Visible to the public Biblio

Filters: Keyword is Uncertainty  [Clear All Filters]
2021-07-28
Grimsman, David, Hespanha, João P., Marden, Jason R..  2020.  Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks. 2020 American Control Conference (ACC). :5364—5369.
We consider a two-player zero-sum network routing game in which a router wants to maximize the amount of legitimate traffic that flows from a given source node to a destination node and an attacker wants to block as much legitimate traffic as possible by flooding the network with malicious traffic. We address scenarios with asymmetric information, in which the router must reveal its policy before the attacker decides how to distribute the malicious traffic among the network links, which is naturally modeled by the notion of Stackelberg equilibria. The paper focuses on parallel networks, and includes three main contributions: we show that computing the optimal attack policy against a given routing policy is an NP-hard problem; we establish conditions under which the Stackelberg equilibria lead to no regret; and we provide a metric that can be used to quantify how uncertainty about the attacker's capabilities limits the router's performance.
2021-07-02
Yang, Yang, Wang, Ruchuan.  2020.  LBS-based location privacy protection mechanism in augmented reality. 2020 International Conference on Internet of Things and Intelligent Applications (ITIA). :1—6.
With the development of augmented reality(AR) technology and location-based service (LBS) technology, combining AR with LBS will create a new way of life and socializing. In AR, users may consider the privacy and security of data. In LBS, the leakage of user location privacy is an important threat to LBS users. Therefore, it is very important for privacy management of positioning information and user location privacy to avoid loopholes and abuse. In this review, the concepts and principles of AR technology and LBS would be introduced. The existing privacy measurement and privacy protection framework would be analyzed and summarized. Also future research direction of location privacy protection would be discussed.
2021-05-25
Nazemi, Mostafa, Dehghanian, Payman, Alhazmi, Mohannad, Wang, Fei.  2020.  Multivariate Uncertainty Characterization for Resilience Planning in Electric Power Systems. 2020 IEEE/IAS 56th Industrial and Commercial Power Systems Technical Conference (I CPS). :1—8.
Following substantial advancements in stochastic classes of decision-making optimization problems, scenario-based stochastic optimization, robust\textbackslashtextbackslash distributionally robust optimization, and chance-constrained optimization have recently gained an increasing attention. Despite the remarkable developments in probabilistic forecast of uncertainties (e.g., in renewable energies), most approaches are still being employed in a univariate framework which fails to unlock a full understanding on the underlying interdependence among uncertain variables of interest. In order to yield cost-optimal solutions with predefined probabilistic guarantees, conditional and dynamic interdependence in uncertainty forecasts should be accommodated in power systems decision-making. This becomes even more important during the emergencies where high-impact low-probability (HILP) disasters result in remarkable fluctuations in the uncertain variables. In order to model the interdependence correlation structure between different sources of uncertainty in power systems during both normal and emergency operating conditions, this paper aims to bridge the gap between the probabilistic forecasting methods and advanced optimization paradigms; in particular, perdition regions are generated in the form of ellipsoids with probabilistic guarantees. We employ a modified Khachiyan's algorithm to compute the minimum volume enclosing ellipsoids (MVEE). Application results based on two datasets on wind and photovoltaic power are used to verify the efficiency of the proposed framework.
Cai, Feiyang, Li, Jiani, Koutsoukos, Xenofon.  2020.  Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression. 2020 IEEE Security and Privacy Workshops (SPW). :208–214.

Learning-enabled components (LECs) are widely used in cyber-physical systems (CPS) since they can handle the uncertainty and variability of the environment and increase the level of autonomy. However, it has been shown that LECs such as deep neural networks (DNN) are not robust and adversarial examples can cause the model to make a false prediction. The paper considers the problem of efficiently detecting adversarial examples in LECs used for regression in CPS. The proposed approach is based on inductive conformal prediction and uses a regression model based on variational autoencoder. The architecture allows to take into consideration both the input and the neural network prediction for detecting adversarial, and more generally, out-of-distribution examples. We demonstrate the method using an advanced emergency braking system implemented in an open source simulator for self-driving cars where a DNN is used to estimate the distance to an obstacle. The simulation results show that the method can effectively detect adversarial examples with a short detection delay.

