Biblio

In socially assistive robotics, an important research area is the development of adaptation techniques and their effect on human-robot interaction. We present a meta-learning based policy gradient method for addressing the problem of adaptation in human-robot interaction and also investigate its role as a mechanism for trust modelling. By building an escape room scenario in mixed reality with a robot, we test our hypothesis that bi-directional trust can be influenced by different adaptation algorithms. We found that our proposed model increased the perceived trustworthiness of the robot and influenced the dynamics of gaining human's trust. Additionally, participants evaluated that the robot perceived them as more trustworthy during the interactions with the meta-learning based adaptation compared to the previously studied statistical adaptation model.

Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study examines the subjective and often complex nature of human factors in the cybersecurity context through a systematic literature review of 27 articles which span across technical, behavior and social sciences perspectives. Results from our study suggest that there is still a predominately a technical focus, which excludes the consideration of human factors in cybersecurity. Our literature review suggests that this is due to a lack of consolidation of the attributes pertaining to human factors; the application of theoretical frameworks; and a lack of in-depth qualitative studies. To ensure that these gaps are addressed, we propose that future studies take into consideration (a) consolidating the human factors; (b) examining cyber security from an interdisciplinary approach; (c) conducting additional qualitative research whilst investigating human factors in cybersecurity.

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.

Information Technology (IT) security is a growing concern for governments around the world. Cyber terrorism poses a direct threat to the security of the nations' critical infrastructures and ITs as a low-cost asymmetric warfare element. Most of these nations are aware of the vulnerability of the information technologies and the significance of protecting critical infrastructures. To counteract the threat of potentially disastrous cyber attacks, nations' policy makers are increasingly pondering on the use of deterrence strategies to supplement cyber defense. Nations create their own national policies and strategies which cover cyber security countermeasures including cyber defense and deterrence against cyber threats. But it is rather hard to cope with the threat by means of merely `national' cyber defense policies and strategies, since the cyberspace spans worldwide and attack's origin can even be overseas. The term “cyber terrorism” is another source of controversy. An agreement on a common definition of cyber terrorism among the nations is needed. However, the international community has not been able to succeed in developing a commonly accepted comprehensive definition of “terrorism” itself. This paper evaluates the importance of building international cooperation on cyber defense and deterrence against cyber terrorism. It aims to improve and further existing contents and definitions of cyber terrorism; discusses the attractiveness of cyber attacks for terrorists and past experiences on cyber terrorism. It emphasizes establishing international legal measures and cooperation between nations against cyber terrorism in order to maintain the international stability and prosperity. In accordance with NATO's new strategic concept, it focuses on developing the member nations' ability to prevent, detect, defend against and recover from cyber attacks to enhance and coordinate national cyber defense capabilities. It provides necessary steps that have to be taken globally in order to counter cyber terrorism.

The question of whether strategic deterrence in cyberspace is achievable given the challenges of detection, attribution and credible retaliation is a topic of contention among military and civilian defense strategists. This paper examines the traditional strategic deterrence theory and its application to deterrence in cyberspace (the newly defined 5th battlespace domain, following land, air, sea and space domains), which is being used increasingly by nation-states and their proxies to achieve information dominance and to gain tactical and strategic economic and military advantage. It presents a taxonomy of cyberattacks that identifies which types of threats in the confidentiality, integrity, availability cybersecurity model triad present the greatest risk to nation-state economic and military security, including their political and social facets. The argument is presented that attacks on confidentiality cannot be subject to deterrence in the current international legal framework and that the focus of strategy needs to be applied to integrity and availability attacks. A potential cyberdeterrence strategy is put forth that can enhance national security against devastating cyberattacks through a credible declaratory retaliation capability that establishes red lines which may trigger a counter-strike against all identifiable responsible parties. The author believes such strategy can credibly influence nation-state threat actors who themselves exhibit serious vulnerabilities to cyber attacks from launching a devastating cyber first strike.

In this paper, a distributed architecture for the implementation of smart city has been proposed to facilitate various smart features like solid waste management, efficient urban mobility and public transport, smart parking, robust IT connectivity, safety and security of citizens and a roadmap for achieving it. How massive volume of IoT data can be analyzed and a layered architecture of IoT is explained. Why data integration is important for analyzing and processing of data collected by the different smart devices like sensors, actuators and RFIDs is discussed. The wireless sensor network can be used to sense the data from various locations but there has to be more to it than stuffing sensors everywhere for everything. Why only the sensor is not sufficient for data collection and how human beings can be used to collect data is explained. There is some communication protocols between the volunteers engaged in collecting data to restrict the sharing of data and ensure that the target area is covered with minimum numbers of volunteers. Every volunteer should cover some predefined area to collect data. Then the proposed architecture model is having one central server to store all data in a centralized server. The data processing and the processing of query being made by the user is taking place in centralized server.

There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software is an elusive goal for most. It requires every team to know and apply a wide range of security knowledge in the context of what software is being built, how the software will be used, and the projected threats in the environment where the software will operate. The drive for better outcomes for secure development and increased developer productivity led to experiments to augment developer knowledge and eventually realize the goal of "building the right security in".

Analysing cyber attack environments yield tremendous insight into adversory behavior, their strategy and capabilities. Designing cyber intensive games that promote offensive and defensive activities to capture or protect assets assist in the understanding of cyber situational awareness. There exists tangible metrics to characterizing games such as CTFs to resolve the intensity and aggression of a cyber attack. This paper synthesizes the characteristics of InCTF (India CTF) and provides an understanding of the types of vulnerabilities that have the potential to cause significant damage by trained hackers. The two metrics i.e. toxicity and effectiveness and its relation to the final performance of each team is detailed in this context.
 

Social networking sites (SNSs), with their large number of users and large information base, seem to be the perfect breeding ground for exploiting the vulnerabilities of people, who are considered the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as "social engineering." Fraudulent and deceptive people use social engineering traps and tactics through SNSs to trick users into obeying them, accepting threats, and falling victim to various crimes such as phishing, sexual abuse, financial abuse, identity theft, and physical crime. Although organizations, researchers, and practitioners recognize the serious risks of social engineering, there is a severe lack of understanding and control of such threats. This may be partly due to the complexity of human behaviors in approaching, accepting, and failing to recognize social engineering tricks. This research aims to investigate the impact of source characteristics on users' susceptibility to social engineering victimization in SNSs, particularly Facebook. Using grounded theory method, we develop a model that explains what and how source characteristics influence Facebook users to judge the attacker as credible.