Biblio

A dynamic modeling method for network security vulnerabilities which is composed of the design of safety evaluation model, the design of risk model of intrusion event and the design of vulnerability risk model. The model based on identification of vulnerabilities values through dynamic forms can improve the tightness between vulnerability scanning system, intrusion prevention system and security configuration verification system. Based on this model, the network protection system which is most suitable for users can be formed, and the protection capability of the network protection system can be improved.

As the key component of the smart grid, smart meters fill in the gap between electrical utilities and household users. Todays smart meters are capable of collecting household power information in real-time, providing precise power dispatching control services for electrical utilities and informing real-time power price for users, which significantly improve the user experiences. However, the use of data also brings a concern about privacy leakage and the trade-off between data usability and user privacy becomes an vital problem. Existing works propose privacy-utility trade-off frameworks against statistical inference attack. However, these algorithms are basing on distorted data, and will produce cumulative errors when tracing household power usage and lead to false power state estimation, mislead dispatching control, and become an obstacle for practical application. Furthermore, previous works consider power usage as discrete variables in their optimization problems while realistic smart meter data is continuous variable. In this paper, we propose a mechanism to estimate the trade-off between utility and privacy on a continuous time-series distorted dataset, where we extend previous optimization problems to continuous variables version. Experiments results on smart meter dataset reveal that the proposed mechanism is able to prevent inference to sensitive appliances, preserve insensitive appliances, as well as permit electrical utilities to trace household power usage periodically efficiently.

When Bitcoin was first introduced to the world in 2008 by an enigmatic programmer going by the pseudonym Satoshi Nakamoto, it was billed as the world's first decentralized virtual currency. Offering the first credible incarnation of a digital currency, Bitcoin was based on the principal of peer to peer transactions involving a complex public address and a private key that only the owner of the coin would know. This paper will seek to investigate how the usage and value of Bitcoin is affected by current events in the cyber environment. Is an advancement in the digital security of Bitcoin reflected by the value of the currency and conversely does a major security breech have a negative effect? By analyzing statistical data of the market value of Bitcoin at specific points where the currency has fluctuated dramatically, it is believed that trends can be found. This paper proposes that based on the data analyzed, the current integrity of the Bitcoin security is trusted by general users and the value and usage of the currency is growing. All the major fluctuations of the currency can be linked to significant events within the digital security environment however these fluctuations are beginning to decrease in frequency and severity. Bitcoin is still a volatile currency but this paper concludes that this is a result of security flaws in Bitcoin services as opposed to the Bitcoin protocol itself.

Malware sandboxes, widely used by antivirus companies, mobile application marketplaces, threat detection appliances, and security researchers, face the challenge of environment-aware malware that alters its behavior once it detects that it is being executed on an analysis environment. Recent efforts attempt to deal with this problem mostly by ensuring that well-known properties of analysis environments are replaced with realistic values, and that any instrumentation artifacts remain hidden. For sandboxes implemented using virtual machines, this can be achieved by scrubbing vendor-specific drivers, processes, BIOS versions, and other VM-revealing indicators, while more sophisticated sandboxes move away from emulation-based and virtualization-based systems towards bare-metal hosts. We observe that as the fidelity and transparency of dynamic malware analysis systems improves, malware authors can resort to other system characteristics that are indicative of artificial environments. We present a novel class of sandbox evasion techniques that exploit the "wear and tear" that inevitably occurs on real systems as a result of normal use. By moving beyond how realistic a system looks like, to how realistic its past use looks like, malware can effectively evade even sandboxes that do not expose any instrumentation indicators, including bare-metal systems. We investigate the feasibility of this evasion strategy by conducting a large-scale study of wear-and-tear artifacts collected from real user devices and publicly available malware analysis services. The results of our evaluation are alarming: using simple decision trees derived from the analyzed data, malware can determine that a system is an artificial environment and not a real user device with an accuracy of 92.86%. As a step towards defending against wear-and-tear malware evasion, we develop statistical models that capture a system's age and degree of use, which can be used to aid sandbox operators in creating system i- ages that exhibit a realistic wear-and-tear state.

