George Grispos,William Bradley Glisson,Tim Storer

DOI: https://doi.org/10.48550/arXiv.1408.2431

2014-08-11

Cryptography and Security

Abstract:In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.

Kim Hammar,Rolf Stadler

DOI: https://doi.org/10.23919/CNSM50824.2020.9269092

2020-10-05

Abstract:We present a method to automatically find security strategies for the use case of intrusion prevention. Following this method, we model the interaction between an attacker and a defender as a Markov game and let attack and defense strategies evolve through reinforcement learning and self-play without human intervention. Using a simple infrastructure configuration, we demonstrate that effective security strategies can emerge from self-play. This shows that self-play, which has been applied in other domains with great success, can be effective in the context of network security. Inspection of the converged policies show that the emerged policies reflect common-sense knowledge and are similar to strategies of humans. Moreover, we address known challenges of reinforcement learning in this domain and present an approach that uses function approximation, an opponent pool, and an autoregressive policy representation. Through evaluations we show that our method is superior to two baseline methods but that policy convergence in self-play remains a challenge.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

Nespoli, Pantaleone

DOI: https://doi.org/10.1007/s10207-024-00909-w

2024-10-06

International Journal of Information Security

Abstract:Recently, the DevSecOps practice has improved companies' agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle.. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.

computer science, information systems, theory & methods, software engineering

Simon Miller,Susan Appleby,Jonathan M. Garibaldi,Uwe Aickelin

DOI: https://doi.org/10.2139/ssrn.2823280

2013-01-01

International Journal of Secure Software Engineering

Abstract:The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. We show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

Joshua Letchford,Yevgeniy Vorobeychik

DOI: https://doi.org/10.48550/arXiv.1210.4873

2012-10-17

Abstract:We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that allows us to capture both the direct and indirect value of assets, and extend this model to capture uncertainty about the structure of the interdependency network. Third, we extend the linear programming formulation to account for exogenous (random) failures in addition to targeted attacks. The goal of our work is two-fold. First, we aim to develop techniques for computing optimal security strategies in realistic settings involving interdependent security. To this end, we evaluate the value of our technical contributions in comparison with previous approaches, and show that our approach yields much better defense policies and scales to realistic graphs. Second, our computational framework enables us to attain theoretical insights about security on networks. As an example, we study how allowing security to be endogenous impacts the relative resilience of different network topologies.

Computer Science and Game Theory,Cryptography and Security

Ru Yi Ye,Zhou Jiang,Qi Wang

DOI: https://doi.org/10.4028/www.scientific.net/amm.631-632.928

2014-01-01

Applied Mechanics and Materials

Abstract:ROSI (Return On Security Investment) has attracted a great deal of attention in recent years. By inheriting Gordon and Loeb 2002 security breach probability function, we present an adaptive economics model of investment in information security integrating dynamic characteristics of outside threat probability and detective mechanism, and deduce some guidelines for optimal investment amount.

Mariam Ibrahim,Ruba Elhafiz

DOI: https://doi.org/10.3390/s23031634

IF: 3.9

2023-02-03

Sensors

Abstract:Future engineering systems with new capabilities that far exceed today's levels of autonomy, functionality, usability, dependability, and cyber security are predicted to be designed and developed using cyber-physical systems (CPSs). In this paper, the security of CPSs is investigated through a case study of a smart grid by using a reinforcement learning (RL) augmented attack graph to effectively highlight the subsystems' weaknesses. In particular, the state action reward state action (SARSA) RL technique is used, in which the agent is taken to be the attacker, and an attack graph created for the system is built to resemble the environment. SARSA uses rewards and penalties to identify the worst-case attack scenario; with the most cumulative reward, an attacker may carry out the most harm to the system with the fewest available actions. Results showed successfully the worst-case attack scenario with a total reward of 26.9 and identified the most severely damaged subsystems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Michael D. Iannacone,Robert A. Bridges

