Daniela Pöhn,Wolfgang Hommel

DOI: https://doi.org/10.1007/978-3-030-66504-3

2023-01-02

Abstract:This paper presents a comprehensive classification of identity management approaches. The classification makes use of three axes: topology, type of user, and type of environment. The analysis of existing approaches using the resulting identity management cube (IMC) highlights the trade-off between user control and trust in attributes. A comparative analysis of IMC and established models identifies missing links between the approaches. The IMC is extended by a morphology of identity management, describing characteristics of cooperation. The morphology is then mapped to the life cycle of users and identity management in a further step. These classifications are practically underlined with current approaches. Both methods combined provide a comprehensive characterization of identity management approaches. The methods help to choose suited approaches and implement needed tools.

Cryptography and Security,Computers and Society,Software Engineering

Md Habibor Rahman,Rocco Cassandro,Thorsten Wuest,Mohammed Shafae

2023-12-30

Abstract:An attack taxonomy offers a consistent and structured classification scheme to systematically understand, identify, and classify cybersecurity threat attributes. However, existing taxonomies only focus on a narrow range of attacks and limited threat attributes, lacking a comprehensive characterization of manufacturing cybersecurity threats. There is little to no focus on characterizing threat actors and their intent, specific system and machine behavioral deviations introduced by cyberattacks, system-level and operational implications of attacks, and potential countermeasures against those attacks. To close this pressing research gap, this work proposes a comprehensive attack taxonomy for a holistic understanding and characterization of cybersecurity threats in manufacturing systems. Specifically, it introduces taxonomical classifications for threat actors and their intent and potential alterations in system behavior due to threat events. The proposed taxonomy categorizes attack methods/vectors and targets/locations and incorporates operational and system-level attack impacts. This paper also presents a classification structure for countermeasures, provides examples of potential countermeasures, and explains how they fit into the proposed taxonomical classification. Finally, the implementation of the proposed taxonomy is illustrated using two realistic scenarios of attacks on typical smart manufacturing systems, as well as several real-world cyber-physical attack incidents and academic case studies. The developed manufacturing attack taxonomy offers a holistic view of the attack chain in manufacturing systems, starting from the attack launch to the possible damages and system behavior changes within the system. Furthermore, it guides the design and development of appropriate protective and detective countermeasures by leveraging the attack realization through observed system deviations.

Cryptography and Security

Tance Suleski,Mohiuddin Ahmed

DOI: https://doi.org/10.2196/44114

2023-08-29

Abstract:The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as solutions to meet the demands of a heavily saturated industry. During the COVID-19 pandemic, studies have shown that cybercriminals are exploiting the health care industry, and data breaches are targeting user credentials through authentication vulnerabilities. Poor password use and management and the lack of multifactor authentication security posture within IoHT cause a loss of millions according to the IBM reports. Therefore, it is important that health care authentication security moves toward adaptive multifactor authentication (AMFA) to replace the traditional approaches to authentication. We identified a lack of taxonomy for data models that particularly focus on IoHT data architecture to improve the feasibility of AMFA. This viewpoint focuses on identifying key cybersecurity challenges in a theoretical framework for a data model that summarizes the main components of IoHT data. The data are to be used in modalities that are suited for health care users in modern IoHT environments and in response to the COVID-19 pandemic. To establish the data taxonomy, a review of recent IoHT papers was conducted to discuss the related work in IoHT data management and use in next-generation authentication systems. Reports, journal articles, conferences, and white papers were reviewed for IoHT authentication data technologies in relation to the problem statement of remote authentication and user management systems. Only publications written in English from the last decade were included (2012-2022) to identify key issues within the current health care practices and their management of IoHT devices. We discuss the components of the IoHT architecture from the perspective of data management and sensitivity to ensure privacy for all users. The data model addresses the security requirements of IoHT users, environments, and devices toward the automation of AMFA in health care. We found that in health care authentication, the significant threats occurring were related to data breaches owing to weak security options and poor user configuration of IoHT devices. The security requirements of IoHT data architecture and identified impactful methods of cybersecurity for health care devices, data, and their respective attacks are discussed. Data taxonomy provides better understanding, solutions, and improvements of user authentication in remote working environments for security features.