2021-05-13
Zhang, Yaqin, Ma, Duohe, Sun, Xiaoyan, Chen, Kai, Liu, Feng.  2020.  WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense. 2020 IEEE International Conference on Web Services (ICWS). :364–371.
Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.
2021-05-05
Cano M, Jeimy J..  2020.  Sandbox: Revindicate failure as the foundation of learning. 2020 IEEE World Conference on Engineering Education (EDUNINE). :1—6.

In an increasingly asymmetric context of both instability and permanent innovation, organizations demand new capacities and learning patterns. In this sense, supervisors have adopted the metaphor of the "sandbox" as a strategy that allows their regulated parties to experiment and test new proposals in order to study them and adjust to the established compliance frameworks. Therefore, the concept of the "sandbox" is of educational interest as a way to revindicate failure as a right in the learning process, allowing students to think, experiment, ask questions and propose ideas outside the known theories, and thus overcome the mechanistic formation rooted in many of the higher education institutions. Consequently, this article proposes the application of this concept for educational institutions as a way of resignifying what students have learned.

Rana, Krishan, Dasagi, Vibhavari, Talbot, Ben, Milford, Michael, Sünderhauf, Niko.  2020.  Multiplicative Controller Fusion: Leveraging Algorithmic Priors for Sample-efficient Reinforcement Learning and Safe Sim-To-Real Transfer. 2020 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). :6069—6076.
Learning-based approaches often outperform hand-coded algorithmic solutions for many problems in robotics. However, learning long-horizon tasks on real robot hardware can be intractable, and transferring a learned policy from simulation to reality is still extremely challenging. We present a novel approach to model-free reinforcement learning that can leverage existing sub-optimal solutions as an algorithmic prior during training and deployment. During training, our gated fusion approach enables the prior to guide the initial stages of exploration, increasing sample-efficiency and enabling learning from sparse long-horizon reward signals. Importantly, the policy can learn to improve beyond the performance of the sub-optimal prior since the prior's influence is annealed gradually. During deployment, the policy's uncertainty provides a reliable strategy for transferring a simulation-trained policy to the real world by falling back to the prior controller in uncertain states. We show the efficacy of our Multiplicative Controller Fusion approach on the task of robot navigation and demonstrate safe transfer from simulation to the real world without any fine-tuning. The code for this project is made publicly available at https://sites.google.com/view/mcf-nav/home.
2021-05-03
Shen, Shen, Tedrake, Russ.  2020.  Sampling Quotient-Ring Sum-of-Squares Programs for Scalable Verification of Nonlinear Systems. 2020 59th IEEE Conference on Decision and Control (CDC). :2535–2542.
This paper presents a novel method, combining new formulations and sampling, to improve the scalability of sum-of-squares (SOS) programming-based system verification. Region-of-attraction approximation problems are considered for polynomial, polynomial with generalized Lur'e uncertainty, and rational trigonometric multi-rigid-body systems. Our method starts by identifying that Lagrange multipliers, traditionally heavily used for S-procedures, are a major culprit of creating bloated SOS programs. In light of this, we exploit inherent system properties-continuity, convexity, and implicit algebraic structure-and reformulate the problems as quotient-ring SOS programs, thereby eliminating all the multipliers. These new programs are smaller, sparser, less constrained, yet less conservative. Their computation is further improved by leveraging a recent result on sampling algebraic varieties. Remarkably, solution correctness is guaranteed with just a finite (in practice, very small) number of samples. Altogether, the proposed method can verify systems well beyond the reach of existing SOS-based approaches (32 states); on smaller problems where a baseline is available, it computes tighter solution 2-3 orders of magnitude faster.
2021-04-08
Cao, Z., Deng, H., Lu, L., Duan, X..  2014.  An information-theoretic security metric for future wireless communication systems. 2014 XXXIth URSI General Assembly and Scientific Symposium (URSI GASS). :1–4.
Quantitative analysis of security properties in wireless communication systems is an important issue; it helps us get a comprehensive view of security and can be used to compare the security performance of different systems. This paper analyzes the security of future wireless communication system from an information-theoretic point of view and proposes an overall security metric. We demonstrate that the proposed metric is more reasonable than some existing metrics and it is highly sensitive to some basic parameters and helpful to do fine-grained tuning of security performance.
2021-03-29
Ateş, Ç, Özdel, S., Anarim, E..  2020.  DDoS Detection Algorithm Based on Fuzzy Logic. 2020 28th Signal Processing and Communications Applications Conference (SIU). :1—4.

