HotSoS 2017

file

Is the Guardian Capable? A Routine Activity Theory Approach to Cyber Intrusion on Honeypot Systems

Submitted by Michel Cukier on Fri, 03/31/2017 - 4:05pm. Contributors:

Abstract:

file

Formulating a Method for Using Search Query Trends as a Measure of Mass-User Interest

Submitted by Jessica Staddon on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

file

Flawed Mental Models Lead to Bad Cyber Security Decisions: Let’s Do a Better Job

Submitted by jimblythe on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

Conventional computer security wisdom implicitly assumes models about humans and human organizations such as:

Only bad people circumvent security controls. (Corollary: good users never share passwords.)
It's actually possible for organizations to create and maintain a perfect electronic representation of the access control policies they need.

These models then translate into practices that conventional wisdom blesses as good. For just two examples:

file

FARM: a Toolkit for Finding the Appropriate Level of Realism for Modeling

Submitted by jimblythe on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

file

Factors for Differentiating Human from Automated Attacks

Submitted by Masooda Bashir on Fri, 03/31/2017 - 4:05pm. Contributors:

Abstract

file

Exploring Defect Categories for Infrastructure as Code

Submitted by Laurie Williams on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

Infrastructure as code (IaC) technology refers to the process of automated and reproducible management of infrastructure that include operating systems, and software dependencies [1]. IaC technologies, such as Ansible, and Puppet aim to reduce deployment errors and deployment overhead through automation.

file

On the Disconnect between CVSS Scores and Vulnerability Bounties

Submitted by andy.meneely on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

file

Cyber knowledge is here, but not evenly distributed

Submitted by Anonymous on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT

file

Analysis of Two Parallel Surveys on Cybersecurity: Users & Security

Submitted by jimblythe on Fri, 03/31/2017 - 4:05pm. Contributors:

file

Advanced Metrics for Risk-Based Attack Surface Approximation

Submitted by Laurie Williams on Fri, 03/31/2017 - 4:05pm. Contributors:

ABSTRACT:

Despite a growing number of threats, the software engineering community still faces a critical deficit of trained security professionals for defending against cyber attacks. To combat this shortage, efficient prioritization of the effort of security professionals is needed. To address this issue, we present Risk Based Attack Surface Approximation (RASA), which uses crash dump stack traces to approximate the attack surface of a system.

Cyber-Physical Systems Virtual Organization

Read-only archive of site from September 29, 2023.

Is the Guardian Capable? A Routine Activity Theory Approach to Cyber Intrusion on Honeypot Systems

Formulating a Method for Using Search Query Trends as a Measure of Mass-User Interest

Flawed Mental Models Lead to Bad Cyber Security Decisions: Let’s Do a Better Job

FARM: a Toolkit for Finding the Appropriate Level of Realism for Modeling

Factors for Differentiating Human from Automated Attacks

Exploring Defect Categories for Infrastructure as Code

On the Disconnect between CVSS Scores and Vulnerability Bounties

Cyber knowledge is here, but not evenly distributed

Analysis of Two Parallel Surveys on Cybersecurity: Users & Security

Advanced Metrics for Risk-Based Attack Surface Approximation