Biblio

Dynamic Information Flow Tracking (DIFT) has been proposed to detect stealthy and persistent cyber attacks that evade existing defenses such as firewalls and signature-based antivirus systems. A DIFT defense taints and tracks suspicious information flows across the network in order to identify possible attacks, at the cost of additional memory overhead for tracking non-adversarial information flows. In this paper, we present the first analytical model that describes the interaction between DIFT and adversarial information flows, including the probability that the adversary evades detection and the performance overhead of the defense. Our analytical model consists of a multi-stage game, in which each stage represents a system process through which the information flow passes. We characterize the optimal strategies for both the defense and adversary, and derive efficient algorithms for computing the strategies. Our results are evaluated on a realworld attack dataset obtained using the Refinable Attack Investigation (RAIN) framework, enabling us to draw conclusions on the optimal adversary and defense strategies, as well as the effect of valid information flows on the interaction between adversary and defense.

Cloud computing is an innovative mechanism to optimize computing and storage resource utilization. Due to its cost-saving, high-efficiency advantage, the technology receives wide adoption from IT industries. However, the frequent emergences of security events become the heaviest obstacle for its advancement. The multi-layer and distributive characteristics of cloud computing make IT admins compulsively collect all necessary situational information at cloud runtime if they want to grasp the panoramic secure state, hereby practice configuration management and emergency response methods when necessary. On the other hand, technologies such as elastic resource pooling, dynamic load balancing and virtual machine real-time migration complicate the difficulty of data gathering, where secure information may come from virtual machine hypervisor, network accounting or host monitor proxies. How to classify, arrange, standardize and visualize these data turns into the most crucial issue for cloud computing security situation awareness and presentation. This dissertation borrows traditional fashion of data visualization to integrate into cloud computing features, proposes a new method for aggregating and displaying secure information which IT admins concern, and expects that by method realization cloud security monitor/management capabilities could be notably enhanced.

The interconnection of networks between several techno-socio-economic sectors such as energy, transport, and communication, questions the manageability and resilience of the digital society. System interdependencies alter the fundamental dynamics that govern isolated systems, which can unexpectedly trigger catastrophic instabilities such as cascading failures. This paper envisions a general-purpose, yet simple prototyping of self-management software systems that can turn system interdependencies from a cause of instability to an opportunity for higher resilience. Such prototyping proves to be challenging given the highly interdisciplinary scope of interdependent networks. Different system dynamics and organizational constraints such as the distributed nature of interdependent networks or the autonomy and authority of system operators over their controlled infrastructure perplex the design for a general prototyping approach, which earlier work has not yet addressed. This paper contributes such a modular design solution implemented as an open source software extension of SFINA, the Simulation Framework for Intelligent Network Adaptations. The applicability of the software artifact is demonstrated with the introduction of a novel self-healing mechanism for interdependent power networks, which optimizes power flow exchanges between a damaged and a healer network to mitigate power cascading failures. Results show a significant decrease in the damage spread by self-healing synergies, while the degree of interconnectivity between the power networks indicates a tradeoff between links survivability and load served. The contributions of this paper aspire to bring closer several research communities working on modeling and simulation of different domains with an economic and societal impact on the resilience of real-world interdependent networks.

Threat modeling is one of the best practices to secure software development. A primary challenge for using this practice is how to extract threats. Existing threat extraction methods to this purpose are mainly based on penetration tests or vulnerability databases. This imposes a non-automated timeconsuming process, which fully relies on the human knowledge and expertise. In this paper, a method is presented, which can extract the threats to a software system based on the existing description of the software behavior. We elaborately describe software behavior with sequence diagrams enriched by security relevant attributes. To enrich a sequence diagram, some attributes and their associated values are added to the diagram elements and the communication between them. We have also developed a threat knowledge base from reliable sources such as CWE and CAPEC lists. Every threat in the knowledge base is described according to its occurrence conditions in the software. To extract threats of a software system, the enriched sequence diagrams describing the software behavior are matched with the threat rules in our knowledge base using a simple inference process. Results in a set of potential threats for the software system. The proposed method is applied on a software application to extract its threats. Our case study indicates the effectiveness of the proposed method compared to other existing methods.