Vasileios Mavroeidis,Siri Bromander

DOI: https://doi.org/10.1109/EISIC.2017.20

2023-08-28

Abstract:Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits from threat intelligence include increased situational awareness, efficiency in security operations, and improved prevention, detection, and response capabilities. To process, correlate, and analyze vast amounts of threat information and data and derive intelligence that can be shared and consumed in meaningful times, it is required to utilize structured, machine-readable formats that incorporate the industry-required expressivity while at the same time being unambiguous. To a large extent, this is achieved with technologies like ontologies, schemas, and taxonomies. This research evaluates the coverage and high-level conceptual expressivity of cyber-threat-intelligence-relevant ontologies, sharing standards, and taxonomies pertaining to the who, what, why, where, when, and how elements of threats and attacks in addition to courses of action and technical indicators. The results confirm that little emphasis has been given to developing a comprehensive cyber threat intelligence ontology, with existing efforts being not thoroughly designed, non-interoperable, ambiguous, and lacking proper semantics and axioms for reasoning.

Cryptography and Security

Paul Griffioen,Bruno Sinopoli

DOI: https://doi.org/10.48550/arXiv.2110.07771

2021-10-14

Cryptography and Security

Abstract:Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.

Md Habibor Rahman,Thorsten Wuest,Mohammed Shafae

DOI: https://doi.org/10.1016/j.jmsy.2023.03.009

2023-03-22

Abstract:A thorough and systematic understanding of different elements of cyberattacks is essential for developing the necessary tools to prevent, detect, diagnose, and mitigate cyberattacks in manufacturing systems. In response, researchers have proposed several attack taxonomies as methods for recognizing and categorizing various cyberattack attributes. However, those taxonomies cover selected attack attributes depending on the research focus, sometimes accompanied by inconsistent naming and definitions. These seemingly different taxonomies often overlap and can complement each other to create a comprehensive knowledge base of cyberattack attributes that is currently missing in the literature. Additionally, there is a missing link from creating structured knowledge by using a taxonomy to applying this structure for cybersecurity tools development and aiding practitioners in using it. To tackle these challenges, this article highlights how cyberattack taxonomies can be used to better understand and characterize manufacturing cybersecurity threats. It also reviews and analyzes current taxonomical classifications of manufacturing cybersecurity threat attributes and countermeasures, as well as the proliferation of the scope and coverage in existing taxonomies. As a result, these taxonomies are compiled into a more comprehensive and consistent meta-taxonomy for the smart manufacturing space. The resulting meta-taxonomy provides a holistic analysis of current taxonomies and integrates them into a unified structure. Based on this structure, this paper identifies gaps in current attack taxonomies and provides directions for future improvements. Finally, the paper introduces potential use cases for attack taxonomies in smart manufacturing systems for assessing security threats and their associated risks, devising risk mitigation strategies, and informing the application of cybersecurity frameworks.

Cryptography and Security,Systems and Control

Hanan Hindy,David Brosset,Ethan Bayne,Amar Seeam,Christos Tachtatzis,Robert Atkinson,Xavier Bellekens

DOI: https://doi.org/10.1109/ACCESS.2020.3000179

2020-06-05

Abstract:As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

Cryptography and Security,Artificial Intelligence,Networking and Internet Architecture

Marcus Walkow,Daniela Pöhn

DOI: https://doi.org/10.5220/0011644200003405

2024-07-23

Abstract:The increase of Internet services has not only created several digital identities but also more information available about the persons behind them. The data can be collected and used for attacks on digital identities as well as on identity management systems, which manage digital identities. In order to identify possible attack vectors and take countermeasures at an early stage, it is important for individuals and organizations to systematically search for and analyze the data. This paper proposes a classification of data and open-source intelligence (OSINT) tools related to identities. This classification helps to systematically search for data. In the next step, the data can be analyzed and countermeasures can be taken. Last but not least, an OSINT framework approach applying this classification for searching and analyzing data is presented and discussed.

Cryptography and Security

Piergiorgio Ladisa,Henrik Plate,Matias Martinez,Olivier Barais

DOI: https://doi.org/10.1109/SP46215.2023.00010

2022-04-20

Abstract:The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving attackers numerous opportunities to reach the goal of injecting malicious code into open-source artifacts that is then downloaded and executed by victims. This work proposes a general taxonomy for attacks on open-source supply chains, independent of specific programming languages or ecosystems, and covering all supply chain stages from code contributions to package distribution. Taking the form of an attack tree, it covers 107 unique vectors, linked to 94 real-world incidents, and mapped to 33 mitigating safeguards. User surveys conducted with 17 domain experts and 134 software developers positively validated the correctness, comprehensiveness and comprehensibility of the taxonomy, as well as its suitability for various use-cases. Survey participants also assessed the utility and costs of the identified safeguards, and whether they are used.