The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded by the existence of preestablished, often rigid, cultures that drive how hospitality businesses operate. Potential attackers are recognising this and the last two years have seen a huge increase in cyber-attacks within the sector.Attempts at addressing the increasing threats have taken the form of technical solutions such as encryption, access control, CCTV, etc. However, a high majority of security breaches can be directly attributed to human error. It is therefore necessary that measures for addressing the rising trend of cyber-attacks go beyond just providing technical solutions and make provision for educating employees about how to address the human elements of security. Inculcating security awareness amongst hospitality employees will provide a foundation upon which a culture of security can be created to promote the seamless and secured interaction of hotel users and technology.One way that the hospitality industry has tried to solve the awareness issue is through their current paper-based training. This is unengaging, expensive and presents limited ways to deploy, monitor and evaluate the impact and effectiveness of the content. This leads to cycles of constant training, making it very hard to initiate awareness, particularly within those on minimum waged, short-term job roles.This paper presents a structured approach for eliciting industry requirement for developing and implementing an immersive Cyber Security Awareness learning platform. It used a series of over 40 interviews and threat analysis of the hospitality industry to identify the requirements fo- designing and implementing cyber security program which encourage engagement through a cycle of reward and recognition. In particular, the need for the use of gamification elements to provide an engaging but gentle way of educating those with little or no desire to learn was identified and implemented. Also presented is a method for guiding and monitoring the impact of their employee's progress through the learning management system whilst monitoring the levels of engagement and positive impact the training is having on the business.

Access control is one of the most challenging issues in Cloud environment, it must ensure data confidentiality through enforced and flexible access policies. The revocation is an important task of the access control process, generally it consists on banishing some roles from the users. Attribute-based encryption is a promising cryptographic method which provides the fine-grained access, which makes it very useful in case of group sharing applications. This solution has initially been developed on a central authority model. Later, it has been extended to a multi-authority model which is more convenient and more reliable. However, the revocation problem is still the major challenge of this approach. There have been few proposed revocation solutions for the Multi-authority scheme and these solutions suffer from the lack of efficiency. In this paper, we propose an access control mechanism on a multi-authority architecture with an immediate and efficient attributes' or users' revocation. The proposed scheme uses decentralized CP-ABE to provide flexible and fine-grained access. Our solution provides collusion resistance, prevents security degradations, supports scalability and does not require keys' redistribution.

Encryption is often not sufficient to secure communication, since it does not hide that communication takes place or who is communicating with whom. Covert channels hide the very existence of communication enabling individuals to communicate secretly. Previous work proposed a covert channel hidden inside multi-player first person shooter online game traffic (FPSCC). FPSCC has a low bit rate, but it is practically impossible to eliminate other than by blocking the overt game trac. This paper shows that with knowledge of the channel’s encoding and using machine learning techniques, FPSCC can be detected with an accuracy of 95% or higher.

This publication presents some techniques for insider threats and cryptographic protocols in secure processes. Those processes are dedicated to the information management of strategic data splitting. Strategic data splitting is dedicated to enterprise management processes as well as methods of securely storing and managing this type of data. Because usually strategic data are not enough secure and resistant for unauthorized leakage, we propose a new protocol that allows to protect data in different management structures. The presented data splitting techniques will concern cryptographic information splitting algorithms, as well as data sharing algorithms making use of cognitive data analysis techniques. The insider threats techniques will concern data reconstruction methods and cognitive data analysis techniques. Systems for the semantic analysis and secure information management will be used to conceal strategic information about the condition of the enterprise. Using the new approach, which is based on cognitive systems allow to guarantee the secure features and make the management processes more efficient.

We propose a probabilistic approach to the problem of schema mapping. Our approach is declarative, scalable, and extensible. It builds upon recent results in both schema mapping and probabilistic reasoning and contributes novel techniques in both fields. We introduce the problem of mapping selection, that is, choosing the best mapping from a space of potential mappings, given both metadata constraints and a data example. As selection has to reason holistically about the inputs and the dependencies between the chosen mappings, we define a new schema mapping optimization problem which captures interactions between mappings. We then introduce Collective Mapping Discovery (CMD), our solution to this problem using stateof- the-art probabilistic reasoning techniques, which allows for inconsistencies and incompleteness. Using hundreds of realistic integration scenarios, we demonstrate that the accuracy of CMD is more than 33% above that of metadata-only approaches already for small data examples, and that CMD routinely finds perfect mappings even if a quarter of the data is inconsistent.

