering quasi-static Rayleigh channels for the fading phenomena. Simulation results have shown that the Secrecy Capacity depends on the relative distance of legitimate and illegitimate (eavesdropper) users in reference to the given transmitter.
2018-05-14
2018-05-27
2018-06-04
2018-05-27
Manqi Zhao, Venkatesh Saligrama.  2010.  On compressed blind de-convolution of filtered sparse processes. Proceedings of the {IEEE} International Conference on Acoustics, Speech, and Signal Processing, {ICASSP} 2010, 14-19 March 2010, Sheraton Dallas Hotel, Dallas, Texas, {USA}. :4038–4041.
2019-09-24
Barford, Paul, Dacier, Marc, Dietterich, Thomas G., Fredrikson, Matt, Giffin, Jon, Jajodia, Sushil, Jha, Somesh, Li, Jason, Liu, Peng, Ning, Peng et al..  2010.  Cyber SA: Situational Awareness for Cyber Defense. Cyber Situational Awareness: Issues and Research. 46:3–13.

Cyber SA is described as the current and predictive knowledge of cyberspace in relation to the Network, Missions and Threats across friendly, neutral and adversary forces. While this model provides a good high-level understanding of Cyber SA, it does not contain actionable information to help inform the development of capabilities to improve SA. In this paper, we present a systematic, human-centered process that uses a card sort methodology to understand and conceptualize Senior Leader Cyber SA requirements. From the data collected, we were able to build a hierarchy of high- and low- priority Cyber SA information, as well as uncover items that represent high levels of disagreement with and across organizations. The findings of this study serve as a first step in developing a better understanding of what Cyber SA means to Senior Leaders, and can inform the development of future capabilities to improve their SA and Mission Performance.

2018-05-14
2018-05-27
2018-06-04
2017-05-18
Chan, Ellick, Venkataraman, Shivaram, David, Francis, Chaugule, Amey, Campbell, Roy.  2010.  Forenscope: A Framework for Live Forensics. Proceedings of the 26th Annual Computer Security Applications Conference. :307–316.

Current post-mortem cyber-forensic techniques may cause significant disruption to the evidence gathering process by breaking active network connections and unmounting encrypted disks. Although newer live forensic analysis tools can preserve active state, they may taint evidence by leaving footprints in memory. To help address these concerns we present Forenscope, a framework that allows an investigator to examine the state of an active system without the effects of taint or forensic blurriness caused by analyzing a running system. We show how Forenscope can fit into accepted workflows to improve the evidence gathering process. Forenscope preserves the state of the running system and allows running processes, open files, encrypted filesystems and open network sockets to persist during the analysis process. Forenscope has been tested on live systems to show that it does not operationally disrupt critical processes and that it can perform an analysis in less than 15 seconds while using only 125 KB of memory. We show that Forenscope can detect stealth rootkits, neutralize threats and expedite the investigation process by finding evidence in memory.

2018-05-27
Mahdi Cheraghchi, Amin Karbasi, Soheil Mohajer, Venkatesh Saligrama.  2010.  Graph-constrained group testing. {IEEE} International Symposium on Information Theory, {ISIT} 2010, June 13-18, 2010, Austin, Texas, USA, Proceedings. :1913–1917.
2018-05-23
2018-06-04
Heaslip, Kevin, Jones, Josh, Harpst, Tim, Bolling, Doyt.  2010.  Implementation of road safety audit recommendations: case study in Salt Lake City, Utah. Transportation Research Record: Journal of the Transportation Research Board. :105–112.
2018-05-27
Shuchin Aeron, Venkatesh Saligrama, Manqi Zhao.  2010.  Information theoretic bounds for compressed sensing. {IEEE} Trans. Information Theory. 56:5111–5130.
2018-06-04