DOI: https://doi.org/10.48550/arXiv.1902.00053

2019-10-25

Abstract:Metrics and frameworks to quantifiably assess security measures have arisen from needs of three distinct research communities - statistical measures from the intrusion detection and prevention literature, evaluation of cyber exercises, e.g.,red-team and capture-the-flag competitions, and economic analyses addressing cost-versus-security tradeoffs. In this paper we provide two primary contributions to the security evaluation literature - a representative survey, and a novel framework for evaluating security that is flexible, applicable to all three use cases, and readily interpretable. In our survey of the literature we identify the distinct themes from each community's evaluation procedures side by side and flesh out the drawbacks and benefits of each. The evaluation framework we propose includes comprehensively modeling the resource, labor, and attack costs in dollars incurred based on expected resource usage, accuracy metrics, and time. This framework provides a unified approach in that it incorporates the accuracy and performance metrics, which dominate intrusion detection evaluation, the time to detection and impact to data and resources of an attack, favored by educational competitions' metrics, and the monetary cost of many essential security components used in financial analysis. Moreover, it is flexible enough to accommodate each use case, easily interpretable and comparable, and comprehensive in terms of costs <a class="link-external link-http" href="http://considered.Finally" rel="external noopener nofollow">this http URL</a>, we provide two examples of the framework applied to real-world use cases. Overall, we provide a survey and a grounded, flexible framework with multiple concrete examples for evaluating security which can address the needs of three currently distinct communities.

Cryptography and Security

Adam Shostack

DOI: https://doi.org/10.1109/MSEC.2022.3223551

2022-12-11

Abstract:Engineering techniques to address the endless parade of security issues are an important area of research. Properties of practices in industrial use are rarely studied. Security workers satisfice. There is a widespread perception that security work must be cumbersome, and thus there's no value to assessing levels of effort. This is complemented by a belief that the nth day of work will produce value equal to the first. These perceptions impact both practice and research. This paper expands the acceptable paradigms for security analysis to include the fast, cheap and good enough. "Nothing" is often enough for industry. This paper makes a case for valuing lightweight ("fast and cheap") methods, presents a set of case studies and evaluation criteria for such tools, including card decks and role playing games.

Cryptography and Security

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Jing Zhou,Jun Shang,Tongwen Chen

DOI: https://doi.org/10.1109/jas.2024.124257

2024-03-19

IEEE/CAA Journal of Automatica Sinica

Abstract:Cyber-physical systems (CPSs) have emerged as an essential area of research in the last decade, providing a new paradigm for the integration of computational and physical units in modern control systems. Remote state estimation (RSE) is an indispensable functional module of CPSs. Recently, it has been demonstrated that malicious agents can manipulate data packets transmitted through unreliable channels of RSE, leading to severe estimation performance degradation. This paper aims to present an overview of recent advances in cyber-attacks and defensive countermeasures, with a specific focus on integrity attacks against RSE. Firstly, two representative frameworks for the synthesis of optimal deception attacks with various performance metrics and stealthiness constraints are discussed, which provide a deeper insight into the vulnerabilities of RSE. Secondly, a detailed review of typical attack detection and resilient estimation algorithms is included, illustrating the latest defensive measures safeguarding RSE from adversaries. Thirdly, some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers' and defenders' perspectives. Finally, several challenges and open problems are presented to inspire further exploration and future research in this field.

automation & control systems

Charalambos Konstantinou,George Stergiopoulos,Masood Parvania,Paulo Esteves-Verissimo

DOI: https://doi.org/10.1109/rws52686.2021.9611797

2021-10-18

Abstract:Cyber-physical systems (CPS) incorporate the complex and large-scale engineered systems behind critical infrastructure operations, such as water distribution networks, energy delivery systems, healthcare services, manufacturing systems, and transportation networks. Industrial CPS in particular need to simultaneously satisfy requirements of available, secure, safe and reliable system operation against diverse threats, in an adaptive and sustainable way. These adverse events can be of accidental or malicious nature and may include natural disasters, hardware or software faults, cyberattacks, or even infrastructure design and implementation faults. They may drastically affect the results of CPS algorithms and mechanisms, and subsequently the operations of industrial control systems (ICS) deployed in those critical infrastructures. Such a demanding combination of properties and threats calls for resilience-enhancement methodologies and techniques, working in real-time operation. However, the analysis of CPS resilience is a difficult task as it involves evaluation of various interdependent layers with heterogeneous computing equipment, physical components, network technologies, and data analytics. In this paper, we apply the principles of chaos engineering (CE) to industrial CPS, in order to demonstrate the benefits of such practices on system resilience. The systemic uncertainty of adverse events can be tamed by applying runtime CE-based analyses to CPS in production, in order to predict environment changes and thus apply mitigation measures limiting the range and severity of the event, and minimizing its blast radius.