While internet technologies are developing day by day, threats against them are increasing at the same speed. One of the most serious and common types of attacks is Distributed Denial of Service (DDoS) attacks. The DDoS intrusion detection approach proposed in this study is based on fuzzy logic and entropy. The network is modeled as a graph and graphics-based features are used to distinguish attack traffic from non-attack traffic. Fuzzy clustering is applied based on these properties to indicate the tendency of IP addresses or port numbers to be in the same cluster. Based on this uncertainty, attack and non-attack traffic were modeled. The detection stage uses the fuzzy relevance function. This algorithm was tested on real data collected from Boğaziçi University network.

2021-03-09
Le, T. V., Huan, T. T..  2020.  Computational Intelligence Towards Trusted Cloudlet Based Fog Computing. 2020 5th International Conference on Green Technology and Sustainable Development (GTSD). :141—147.

The current trend of IoT user is toward the use of services and data externally due to voluminous processing, which demands resourceful machines. Instead of relying on the cloud of poor connectivity or a limited bandwidth, the IoT user prefers to use a cloudlet-based fog computing. However, the choice of cloudlet is solely dependent on its trust and reliability. In practice, even though a cloudlet possesses a required trusted platform module (TPM), we argue that the presence of a TPM is not enough to make the cloudlet trustworthy as the TPM supports only the primitive security of the bootstrap. Besides uncertainty in security, other uncertain conditions of the network (e.g. network bandwidth, latency and expectation time to complete a service request for cloud-based services) may also prevail for the cloudlets. Therefore, in order to evaluate the trust value of multiple cloudlets under uncertainty, this paper broadly proposes the empirical process for evaluation of trust. This will be followed by a measure of trust-based reputation of cloudlets through computational intelligence such as fuzzy logic and ant colony optimization (ACO). In the process, fuzzy logic-based inference and membership evaluation of trust are presented. In addition, ACO and its pheromone communication across different colonies are being modeled with multiple cloudlets. Finally, a measure of affinity or popular trust and reputation of the cloudlets is also proposed. Together with the context of application under multiple cloudlets, the computationally intelligent approaches have been investigated in terms of performance. Hence the contribution is subjected towards building a trusted cloudlet-based fog platform.

