Biblio

The papers in this special section focus on network science for high confidence cyber-physical systems (CPS) Here CPS refers to the engineered systems that can seamlessly integrate the physical world with the cyber world via advanced computation and communication capabilities. To enable high-confidence CPS for achieving better benefits as well as supporting emerging applications, network science-based theories and methodologies are needed to cope with the ever-growing complexity of smart CPS, to predict the system behaviors, and to model the deep inter-dependencies among CPS and the natural world. The major objective of this special section is to exploit various network science techniques such as modeling, analysis, mining, visualization, and optimization to advance the science of supporting high-confidence CPS for greater assurances of security, safety, scalability, efficiency, and reliability. These papers bring a timely and important research topic. The challenges and opportunities of applying network science approaches to high-confidence CPS are profound and far-reaching.

In Bitcoin's incentive system that supports open mining pools, block withholding attacks incur huge security threats. In this paper, we investigate the mutual attacks among pools as this determines the macroscopic utility of the whole distributed system. Existing studies on pools' interactive attacks usually employ the conventional game theory, where the strategies of the players are considered pure and equal, neglecting the existence of powerful strategies and the corresponding favorable game results. In this study, we take advantage of the Zero-Determinant (ZD) strategy to analyze the block withholding attack between any two pools, where the ZD adopter has the unilateral control on the expected payoffs of its opponent and itself. In this case, we are faced with the following questions: who can adopt the ZD strategy? individually or simultaneously? what can the ZD player achieve? In order to answer these questions, we derive the conditions under which two pools can individually or simultaneously employ the ZD strategy and demonstrate the effectiveness. To the best of our knowledge, we are the first to use the ZD strategy to analyze the block withholding attack among pools.

\textbackslashtextbackslashtextitBackground: JavaScript frameworks are widely used to create client-side and server-side parts of contemporary web applications. Vulnerabilities like cross-site scripting introduce significant risks in web applications.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitAim: The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitMethod: In this paper, we present four locations in an application, relative to the framework being used, where a mitigation can be applied. We perform an empirical study of JavaScript applications that use the three most common template engines: Jade/Pug, EJS, and Angular. Using automated and manual analysis of each group of applications, we identify the number of projects vulnerable to cross-site scripting, and the number of vulnerabilities in each project, based on the framework used.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitResults: We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitConclusions: The location of the mitigation impacts the application's security posture, with mitigations placed within the framework resulting in more secure applications.

The huge amount of sensory data collected from mobile devices has offered great potentials to promote more significant services based on user data extracted from sensor readings. However, releasing user data could also seriously threaten user privacy. It is possible to directly collect sensitive information from released user data without user permissions. Furthermore, third party users can also infer sensitive information contained in released data in a latent manner by utilizing data mining techniques. In this paper, we formally define these two types of threats as inherent data privacy and latent data privacy and construct a data-sanitization strategy that can optimize the tradeoff between data utility and customized two types of privacy. The key novel idea lies that the developed strategy can combat against powerful third party users with broad knowledge about users and launching optimal inference attacks. We show that our strategy does not reduce the benefit brought by user data much, while sensitive information can still be protected. To the best of our knowledge, this is the first work that preserves both inherent data privacy and latent data privacy.