On cloud computing systems consisting of task queuing and resource allocations, it is essential but hard to model and evaluate the global performance. In most of the models, researchers use a stochastic process or several stochastic processes to describe a real system. However, due to the absence of theoretical conclusions of any arbitrary stochastic processes, they approximate the complicated model into simple processes that have mathematical results, such as Markov processes. Our purpose is to give a universal method to deal with common stochastic processes as long as the processes can be expressed in the form of transition matrix. To achieve our purpose, we firstly prove several theorems about the convergence of stochastic matrices to figure out what kind of matrix-defined systems has steady states. Furthermore, we propose two strategies for measuring the rate of convergence which reflects how fast the system would come to its steady state. Finally, we give a method for reducing a stochastic matrix into smaller ones, and perform some experiments to illustrate our strategies in practice.

Detecting fake accounts (sybils) in online social networks (OSNs) is vital to protect OSN operators and their users from various malicious activities. Typical graph-based sybil detection (a mainstream methodology) assumes that sybils can make friends with only a limited (or small) number of honest users. However, recent evidences showed that this assumption does not hold in real-world OSNs, leading to low detection accuracy. To address this challenge, we explore users' activities to assist sybil detection. The intuition is that honest users are much more selective in choosing who to interact with than to befriend with. We first develop the social and activity network (SAN), a two-layer hyper-graph that unifies users' friendships and their activities, to fully utilize users' activities. We also propose a more practical sybil attack model, where sybils can launch both friendship attacks and activity attacks. We then design Sybil SAN to detect sybils via coupling three random walk-based algorithms on the SAN, and prove the convergence of Sybil SAN. We develop an efficient iterative algorithm to compute the detection metric for Sybil SAN, and derive the number of rounds needed to guarantee the convergence. We use "matrix perturbation theory" to bound the detection error when sybils launch many friendship attacks and activity attacks. Extensive experiments on both synthetic and real-world datasets show that Sybil SAN is highly robust against sybil attacks, and can detect sybils accurately under practical scenarios, where current state-of-art sybil defenses have low accuracy.

Whatever one public cloud, private cloud or a mixed cloud, the users lack of effective security quantifiable evaluation methods to grasp the security situation of its own information infrastructure on the whole. This paper provides a quantifiable security evaluation system for different clouds that can be accessed by consistent API. The evaluation system includes security scanning engine, security recovery engine, security quantifiable evaluation model, visual display module and etc. The security evaluation model composes of a set of evaluation elements corresponding different fields, such as computing, storage, network, maintenance, application security and etc. Each element is assigned a three tuple on vulnerabilities, score and repair method. The system adopts ``One vote vetoed'' mechanism for one field to count its score and adds up the summary as the total score, and to create one security view. We implement the quantifiable evaluation for different cloud users based on our G-Cloud platform. It shows the dynamic security scanning score for one or multiple clouds with visual graphs and guided users to modify configuration, improve operation and repair vulnerabilities, so as to improve the security of their cloud resources.

A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools.

Machine learning (ML) models are often trained using private datasets that are very expensive to collect, or highly sensitive, using large amounts of computing power. The models are commonly exposed either through online APIs, or used in hardware devices deployed in the field or given to the end users. This provides an incentive for adversaries to steal these ML models as a proxy for gathering datasets. While API-based model exfiltration has been studied before, the theft and protection of machine learning models on hardware devices have not been explored as of now. In this work, we examine this important aspect of the design and deployment of ML models. We illustrate how an attacker may acquire either the model or the model architecture through memory probing, side-channels, or crafted input attacks, and propose (1) power-efficient obfuscation as an alternative to encryption, and (2) timing side-channel countermeasures.

Along with the rapid development of hardware security techniques, the revolutionary growth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this paper presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly improve the learning efficiency of physical unclonable function (PUF) modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our experimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mislabeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs.

In order to cater the growing spectrum demands of large scale future 5G Internet of Things (IoT) applications, Dynamic Spectrum Access (DSA) based networks are being proposed as a high-throughput and cost-effective solution. However the lack of understanding of DSA paradigm's inherent security vulnerabilities on IoT networks might become a roadblock towards realizing such spectrum aware 5G vision. In this paper, we make an attempt to understand how such inherent DSA vulnerabilities in particular Spectrum Sensing Data Falsification (SSDF) attacks can be exploited by collaborative group of selfish adversaries and how that can impact the performance of spectrum aware IoT applications. We design a utility based selfish adversarial model mimicking collaborative SSDF attack in a cooperative spectrum sensing scenario where IoT networks use dedicated environmental sensing capability (ESC) for spectrum availability estimation. We model the interactions between the IoT system and collaborative selfish adversaries using a leader-follower game and investigate the existence of equilibrium. Using simulation results, we show the nature of adversarial and system utility components against system variables. We also explore Pareto-optimal adversarial strategy design that maximizes the attacker utility for varied system strategy spaces.