Cryptography and Security,Software Engineering

Stefano M. Nicoletti,Milan Lopuhaä-Zwakenberg,Mariëlle Stoelinga,Fabio Massacci,Carlos E. Budde

2024-10-19

Abstract:The landscape of cyber threats grows more complex by the day. Advanced Persistent Threats carry out systematic attack campaigns against which cybersecurity practitioners must defend. Examples of such organized attacks are operations Dream Job, Wocao, WannaCry or the SolarWinds Compromise. To evaluate which risks are most threatening, and which campaigns to prioritize against when defending, cybersecurity experts must be equipped with the right toolbox. In particular, they must be able to (a) obtain likelihood values for each attack campaign recorded in the wild and (b) reliably and transparently operationalize these values to carry out quantitative comparisons among campaigns. This will allow security experts to perform quantitatively-informed decision making that is transparent and accountable. In this paper we construct such a framework by: (1) quantifying the likelihood of attack campaigns via data-driven procedures on the MITRE knowledge base and (2) introducing a methodology for automatic modelling of MITRE intelligence data: this is complete in the sense that it captures any attack campaign via template attack tree models. (3) We further propose a computational framework to carry out this comparisons based on the cATM formal logic, and implement this into an open-source Python tool. Finally, we validate our approach by quantifying the likelihood of all MITRE campaigns, and comparing the likelihood of the Wocao and Dream Job MITRE campaigns -- generated with our proposed approach -- against "ad hoc" traditionally-built attack tree models, demonstrating how our methodology is substantially lighter in modelling effort, and still capable of capturing all the quantitative relevant data.

Cryptography and Security,Logic in Computer Science

Loic Lesavre,Priam Varin,Peter Mell,Michael Davidson,James Shook

DOI: https://doi.org/10.6028/NIST.CSWP.01142020

2020-01-16

Abstract:Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issues, such as enabling mass data collection and user tracking. Blockchain technology has the potential to alleviate these concerns: it can support the ability for users to control the custody of their own identifiers and credentials, enabling novel data ownership and governance models with built-in control and consent mechanisms. Hence, blockchain-based IDMSs, which could benefit both users and businesses, are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in blockchain architectures, governance models, and other salient features. Context is provided for the taxonomy through the description of related terms, emerging standards, and use cases while highlighting relevant security and privacy considerations.

Computer Science

Ivan Homoliak,Flavio Toffalini,Juan Guarnizo,Yuval Elovici,Martín Ochoa

DOI: https://doi.org/10.48550/arXiv.1805.01612

2018-05-04

Cryptography and Security

Abstract:Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Kumar Saurabh,Deepak Gajjala,Krishna Kaipa,Ranjana Vyas,O. P. Vyas,Rahamatullah Khondoker

DOI: https://doi.org/10.1007/s13369-023-08600-3

IF: 2.807

2024-06-19

Arabian Journal for Science and Engineering

Abstract:Industrial cyber-physical systems (ICPS) are gradually integrating Information Technology (IT) and automating industrial processes, leading systems to become more vulnerable to malicious actors. Thus, to deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. To identify all possible threats, "Threat Modeling" is a promising solution. Despite the existence of numerous methodological solutions for threat modeling in Cyber-Physical Systems (CPS), current approaches are ad hoc and inefficient in providing clear insights to researchers and organizations involved in Industrial Internet of Things (IIoT) technologies. These approaches lack a comprehensive analysis of cyber threats and fail to facilitate effective path analysis across the ICPS lifecycle, incorporating smart manufacturing technologies and tools. To address these gaps, a novel quantitative threat modeling approach is proposed, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector. This manuscript also explains the execution of the proposed approach through two case studies: the industrial manufacturing line, referred to as the Internet of Manufacturing (IoM), and the power industry, known as the Internet of Production (IoP).

multidisciplinary sciences

Mohamed Zaoui,Belfaik Yousra,Sadqi Yassine,Maleh Yassine,Ouazzane Karim

DOI: https://doi.org/10.1109/access.2024.3403197

IF: 3.9

2024-05-28

IEEE Access

Abstract:Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiang Wei

DOI: https://doi.org/10.1109/isra.2012.6219182

2012-01-01

Abstract:With the rapid development of the Internet and information technology, attacks over the years have become both increasingly numerous and sophisticated. In order to understanding and defending against cyber attacks, it is necessary to understand the classes of attack. In this paper, we focus on computer and network attacks and survey a taxonomy of them.