Software defined networking promises network operators to dramatically simplify network management. It provides flexibility and innovation through network programmability. With SDN, network management moves from codifying functionality in terms of low-level device configuration to building software that facilitates network management and debugging[1]. SDN provides new techniques to solve long-standing problems in networking like routing by separating the complexity of state distribution from network specification. Despite all the hype surrounding SDNs, exploiting its full potential is demanding. Security is still the major issue and a striking challenge that reduces the growth of SDNs. Moreover the introduction of various architectural components and up cycling of novel entities of SDN poses new security issues and threats. SDN is considered as major target for digital threats and cyber-attacks[2] and have more devastating effects than simple networks. Initial SDN design doesn't considered security as its part; therefore, it must be raised on the agenda. This article discusses the security solutions proposed to secure SDNs. We categorize the security solutions in the article by presenting a thematic taxonomy based on SDN architectural layers/interfaces[3], security measures and goals, simulation framework. Moreover, the literature also points out the possible attacks[2] targeting different layers/interfaces of SDNs. For securing SDNs, the potential requirements and their key enablers are also identified and presented. Also, the articles sketch the design of secure and dependable SDNs. At last, we discuss open issues and challenges of SDN security that may be rated appropriate to be handled by professionals and researchers in the future.

A novel approach is developed for analyzing power system vulnerability related to extraordinary events. Vulnerability analyses are necessary for identification of barriers to prevent such events and as a basis for the emergency preparedness. Identification of cause and effect relationships to reveal vulnerabilities related to extraordinary events is a complex and difficult task. In the proposed approach, the analysis starts by identifying the critical consequences. Then the critical contingencies and operating states, and which external threats and causes that may result in such severe consequences, are identified. This is opposed to the traditional risk and vulnerability analysis which starts by analyzing threats and what can happen as a chain of events. The vulnerability analysis methodology is tested and demonstrated on real systems.

This paper introduces a research agenda focusing on cybersecurity in the context of product lifecycle management. The paper discusses research directions on critical protection techniques, including protection techniques from insider threat, access control systems, secure supply chains and remote 3D printing, compliance techniques, and secure collaboration techniques. The paper then presents an overview of DBSAFE, a system for protecting data from insider threat.

The energy sector has been actively looking into cyber risk assessment at a global level, as it has a ripple effect; risk taken at one step in supply chain has an impact on all the other nodes. Cyber-attacks not only hinder functional operations in an organization but also waves damaging effects to the reputation and confidence among shareholders resulting in financial losses. Organizations that are open to the idea of protecting their assets and information flow and are equipped; enough to respond quickly to any cyber incident are the ones who prevail longer in global market. As a contribution we put forward a modular plan to mitigate or reduce cyber risks in global supply chain by identifying potential cyber threats at each step and identifying their immediate counterm easures.

The stability and effectiveness of supply chain financing union are directly affected by income fluctuation and unequal distribution problems, subsequently making the economic interests of the involved parties impacted. In this paper, the incomes of the parties in the union were distributed using Shapley value from the perspective of cooperative game under the background of the supply chain financing based on third-party trading platform, and then correction factors were weighted by introducing risk correction factors and combining with analytic hierarchy process (AHP), in order to improve the original model. Finally, the feasibility of the scheme was proved using example.

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.

The development of internet comes with the other domain that is cyber-crime. The record and intelligently can be exposed to a user of illegal activity so that it has become important to make the technology reliable. Phishing techniques include domain of email messages. Phishing emails have hosted such a phishing website, where a click on the URL or the malware code as executing some actions to perform is socially engineered messages. Lexically analyzing the URLs can enhance the performance and help to differentiate between the original email and the phishing URL. As assessed in this study, in addition to textual analysis of phishing URL, email classification is successful and results in a highly precise anti phishing.

The number of detected and analyzed Advanced Persistent Threat (APT) campaigns increased over the last years. Two of the main objectives of such campaigns are to maintain long-term access to the environment of the target and to stay undetected. To achieve these goals the attackers use sophisticated and customized techniques for the lateral movement, to ensure that these activities are not detected by existing security systems. During an investigation of an APT campaign all stages of it are relevant to clarify important details like the initial infection vector or the compromised systems and credentials. Most of the currently used approaches, which are utilized within security systems, are not able to detect the different stages of a complex attack and therefore a comprehensive security investigation is needed. In this paper we describe a concept for a Security Investigation Framework (SIF) that supports the analysis and the tracing of multi-stage APTs. The concept includes different automatic and semi-automatic approaches that support the investigation of such attacks. Furthermore, the framework leverages different information sources, like log files and details from forensic investigations and malware analyses, to give a comprehensive overview of the different stages of an attack. The overall objective of the SIF is to improve the efficiency of investigations and reveal undetected details of an attack.

The Internet of Things (IoT) becomes reality. But its restrictions become obvious as we try to connect solutions of different vendors and communities. Apart from communication protocols appropriate identity management mechanisms are crucial for a growing IoT. The recently founded Identities of Things Discussion Group within Kantara Initiative will work on open issues and solutions to manage “Identities of Things” as an enabler for a fast-growing ecosystem.