Martin Ruskov,Paul Ekblom,M. Angela Sasse

DOI: https://doi.org/10.48550/arXiv.2209.02420

2022-09-06

Abstract:There is a conflict between the need for security compliance by users and the fact that commonly they cannot afford to dedicate much of their time and energy to that security. A balanced level of user engagement in security is difficult to achieve due to difference of priorities between the business perspective and the security perspective. We sought to find a way to engage users minimally, yet efficiently, so that they would both improve their security awareness and provide necessary feedback for improvement purposes to security designers. We have developed a persuasive software toolkit to engage users in structured discussions about security vulnerabilities in their company and potential interventions addressing these. In the toolkit we have adapted and integrated an established framework from conventional crime prevention. In the research reported here we examine how non-professionals perceived security problems through a short-term use of the toolkit. We present perceptions from a pilot lab study in which randomly recruited participants had to analyze a crafted insider threat problem using the toolkit. Results demonstrate that study participants were able to successfully identify causes, propose interventions and engage in providing feedback on proposed interventions. Subsequent interviews show that participants have developed greater awareness of information security issues and the framework to address these, which in a real setting would lead ultimately to significant benefits for the organization. These results indicate that when well-structured such short-term engagement is sufficient for users to meaningfully take part in complex security discussions and develop in-depth understanding of theoretical principles of security.

Computers and Society,Cryptography and Security,Human-Computer Interaction

Erick Galinkin,John Carter,Spiros Mancoridis

DOI: https://doi.org/10.48550/arXiv.2109.11592

2021-09-23

Cryptography and Security

Abstract:In cybersecurity, attackers range from brash, unsophisticated script kiddies and cybercriminals to stealthy, patient advanced persistent threats. When modeling these attackers, we can observe that they demonstrate different risk-seeking and risk-averse behaviors. This work explores how an attacker's risk seeking or risk averse behavior affects their operations against detection-optimizing defenders in an Internet of Things ecosystem. Using an evaluation framework which uses real, parametrizable malware, we develop a game that is played by a defender against attackers with a suite of malware that is parameterized to be more aggressive and more stealthy. These results are evaluated under a framework of exponential utility according to their willingness to accept risk. We find that against a defender who must choose a single strategy up front, risk-seeking attackers gain more actual utility than risk-averse attackers, particularly in cases where the defender is better equipped than the two attackers anticipate. Additionally, we empirically confirm that high-risk, high-reward scenarios are more beneficial to risk-seeking attackers like cybercriminals, while low-risk, low-reward scenarios are more beneficial to risk-averse attackers like advanced persistent threats.

Sakshyam Panda,Emmanouil Panaousis,George Loukas,Christos Laoudias

DOI: https://doi.org/10.48550/arXiv.2001.03782

2020-01-11

Cryptography and Security

Abstract:Cyber hygiene measures are often recommended for strengthening an organization's security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for different groups of users. Building upon an existing cybersecurity investment model, this paper presents a tool for optimal selection of cyber hygiene safeguards, which we refer as the Optimal Safeguards Tool. The model combines game theory and combinatorial optimization taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group. The model considers indirect cost as the time employees could require for learning and training against an implemented control. Utilizing a game-theoretic framework to support the Knapsack optimization problem permits us to optimally select safeguards' application levels minimizing the aggregated expected damage within a security investment budget. We evaluate OST in a healthcare domain use case. The Critical Internet Security Control group 17 for implementing security awareness and training programs for employees belonging to the ICT, clinical and administration personnel of a hospital. We compare the strategies implemented by OST against alternative common-sense defending approaches for three different types of attackers: Nash, Weighted and Opportunistic. Nash defending strategies are consistently better than the competing strategies for all attacker types with a minor exception where the Nash defending strategy performs at least as good as other common-sense approaches.