2021-03-01
Xiao, R., Li, X., Pan, M., Zhao, N., Jiang, F., Wang, X..  2020.  Traffic Off-Loading over Uncertain Shared Spectrums with End-to-End Session Guarantee. 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). :1–5.
As a promising solution of spectrum shortage, spectrum sharing has received tremendous interests recently. However, under different sharing policies of different licensees, the shared spectrum is heterogeneous both temporally and spatially, and is usually uncertain due to the unpredictable activities of incumbent users. In this paper, considering the spectrum uncertainty, we propose a spectrum sharing based delay-tolerant traffic off-loading (SDTO) scheme. To capture the available heterogeneous shared bands, we adopt a mesh cognitive radio network and employ the multi-hop transmission mode. To statistically guarantee the end-to-end (E2E) session request under the uncertain spectrum supply, we formulate the SDTO scheme into a stochastic optimization problem, which is transformed into a mixed integer nonlinear programming (MINLP) problem. Then, a coarse-fine search based iterative heuristic algorithm is proposed to solve the MINLP problem. Simulation results demonstrate that the proposed SDTO scheme can well schedule the network resource with an E2E session guarantee.
2021-02-16
Kowalski, P., Zocholl, M., Jousselme, A.-L..  2020.  Explainability in threat assessment with evidential networks and sensitivity spaces. 2020 IEEE 23rd International Conference on Information Fusion (FUSION). :1—8.
One of the main threats to the underwater communication cables identified in the recent years is possible tampering or damage by malicious actors. This paper proposes a solution with explanation abilities to detect and investigate this kind of threat within the evidence theory framework. The reasoning scheme implements the traditional “opportunity-capability-intent” threat model to assess a degree to which a given vessel may pose a threat. The scenario discussed considers a variety of possible pieces of information available from different sources. A source quality model is used to reason with the partially reliable sources and the impact of this meta-information on the overall assessment is illustrated. Examples of uncertain relationships between the relevant variables are modelled and the constructed model is used to investigate the probability of threat of four vessels of different types. One of these cases is discussed in more detail to demonstrate the explanation abilities. Explanations about inference are provided thanks to sensitivity spaces in which the impact of the different pieces of information on the reasoning are compared.
2021-02-10
Kim, S. W., Ta, H. Q..  2020.  Covert Communication by Exploiting Node Multiplicity and Channel Variations. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—6.
We present a covert (low probability of detection) communication scheme that exploits the node multiplicity and channel variations in wireless broadcast networks. The transmitter hides the covert (private) message by superimposing it onto a non-covert (public) message such that the total transmission power remains the same whether or not the covert message is transmitted. It makes the detection of the covert message impossible unless the non-covert message is decoded. We exploit the multiplicity of non-covert messages (users) to provide a degree of freedom in choosing the non-covert message such that the total detection error probability (sum of the probability of false alarm and missed detection) is maximized. We also exploit the channel variation to minimize the throughput loss on the non-covert message by sending the covert message only when the transmission rate of the non-covert message is low. We show that the total detection error probability converges fast to 1 as the number of non-covert users increases and that the total detection error probability increases as the transmit power increases, without requiring a pre-shared secret among the nodes.
2021-02-01
Han, W., Schulz, H.-J..  2020.  Beyond Trust Building — Calibrating Trust in Visual Analytics. 2020 IEEE Workshop on TRust and EXpertise in Visual Analytics (TREX). :9–15.
Trust is a fundamental factor in how users engage in interactions with Visual Analytics (VA) systems. While the importance of building trust to this end has been pointed out in research, the aspect that trust can also be misplaced is largely ignored in VA so far. This position paper addresses this aspect by putting trust calibration in focus – i.e., the process of aligning the user’s trust with the actual trustworthiness of the VA system. To this end, we present the trust continuum in the context of VA, dissect important trust issues in both VA systems and users, as well as discuss possible approaches that can build and calibrate trust.
2021-01-28
Bhattacharya, A., Ramachandran, T., Banik, S., Dowling, C. P., Bopardikar, S. D..  2020.  Automated Adversary Emulation for Cyber-Physical Systems via Reinforcement Learning. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1—6.

Adversary emulation is an offensive exercise that provides a comprehensive assessment of a system’s resilience against cyber attacks. However, adversary emulation is typically a manual process, making it costly and hard to deploy in cyber-physical systems (CPS) with complex dynamics, vulnerabilities, and operational uncertainties. In this paper, we develop an automated, domain-aware approach to adversary emulation for CPS. We formulate a Markov Decision Process (MDP) model to determine an optimal attack sequence over a hybrid attack graph with cyber (discrete) and physical (continuous) components and related physical dynamics. We apply model-based and model-free reinforcement learning (RL) methods to solve the discrete-continuous MDP in a tractable fashion. As a baseline, we also develop a greedy attack algorithm and compare it with the RL procedures. We summarize our findings through a numerical study on sensor deception attacks in buildings to compare the performance and solution quality of the proposed algorithms.

2020-12-01
Zhang, Y., Deng, L., Chen, M., Wang, P..  2018.  Joint Bidding and Geographical Load Balancing for Datacenters: Is Uncertainty a Blessing or a Curse? IEEE/ACM Transactions on Networking. 26:1049—1062.

We consider the scenario where a cloud service provider (CSP) operates multiple geo-distributed datacenters to provide Internet-scale service. Our objective is to minimize the total electricity and bandwidth cost by jointly optimizing electricity procurement from wholesale markets and geographical load balancing (GLB), i.e., dynamically routing workloads to locations with cheaper electricity. Under the ideal setting where exact values of market prices and workloads are given, this problem reduces to a simple linear programming and is easy to solve. However, under the realistic setting where only distributions of these variables are available, the problem unfolds into a non-convex infinite-dimensional one and is challenging to solve. One of our main contributions is to develop an algorithm that is proven to solve the challenging problem optimally, by exploring the full design space of strategic bidding. Trace-driven evaluations corroborate our theoretical results, demonstrate fast convergence of our algorithm, and show that it can reduce the cost for the CSP by up to 20% as compared with baseline alternatives. This paper highlights the intriguing role of uncertainty in workloads and market prices, measured by their variances. While uncertainty in workloads deteriorates the cost-saving performance of joint electricity procurement and GLB, counter-intuitively, uncertainty in market prices can be exploited to achieve a cost reduction even larger than the setting without price uncertainty.