With the capability of support mobile computing demand with small delay, fog computing has gained tremendous popularity. Nevertheless, its highly virtualized environment is vulnerable to cyber attacks such as emerging Advanced Persistent Threats attack. In this paper, we propose a novel approach of cyber risk management for the fog computing platform. Particularly, we adopt the cyber-insurance as a tool for neutralizing cyber risks from fog computing platform. We consider a fog computing platform containing a group of fog nodes. The platform is composed of three main entities, i.e., the fog computing provider, attacker, and cyber-insurer. The fog computing provider dynamically optimizes the allocation of its defense computing resources to improve the security of the fog computing platform. Meanwhile, the attacker dynamically adjusts the allocation of its attack resources to improve the probability of successful attack. Additionally, to prevent from the potential loss due to attacks, the provider also makes a dynamic decision on the purchases ratio of cyber-insurance from the cyber-insurer for each fog node. Thereafter, the cyber-insurer accordingly determines the premium of cyber-insurance for each fog node. In our formulated dynamic Stackelberg game, the attacker and provider act as the followers, and the cyber-insurer acts as the leader. In the lower level, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper level, the cyber-insurer optimizes its premium determination strategy, taking into account the evolutionary equilibrium at the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium of the dynamic Stackelberg game.

To be applicable to high user request workloads, web caching strategies benefit from low implementation and update effort. In this regard, the Least Recently Used (LRU) replacement principle is a simple and widely-used method. Despite its popularity, LRU has deficits in the achieved hit rate performance and cannot consider transport and network optimization criteria for selecting content to be cached. As a result, many alternatives have been proposed in the literature, which improve the cache performance at the cost of higher complexity. In this work, we evaluate the implementation complexity and runtime performance of LRU, Least Frequently Used (LFU), and score based strategies in the class of fast O(1) updates with constant effort per request. We implement Window LFU (W-LFU) within this class and show that O(1) update effort can be achieved. We further compare fast update schemes of Score Gated LRU and new Score Gated Polling (SGP). SGP is simpler than LRU and provides full flexibility for arbitrary score assessment per data object as information basis for performance optimization regarding network cost and quality measures.

This paper presents netsim, a combined software/hardware system for performing realtime realistic operation of autonomous underwater vehicles (AUVs) with acoustic modem telemetry in a virtual ocean environment. The design of the system is flexible to the choice of physical link hardware, allowing for the system to be tested against existing and new modems. Additionally, the virtual ocean channel simulator is designed to perform in real time by coupling less frequent asynchronous queries to high-fidelity models of the ocean environment and acoustic propagation with frequent pertubation-based updates for the exact position of the simulated AUVs. The results demonstrate the performance of this system using the WHOI Micro-Modem 2 hardware in the virtual ocean environment of the Arctic Beaufort Sea around 73 degrees latitude. The acoustic environment in this area has changed dramatically in recent years due to the changing climate.

Each year, large ground motions from earthquakes cause infrastructure damage and loss of life worldwide. Here we present a novel concept that redirects and attenuates hazardous seismic waves using an engineered seismic-muffler acting as a cloaking device. The device employs vertically-oriented, sloping-opposing boreholes or trenches to form muffler walls and is designed to: 1) reflect and divert large amplitude surface waves as a barrier, while 2) dissipating body and converted waves traveling from depth upward into the muffler duct. Seismic wave propagation models suggest that a seismic-muffler can effectively reduce broadband ground motion directly above the muffler. 3D simulations are also compared for validation with experimental data obtained from bench-scale blocks containing machined borehole arrays and trenches. Computer models are then scaled to an earth-sized model. Results suggest a devastating seismic energy magnitude 7.0-\$\textbackslashtextbackslashmathrm M\_\textbackslashtextbackslashmathrm E\$ earthquake can be reduced to less damaging magnitudes experienced in the muffler vicinity, 4.5- \$\textbackslashtextbackslashmathrm M\_\textbackslashtextbackslashmathrm E\$ (surface wave) and 5.7- \$\textbackslashtextbackslashmathrm M\_\textbackslashtextbackslashmathrm E\$ (upgoing coupling into the muffler). Our findings imply that seismic-muffler structures significantly reduce the impact of the peak ground velocity of dangerous surface waves, while, seismic transmission upward through the muffler base at depth has marginal effects.

