Visible to the public Biblio

Filters: Keyword is cyber  [Clear All Filters]
2021-03-29
DiMase, D., Collier, Z. A., Chandy, J., Cohen, B. S., D'Anna, G., Dunlap, H., Hallman, J., Mandelbaum, J., Ritchie, J., Vessels, L..  2020.  A Holistic Approach to Cyber Physical Systems Security and Resilience. 2020 IEEE Systems Security Symposium (SSS). :1—8.

A critical need exists for collaboration and action by government, industry, and academia to address cyber weaknesses or vulnerabilities inherent to embedded or cyber physical systems (CPS). These vulnerabilities are introduced as we leverage technologies, methods, products, and services from the global supply chain throughout a system's lifecycle. As adversaries are exploiting these weaknesses as access points for malicious purposes, solutions for system security and resilience become a priority call for action. The SAE G-32 Cyber Physical Systems Security Committee has been convened to address this complex challenge. The SAE G-32 will take a holistic systems engineering approach to integrate system security considerations to develop a Cyber Physical System Security Framework. This framework is intended to bring together multiple industries and develop a method and common language which will enable us to more effectively, efficiently, and consistently communicate a risk, cost, and performance trade space. The standard will allow System Integrators to make decisions utilizing a common framework and language to develop affordable, trustworthy, resilient, and secure systems.

2021-01-11
Whyte, C..  2020.  Problems of Poison: New Paradigms and "Agreed" Competition in the Era of AI-Enabled Cyber Operations. 2020 12th International Conference on Cyber Conflict (CyCon). 1300:215–232.
Few developments seem as poised to alter the characteristics of security in the digital age as the advent of artificial intelligence (AI) technologies. For national defense establishments, the emergence of AI techniques is particularly worrisome, not least because prototype applications already exist. Cyber attacks augmented by AI portend the tailored manipulation of human vectors within the attack surface of important societal systems at great scale, as well as opportunities for calamity resulting from the secondment of technical skill from the hacker to the algorithm. Arguably most important, however, is the fact that AI-enabled cyber campaigns contain great potential for operational obfuscation and strategic misdirection. At the operational level, techniques for piggybacking onto routine activities and for adaptive evasion of security protocols add uncertainty, complicating the defensive mission particularly where adversarial learning tools are employed in offense. Strategically, AI-enabled cyber operations offer distinct attempts to persistently shape the spectrum of cyber contention may be able to pursue conflict outcomes beyond the expected scope of adversary operation. On the other, AI-augmented cyber defenses incorporated into national defense postures are likely to be vulnerable to "poisoning" attacks that predict, manipulate and subvert the functionality of defensive algorithms. This article takes on two primary tasks. First, it considers and categorizes the primary ways in which AI technologies are likely to augment offensive cyber operations, including the shape of cyber activities designed to target AI systems. Then, it frames a discussion of implications for deterrence in cyberspace by referring to the policy of persistent engagement, agreed competition and forward defense promulgated in 2018 by the United States. Here, it is argued that the centrality of cyberspace to the deployment and operation of soon-to-be-ubiquitous AI systems implies new motivations for operation within the domain, complicating numerous assumptions that underlie current approaches. In particular, AI cyber operations pose unique measurement issues for the policy regime.
2020-12-17
Promyslov, V., Semenkov, K..  2020.  Security Threats for Autonomous and Remotely Controlled Vehicles in Smart City. 2020 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1—5.

The paper presents a comprehensive model of cybersecurity threats for a system of autonomous and remotely controlled vehicles (AV) in the environment of a smart city. The main focus in the security context is given to the “integrity” property. That property is of higher importance for industrial control systems in comparison with other security properties (availability and confidentiality). The security graph, which is part of the model, is dynamic, and, in real cases, its analysis may require significant computing resources for AV systems with a large number of assets and connections. The simplified example of the security graph for the AV system is presented.

2020-10-05
Fowler, Stuart, Sitnikova, Elena.  2019.  Toward a framework for assessing the cyber-worthiness of complex mission critical systems. 2019 Military Communications and Information Systems Conference (MilCIS). :1–6.
Complex military systems are typically cyber-physical systems which are the targets of high level threat actors, and must be able to operate within a highly contested cyber environment. There is an emerging need to provide a strong level of assurance against these threat actors, but the process by which this assurance can be tested and evaluated is not so clear. This paper outlines an initial framework developed through research for evaluating the cyber-worthiness of complex mission critical systems using threat models developed in SysML. The framework provides a visual model of the process by which a threat actor could attack the system. It builds on existing concepts from system safety engineering and expands on how to present the risks and mitigations in an understandable manner.
2020-08-24
Webb, Josselyn A., Henderson, Michelle W., Webb, Michael L..  2019.  An Open Source Approach to Automating Surveillance and Compliance of Automatic Test Systems. 2019 IEEE AUTOTESTCON. :1–8.
With the disconnected nature of some Automatic Test Systems, there is no possibility for a centralized infrastructure of sense and response in Cybersecurity. For scalability, a cost effective onboard approach will be necessary. In smaller companies where connectivity is not a concern, costly commercial solutions will impede the implementation of surveillance and compliance options. In this paper we propose to demonstrate an open source strategy using freely available Security Technical Implementation Guidelines (STIGs), internet resources, and supporting software stacks, such as OpenScap, HubbleStack, and (ElasticSearch, Logstash, and Kibana (ElasticStack)) to deliver an affordable solution to this problem. OpenScap will provide tools for managing system security and standards compliance. HubbleStack will be employed to automate compliance via its components: NOVA (an auditing engine), Nebula (osquery integration), Pulsar (event system) and Quasar (reporting system). Our intention is utilize NOVA in conjunction with OpenScap to CVE (Common Vulnerabilities and Exposures) scan and netstat for open ports and processes. Additionally we will monitor services and status, firewall settings, and use Nebula's integration of Facebook's osquery to detect vulnerabilities by querying the Operating System. Separately we plan to use Pulsar, a fast file integrity manger, to monitor the integrity of critical files such as system, test, and Hardware Abstraction Layer (HAL) software to ensure the system retains its integrity. All of this will be reported by Quasar, HubbleStack's reporting engine. We will provide situational awareness through the use of the open source Elastic Stack. ElasticSearch is a RESTful search and analytics engine. Logstash is an open source data processing pipeline that enables the ingestion of data from multiple sources sending it through extensible interfaces, in this case ElasticSearch. Kibana supports the visualization of data. Essentially Elastic Stack will be the presentation layer, HubbleStack will be the broker of the data to Elastic Stash, with the other HubbleStack components feeding that data. All of the tools involved are open source in nature, reducing the cost to the overhead required to keep configurations up to date, training on use, and analytics required to review the outputs.
2020-06-03
Khalaf, Rayan Sulaiman, Varol, Asaf.  2019.  Digital Forensics: Focusing on Image Forensics. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1—5.