2020-11-23
Haddad, G. El, Aïmeur, E., Hage, H..  2018.  Understanding Trust, Privacy and Financial Fears in Online Payment. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :28–36.
In online payment, customers must transmit their personal and financial information through the website to conclude their purchase and pay the services or items selected. They may face possible fears from online transactions raised by their risk perception about financial or privacy loss. They may have concerns over the payment decision with the possible negative behaviors such as shopping cart abandonment. Therefore, customers have three major players that need to be addressed in online payment: the online seller, the payment page, and their own perception. However, few studies have explored these three players in an online purchasing environment. In this paper, we focus on the customer concerns and examine the antecedents of trust, payment security perception as well as their joint effect on two fundamentally important customers' aspects privacy concerns and financial fear perception. A total of 392 individuals participated in an online survey. The results highlight the importance, of the seller website's components (such as ease of use, security signs, and quality information) and their impact on the perceived payment security as well as their impact on customer's trust and financial fear perception. The objective of our study is to design a research model that explains the factors contributing to an online payment decision.
Tagliaferri, M., Aldini, A..  2018.  A Trust Logic for Pre-Trust Computations. 2018 21st International Conference on Information Fusion (FUSION). :2006–2012.
Computational trust is the digital counterpart of the human notion of trust as applied in social systems. Its main purpose is to improve the reliability of interactions in online communities and of knowledge transfer in information management systems. Trust models are formal frameworks in which the notion of computational trust is described rigorously and where its dynamics are explained precisely. In this paper we will consider and extend a computational trust model, i.e., JØsang's Subjective Logic: we will show how this model is well-suited to describe the dynamics of computational trust, but lacks effective tools to compute initial trust values to feed in the model. To overcome some of the issues with subjective logic, we will introduce a logical language which can be employed to describe and reason about trust. The core ideas behind the logical language will turn out to be useful in computing initial trust values to feed into subjective logic. The aim of the paper is, therefore, that of providing an improvement on subjective logic.
2020-11-02
Fedosova, Tatyana V., Masych, Marina A., Afanasyev, Anton A., Borovskaya, Marina A., Liabakh, Nikolay N..  2018.  Development of Quantitative Methods for Evaluating Intellectual Resources in the Digital Economy. 2018 IEEE International Conference "Quality Management, Transport and Information Security, Information Technologies" (IT QM IS). :629—634.

The paper outlines the concept of the Digital economy, defines the role and types of intellectual resources in the context of digitalization of the economy, reviews existing approaches and methods to intellectual property valuation and analyzes drawbacks of quantitative evaluation of intellectual resources (based intellectual property valuation) related to: uncertainty, noisy data, heterogeneity of resources, nonformalizability, lack of reliable tools for measuring the parameters of intellectual resources and non-stationary development of intellectual resources. The results of the study offer the ways of further development of methods for quantitative evaluation of intellectual resources (inter alia aimed at their capitalization).

2020-10-05
Lowney, M. Phil, Liu, Hong, Chabot, Eugene.  2018.  Trust Management in Underwater Acoustic MANETs based on Cloud Theory using Multi-Parameter Metrics. 2018 International Carnahan Conference on Security Technology (ICCST). :1—5.

With wide applications like surveillance and imaging, securing underwater acoustic Mobile Ad-hoc NETworks (MANET) becomes a double-edged sword for oceanographic operations. Underwater acoustic MANET inherits vulnerabilities from 802.11-based MANET which renders traditional cryptographic approaches defenseless. A Trust Management Framework (TMF), allowing maintained confidence among participating nodes with metrics built from their communication activities, promises secure, efficient and reliable access to terrestrial MANETs. TMF cannot be directly applied to the underwater environment due to marine characteristics that make it difficult to differentiate natural turbulence from intentional misbehavior. This work proposes a trust model to defend underwater acoustic MANETs against attacks using a machine learning method with carefully chosen communication metrics, and a cloud model to address the uncertainty of trust in harsh underwater environments. By integrating the trust framework of communication with the cloud model to combat two kinds of uncertainties: fuzziness and randomness, trust management is greatly improved for underwater acoustic MANETs.