Wireless Mesh Network (WMN) is a promising networking technology, which is cost effective, robust, easily maintainable and provides reliable service coverage. WMNs do not rely on a centralized administration and have a distributed nature in which nodes can participate in routing packets. Such design and structure makes WMNs vulnerable to a variety of security threats. Therefore, to ensure secure route discovery in WMNs, we propose a trust model which is based on Evidence- Based Subjective Logic (EBSL). The proposed trust model computes trust values of individual nodes and manages node reputation. We use watchdog detection mechanism to monitor selfish behavior in the network. A node's final trust value is calculated by aggregating the nodes direct and recommendation trust information. The proposed trust model ensures secure routing of packets by avoiding paths with untrusted nodes. The trust model is able to detect selfish behavior such as black-hole and gray-hole attacks.

As robotic capabilities improve and robots become more capable as team members, a better understanding of effective human-robot teaming is needed. In this paper, we investigate failures by robots in various team configurations in space EVA operations. This paper describes the methodology of extending and the application of Work Models that Compute (WMC), a computational simulation framework, to model robot failures, interruptions, and the resolutions they require. Using these models, we investigate how different team configurations respond to a robot's failure to correctly complete the task and overall mission. We also identify key factors that impact the teamwork metrics for team designers to keep in mind while assembling teams and assigning taskwork to the agents. We highlight different metrics that these failures impact on team performance through varying components of teaming and interaction that occur. Finally, we discuss the future implications of this work and the future work to be done to investigate function allocation in human-robot teams.

The Internet of things (IoT) is revolutionizing the management and control of automated systems leading to a paradigm shift in areas such as smart homes, smart cities, health care, transportation, etc. The IoT technology is also envisioned to play an important role in improving the effectiveness of military operations in battlefields. The interconnection of combat equipment and other battlefield resources for coordinated automated decisions is referred to as the Internet of battlefield things (IoBT). IoBT networks are significantly different from traditional IoT networks due to the battlefield specific challenges such as the absence of communication infrastructure, and the susceptibility of devices to cyber and physical attacks. The combat efficiency and coordinated decision-making in war scenarios depends highly on real-time data collection, which in turn relies on the connectivity of the network and the information dissemination in the presence of adversaries. This work aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to study the communication of mission-critical data among different types of network devices and consequently design the network in a cost effective manner.

We provide an agent based simulation model of the Swedish payment system. The simulation model is to be used to analyze the consequences of loss of functionality, or disruptions of the payment system for the food and fuel supply chains as well as the bank sector. We propose a gaming simulation approach, using a computer based role playing game, to explore the collaborative responses from the key actors, in order to evoke and facilitate collective resilience.

One of the effective ways to improve the quality of airport security (AS) is to improve the quality of management of the state of the system for countering acts of unlawful interference by intruders into the airports (SCAUI), which is a set of AS employees, technical systems and devices used for passenger screening, luggage, other operational procedures, as well as to protect the restricted areas of the airports. Proactive control of the SCAUI state includes ongoing conducting assessment of airport AS quality by experts, identification of SCAUI elements (functional state of AS employees, characteristics of technical systems and devices) that have a predominant influence on AS, and improvement of their performance. This article presents principles of the model and the method for conducting expert quality assessment of airport AS, whose application allows to increase the efficiency and quality of AS assessment by experts, and, consequently, the quality of SCAUI state control.