Weiwu Ren,Liang Hu,Kuo Zhao,Bing Jia

DOI: https://doi.org/10.4028/www.scientific.net/amr.694-697.2466

2013-01-01

Advanced Materials Research

Abstract:Semantic modeling has become indispensable to integrate various specific security issues of Internet of Things. How to describe attack scenarios and how to define an intrusion unambiguously has been an urgent problem. For solving two above problems, a new three-level information security ontology model is proposed, which is an initial attempt to solve security issues by means of ontology technology. Five top classes are proposed in the domain ontology level. Then their subclasses are also proposed on the basis of actual scenarios in the local ontology level. Our intelligent laboratory, as experiment scenarios, is partly instantiated.

Sagnik Basumallik

DOI: https://doi.org/10.48550/arXiv.2002.11011

2020-02-25

Systems and Control

Abstract:In a macro-economic system, all major sectors: agriculture, extraction of natural resources, manufacturing, construction, transport, communication and health services, are dependent on a reliable supply of electricity. Targeted attacks on power networks can lead to disruption in operations, causing significant economic and social losses. When cyber networks in power system are compromised, time-critical data can be dropped and modified, which can impede real time operations and decision making. This paper tracks the progress of research in power system cyber security over the last decade and presents a taxonomy of data attacks. Nineteen different attack models against major operation and control blocks are classified into four areas: steady state control, transient and auxiliary control, substation control and load control. For each class, a comprehensive review of mathematical attack models is presented. The goal is to provide a theoretically balanced approach to cyber attacks and their impacts on the reliable functioning of the electric grid.

I. Homoliak,J. Guarnizo,Martín Ochoa,Flavio Toffalini,Y. Elovici

Abstract:Insider threats are one of today’s most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers’ efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders’ behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Computer Science,Law

Yashika Yashika,Deepti Prakash

DOI: https://doi.org/10.1080/01973533.2024.2418857

2024-10-29

Basic and Applied Social Psychology

Abstract:This paper explores "Identity Threat," focusing on how individuals' self-perceptions, shaped by their connections and experiences, can be undermined, especially in the workplace. Such threats in organizational settings trigger strong reactions from members and have profound implications for overall well-being. We analyze 49 relevant papers from the Web of Science, presenting a framework that elucidates the causes, choices, and consequences of Identity Threat, along with methodologies, settings, and underlying theories. Advanced techniques are proposed to further empirical investigations, ensuring a rigorous foundation for future studies. The paper identifies gaps in existing research and suggests avenues for additional analysis, emphasizing its uniqueness through the application of the TCM (Theories Context Methodology) and ADO (Antecedents Decisions & Outcomes) framework.

psychology, social

Asha S.,Shanmugapriya D.

DOI: https://doi.org/10.1016/j.future.2024.04.033

IF: 7.307

2024-04-27

Future Generation Computer Systems

Abstract:In cybersecurity, one of the most significant challenges is an insider threat, in which existing researchers must provide an extensive solution aiming at an enhanced security network. This study proposes a comprehensive taxonomy as well as a state-of-the-art research categorization according to the contribution of insider threat incidents and the defensive mechanism utilized against such insiders. The major objective of a proposed categorization is to provide structural information in the field of insider threat based on past research theories for analyzing literature review. The proposed categorization is classified into four groups: (i) dataset analysis, (ii) incident analysis, (iii) defensive solution, and (iv) encountered challenges. However, the respective taxonomies and annotations are included for complete insight into insiders. i.e., existing studies on systematic taxonomy based on incidents of insider threats are presented. The major contribution of this study in the area of insider threat is to deliver the following knowledge to upcoming domain specific researchers: (i) taxonomy in an innovative systematic approach concerning the categories of incidents and determine the possible defensive mechanism against insiders. (ii) a study on available benchmark datasets used by existing research for evaluating the defensive mechanisms. (iii) a brief description of past solutions and frameworks to model insider behavior with the aim of studying existing defensive mechanisms, and (iv) a short discussion of challenges encountered by defensive solutions based on existing research in the area of insider threat.

computer science, theory & methods