Ahmed, Abdelmuttlib Ibrahim Abdalla, Khan, Suleman, Gani, Abdullah, Hamid, Siti Hafizah Ab, Guizani, Mohsen.  2018.  Entropy-based Fuzzy AHP Model for Trustworthy Service Provider Selection in Internet of Things. 2018 IEEE 43rd Conference on Local Computer Networks (LCN). :606—613.

Nowadays, trust and reputation models are used to build a wide range of trust-based security mechanisms and trust-based service management applications on the Internet of Things (IoT). Considering trust as a single unit can result in missing important and significant factors. We split trust into its building-blocks, then we sort and assign weight to these building-blocks (trust metrics) on the basis of its priorities for the transaction context of a particular goal. To perform these processes, we consider trust as a multi-criteria decision-making problem, where a set of trust worthiness metrics represent the decision criteria. We introduce Entropy-based fuzzy analytic hierarchy process (EFAHP) as a trust model for selecting a trustworthy service provider, since the sense of decision making regarding multi-metrics trust is structural. EFAHP gives 1) fuzziness, which fits the vagueness, uncertainty, and subjectivity of trust attributes; 2) AHP, which is a systematic way for making decisions in complex multi-criteria decision making; and 3) entropy concept, which is utilized to calculate the aggregate weights for each service provider. We present a numerical illustration in trust-based Service Oriented Architecture in the IoT (SOA-IoT) to demonstrate the service provider selection using the EFAHP Model in assessing and aggregating the trust scores.

Yu, Zihuan.  2018.  Research on Cloud Computing Security Evaluation Model Based on Trust Management. 2018 IEEE 4th International Conference on Computer and Communications (ICCC). :1934—1937.

At present, cloud computing technology has made outstanding contributions to the Internet in data unification and sharing applications. However, the problem of information security in cloud computing environment has to be paid attention to and effective measures have to be taken to solve it. In order to control the data security under cloud services, the DS evidence theory method is introduced. The trust management mechanism is established from the source of big data, and a cloud computing security assessment model is constructed to achieve the quantifiable analysis purpose of cloud computing security assessment. Through the simulation, the innovative way of quantifying the confidence criterion through big data trust management and DS evidence theory not only regulates the data credible quantification mechanism under cloud computing, but also improves the effectiveness of cloud computing security assessment, providing a friendly service support platform for subsequent cloud computing service.

2020-09-18
Guo, Xiaolong, Dutta, Raj Gautam, He, Jiaji, Tehranipoor, Mark M., Jin, Yier.  2019.  QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :91—100.
Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.
2020-08-24
Yeboah-Ofori, Abel, Islam, Shareeful, Brimicombe, Allan.  2019.  Detecting Cyber Supply Chain Attacks on Cyber Physical Systems Using Bayesian Belief Network. 2019 International Conference on Cyber Security and Internet of Things (ICSIoT). :37–42.

Identifying cyberattack vectors on cyber supply chains (CSC) in the event of cyberattacks are very important in mitigating cybercrimes effectively on Cyber Physical Systems CPS. However, in the cyber security domain, the invincibility nature of cybercrimes makes it difficult and challenging to predict the threat probability and impact of cyber attacks. Although cybercrime phenomenon, risks, and treats contain a lot of unpredictability's, uncertainties and fuzziness, cyberattack detection should be practical, methodical and reasonable to be implemented. We explore Bayesian Belief Networks (BBN) as knowledge representation in artificial intelligence to be able to be formally applied probabilistic inference in the cyber security domain. The aim of this paper is to use Bayesian Belief Networks to detect cyberattacks on CSC in the CPS domain. We model cyberattacks using DAG method to determine the attack propagation. Further, we use a smart grid case study to demonstrate the applicability of attack and the cascading effects. The results show that BBN could be adapted to determine uncertainties in the event of cyberattacks in the CSC domain.