Cloud federations allow Cloud Service Providers (CSPs) to deliver more efficient service performance by interconnecting their Cloud environments and sharing their resources. However, the security of the federated Cloud service could be compromised if the resources are shared with relatively insecure and unreliable CSPs. In this paper, we propose a Cloud federation formation model that considers the security risk levels of CSPs. We start by quantifying the security risk of CSPs according to well defined evaluation criteria related to security risk avoidance and mitigation, then we model the Cloud federation formation process as a hedonic coalitional game with a preference relation that is based on the security risk levels and reputations of CSPs. We propose a federation formation algorithm that enables CSPs to cooperate while considering the security risk introduced to their infrastructures, and refrain from cooperating with undesirable CSPs. According to the stability-based solution concepts that we use to evaluate the game, the model shows that CSPs will be able to form acceptable federations on the fly to service incoming resource provisioning requests whenever required.

In the past decade, the revolution in miniaturization (microprocessors, batteries, cameras etc.) and manufacturing of new type of sensors resulted in a new regime of applications based on smart objects called IoT. Majority of such applications or services are to ease human life and/or to setup efficient processes in automated environments. However, this convenience is coming up with new challenges related to data security and human privacy. The objects in IoT are resource constrained devices and cannot implement a fool-proof security framework. These end devices work like eyes and ears to interact with the physical world and collect data for analytics to make expedient decisions. The storage and analysis of the collected data is done remotely using cloud computing. The transfer of data from IoT to the computing clouds can introduce privacy issues and network delays. Some applications need a real-time decision and cannot tolerate the delays and jitters in the network. Here, edge computing or fog computing plays its role to settle down the mentioned issues by providing cloud-like facilities near the end devices. In this paper, we discuss IoT, fog computing, the relationship between IoT and fog computing, their security issues and solutions by different researchers. We summarize attack surface related to each layer of this paradigm which will help to propose new security solutions to escalate it acceptability among end users. We also propose a risk-based trust management model for smart healthcare environment to cope with security and privacy-related issues in this highly un-predictable heterogeneous ecosystem.

The panic among medical control, information, and device administrators is due to surmounting number of high-profile attacks on healthcare facilities. This hostile situation is going to lead the health informatics industry to cloud-hoarding of medical data, control flows, and site governance. While different healthcare enterprises opt for cloud-based solutions, it is a matter of time when fog computing environment are formed. Because of major gaps in reported techniques for fog security administration for health data i.e. absence of an overarching certification authority (CA), the security provisioning is one of the the issue that we address in this paper. We propose a security provisioning model (AZSPM) for medical devices in fog environments. We propose that the AZSPM can be build by using atomic security components that are dynamically composed. The verification of authenticity of the atomic components, for trust sake, is performed by calculating the processor clock cycles from service execution at the resident hardware platform. This verification is performed in the fully sand boxed environment. The results of the execution cycles are matched with the service specifications from the manufacturer before forwarding the mobile services to the healthcare cloud-lets. The proposed model is completely novel in the fog computing environments. We aim at building the prototype based on this model in a healthcare information system environment.

With the evolution of computing from using personal computers to use of online Internet of Things (IoT) services and applications, security risks have also evolved as a major concern. The use of Fog computing enhances reliability and availability of the online services due to enhanced heterogeneity and increased number of computing servers. However, security remains an open challenge. Various trust models have been proposed to measure the security strength of available service providers. We utilize the quantized security of Datacenters and propose a new security-based service broker policy(SbSBP) for Fog computing environment to allocate the optimal Datacenter(s) to serve users' requests based on users' requirements of cost, time and security. Further, considering the dynamic nature of Fog computing, the concept of dynamic reconfiguration has been added. Comparative analysis of simulation results shows the effectiveness of proposed policy to incorporate users' requirements in the decision-making process.

Cloud computing has established itself as an alternative IT infrastructure and service model. However, as with all logically centralized resource and service provisioning infrastructures, cloud does not handle well local issues involving a large number of networked elements (IoTs) and it is not responsive enough for many applications that require immediate attention of a local controller. Fog computing preserves many benefits of cloud computing and it is also in a good position to address these local and performance issues because its resources and specific services are virtualized and located at the edge of the customer premise. However, data security is a critical challenge in fog computing especially when fog nodes and their data move frequently in its environment. This paper addresses the data protection and the performance issues by 1) proposing a Region-Based Trust-Aware (RBTA) model for trust translation among fog nodes of regions, 2) introducing a Fog-based Privacy-aware Role Based Access Control (FPRBAC) for access control at fog nodes, and 3) developing a mobility management service to handle changes of users and fog devices' locations. The implementation results demonstrate the feasibility and the efficiency of our proposed framework.