Up-to-date studies and surveys regarding IT security show, that companies of every size and branch nowadays are faced with the growing risk of cyber crime. Many tools, standards and best practices are in place to support enterprise IT security experts in dealing with the upcoming risks, whereas meanwhile especially small and medium sized enterprises(SMEs) feel helpless struggling with the growing threats. This article describes an approach, how SMEs can attain high quality assurance whether they are a victim of cyber crime, what kind of damage resulted from a certain attack and in what way remediation can be done. The focus on all steps of the analysis lies in the economic feasibility and the typical environment of SMEs.
 

Cloud computing brings in a lot of advantages for enterprise IT infrastructure; virtualization technology, which is the backbone of cloud, provides easy consolidation of resources, reduction of cost, space and management efforts. However, security of critical and private data is a major concern which still keeps back a lot of customers from switching over from their traditional in-house IT infrastructure to a cloud service. Existence of techniques to physically locate a virtual machine in the cloud, proliferation of software vulnerability exploits and cross-channel attacks in-between virtual machines, all of these together increases the risk of business data leaks and privacy losses. This work proposes a framework to mitigate such risks and engineer customer trust towards enterprise cloud computing. Everyday new vulnerabilities are being discovered even in well-engineered software products and the hacking techniques are getting sophisticated over time. In this scenario, absolute guarantee of security in enterprise wide information processing system seems a remote possibility; software systems in the cloud are vulnerable to security attacks. Practical solution for the security problems lies in well-engineered attack mitigation plan. At the positive side, cloud computing has a collective infrastructure which can be effectively used to mitigate the attacks if an appropriate defense framework is in place. We propose such an attack mitigation framework for the cloud. Software vulnerabilities in the cloud have different severities and different impacts on the security parameters (confidentiality, integrity, and availability). By using Markov model, we continuously monitor and quantify the risk of compromise in different security parameters (e.g.: change in the potential to compromise the data confidentiality). Whenever, there is a significant change in risk, our framework would facilitate the tenants to calculate the Mean Time to Security Failure (MTTSF) cloud and allow them to adopt a dynamic mitigation plan. This framework is an add-on security layer in the cloud resource manager and it could improve the customer trust on enterprise cloud solutions.

In recent years, with growing demands towards big data application, various research on context-awareness has once again become active. This paper proposes a new type of context-aware user authentication that controls the authentication level of users, using the context of “physical trust relationship” that is built between users by visual contact. In our proposal, the authentication control is carried out by two mechanisms; “i-Contact” and “k-Contact”. i-Contact is the mechanism that visually confirms the user (owner of a mobile device) using the surrounding users' eyes. The authenticity of users can be reliably assessed by the people (witnesses), even when the user exhibits ambiguous behavior. k-Contact is the mechanism that dynamically changes the authentication level of each user using the context information collected through i-Contact. Once a user is authenticated by eyewitness reports, the user is no longer prompted for a password to unlock his/her mobile device and/or to access confidential resources. Thus, by leveraging the proposed authentication system, the usability for only trusted users can be securely enhanced. At the same time, our proposal anticipates the promotion of physical social communication as face-to-face communication between users is triggered by the proposed authentication system.
 

More and more intelligent functions are proposed, designed and implemented in meters to make the power supply be smart. However, these complex functions also bring risks to the smart meters, and they become susceptible to vulnerabilities and attacks. We present the rat-group attack in this paper, which exploits the vulnerabilities of smart meters in the cyber world, but spreads in the physical world due to the direct economic benefits. To the best of our knowledge, no systematic work has been conducted on this attack. Game theory is then applied to analyze this attack, and two game models are proposed and compared under different assumptions. The analysis results suggest that the power company shall follow an open defense policy: disclosing the defense parameters to all users (i.e., the potential attackers), results in less loss in the attack.

In the early days of the web, content was designed and hosted by a single person, group, or organization. No longer. Webpages are increasingly composed of content from myriad unrelated "third-party" websites in the business of advertising, analytics, social networking, and more. Third-party services have tremendous value: they support free content and facilitate web innovation. But third-party services come at a privacy cost: researchers, civil society organizations, and policymakers have increasingly called attention to how third parties can track a user's browsing activities across websites. This paper surveys the current policy debate surrounding third-party web tracking and explains the relevant technology. It also presents the FourthParty web measurement platform and studies we have conducted with it. Our aim is to inform researchers with essential background and tools for contributing to public understanding and policy debates about web tracking.