Przemysław Buczkowski,Pasquale Malacaria,Chris Hankin,Andrew Fielder

DOI: https://doi.org/10.48550/arXiv.2204.11707

2022-04-25

Cryptography and Security

Abstract:CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating privileges, and controls reduce the probabilities of some vulnerabilities being exploited. The tool builds on an optimisation algorithm published by Khouzani et al. (2019), enabling a user to quickly create, edit, and incrementally improve models, analyse results for given portfolios and display the best solutions for all possible budgets in the form of a Pareto frontier. A case study was performed utilising a system graph and suspected attack paths prepared by industrial security engineers based on an industrial source with which they work. The goal of the case study is to model a supervisory control and data acquisition (SCADA) industrial system which, due to having the potential to harm people, necessitates strong protection while not allowing the use of typical penetration tools like vulnerability scanners. Results are analysed to show how a cyber-security analyst would use CySecTool to store cyber-security intelligence and draw further conclusions.

Golnaz Elahi,Eric Yu,Tong Li,Lin Liu

DOI: https://doi.org/10.1109/compsac.2011.48

2011-01-01

Abstract:Various governmental or academic institutes survey current security trends, and report vulnerabilities, security breaches, and their costs. However, it is unclear whether (and how) practitioners analyze these vulnerabilities and attacks to arrive at security requirements and decide on security solutions. What modeling methods are used for eliciting, analyzing, and documenting security requirements in real-world practice? This paper intends to answer such questions through a survey of security requirements engineering practices. 374 software professionals from 237 International and Chinese firms participated in the survey. The results show businesses often try to consider security from early stages of the development life cycle, however, ultimately, security is left to be built into the system at the implementation phase. We observed that practitioners favour qualitative risk assessment rather than quantitative approaches, and this helps them consider more varieties of factors when comparing alternative security design solutions.

Ali Basiri,Niosha Behnam,Ruud de Rooij,Lorin Hochstein,Luke Kosewski,Justin Reynolds,Casey Rosenthal

DOI: https://doi.org/10.1109/MS.2016.60

2017-02-20

Abstract:Modern software-based services are implemented as distributed systems with complex behavior and failure modes. Many large tech organizations are using experimentation to verify the reliability of such systems. We use the term "Chaos Engineering" to refer to this approach, and discuss the underlying principles and how to use it to run experiments.

Software Engineering

Partha Das Chowdhury,Mohammad Tahaei,Awais Rashid

DOI: https://doi.org/10.48550/arXiv.2211.02341

2022-11-04

Abstract:Saltzer \& Schroeder's principles aim to bring security to the design of computer systems. We investigate SolarWinds Orion update and Log4j to unpack the intersections where observance of these principles could have mitigated the embedded vulnerabilities. The common principles that were not observed include \emph{fail safe defaults}, \emph{economy of mechanism}, \emph{complete mediation} and \emph{least privilege}. Then we explore the literature on secure software development interventions for developers to identify usable analysis tools and frameworks that can contribute towards improved observance of these principles. We focus on a system wide view of access of codes, checking access paths and aiding application developers with safe libraries along with an appropriate security task list for functionalities.

Software Engineering

Ali Tamimi,Ozgur Oksuz,Jinyoung Lee,Adam Hahn

DOI: https://doi.org/10.48550/arXiv.1806.06168

2018-06-16

Abstract:Cybersecurity risks are often managed by reducing the system's attack surface, which includes minimizing the number of interconnections, privileges, and impacts of an attack. While attack surface reduction techniques have been frequently deployed in more traditional information technology (IT) domains, metrics tailored to cyber-physical systems (CPS) have not yet been identified. This paper introduces attack surface analysis metrics and algorithms to evaluate the attack surface of a CPS. The proposed approach includes both physical system impact metrics, along with a variety of cyber system properties from the software (network connections, methods) and operating system (privileges, exploit mitigations). The proposed algorithm is defined to incorporate with the Architecture Analysis \& Design Language (AADL), which is commonly used to many CPS industries to model their control system architecture, and tools have been developed to automate this analysis on an AADL model. Furthermore, the proposed approach is evaluated on a distribution power grid case study, which includes a 7 feeder distribution system, AADL model of the SCADA control centers, and analysis of the OpenDNP3 protocol library used in many real-world SCADA systems.

Cryptography and Security