The world is continuously developing, and people's needs are increasing as well; so too are the number of thieves increasing, especially electronic thieves. For that reason, companies and individuals are always searching for experts who will protect them from thieves, and these experts are called digital investigators. Digital forensics has a number of branches and different parts, and image forensics is one of them. The budget for the images branch goes up every day in response to the need. In this paper we offer some information about images and image forensics, image components and how they are stored in digital devices and how they can be deleted and recovered. We offer general information about digital forensics, focusing on image forensics.

2019-12-18
Brantly, Aaron F..  2018.  The cyber deterrence problem. 2018 10th International Conference on Cyber Conflict (CyCon). :31–54.
What is the role of deterrence in an age where adept hackers can credibly hold strategic assets at risk? Do conventional frameworks of deterrence maintain their applicability and meaning against state actors in cyberspace? Is it possible to demonstrate credibility with either in-domain or cross-domain signaling or is cyberspace fundamentally ill-suited to the application of deterrence frameworks? Building on concepts from both rational deterrence theory and cognitive theories of deterrence this work attempts to leverage relevant examples from both within and beyond cyberspace to examine applicability of deterrence in the digital age and for digital tools in an effort to shift the conversation from Atoms to Bits and Bytes.
2019-10-30
Lewis, Matt.  2018.  Using Graph Databases to Assess the Security of Thingernets Based on the Thingabilities and Thingertivity of Things. Living in the Internet of Things: Cybersecurity of the IoT - 2018. :1-9.

Security within the IoT is currently below par. Common security issues include IoT device vendors not following security best practices and/or omitting crucial security controls and features within their devices, lack of defined and mandated IoT security standards, default IoT device configurations, missing secure update mechanisms to rectify security flaws discovered in IoT devices and the overall unintended consequence of complexity - the attack surface of networks comprising IoT devices can increase exponentially with the addition of each new device. In this paper we set out an approach using graphs and graph databases to understand IoT network complexity and the impact that different devices and their profiles have on the overall security of the underlying network and its associated data.

2019-10-23
McNeil, Martha, Llansó, Thomas, Pearson, Dallas.  2018.  Application of Capability-Based Cyber Risk Assessment Methodology to a Space System. Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security. :7:1-7:10.

Despite more than a decade of heightened focus on cybersecurity, cyber threats remain an ongoing and growing concern [1]-[3]. Stakeholders often perform cyber risk assessments in order to understand potential mission impacts due to cyber threats. One common approach to cyber risk assessment is event-based analysis which usually considers adverse events, effects, and paths through a system, then estimates the effort/likelihood and mission impact of such attacks. When conducted manually, this type of approach is labor-intensive, subjective, and does not scale well to complex systems. As an alternative, we present an automated capability-based risk assessment approach, compare it to manual event-based analysis approaches, describe its application to a notional space system ground segment, and discuss the results.

2017-09-15
Multari, Nicholas J., Singhal, Anoop, Manz, David O..  2016.  SafeConfig'16: Testing and Evaluation for Active and Resilient Cyber Systems. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1871–1872.

The premise of this year's SafeConfig Workshop is existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. The objective for this workshop is the exploration and discussion of scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and "test" the various resilient and active technologies. This adaptation and change in focus necessitates at the very least modification, and potentially, wholesale new developments to ensure that resilient- and agile-aware security testing is available to the research community. All testing, validation and experimentation must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researchers and practitioners.

2015-05-05
Kornmaier, A., Jaouen, F..  2014.  Beyond technical data - a more comprehensive situational awareness fed by available intelligence information. Cyber Conflict (CyCon 2014), 2014 6th International Conference On. :139-154.

Information on cyber incidents and threats are currently collected and processed with a strong technical focus. Threat and vulnerability information alone are not a solid base for effective, affordable or actionable security advice for decision makers. They need more than a small technical cut of a bigger situational picture to combat and not only to mitigate the cyber threat. We first give a short overview over the related work that can be found in the literature. We found that the approaches mostly analysed “what” has been done, instead of looking more generically beyond the technical aspects for the tactics, techniques and procedures to identify the “how” it was done, by whom and why. We examine then, what information categories and data already exist to answer the question for an adversary's capabilities and objectives. As traditional intelligence tries to serve a better understanding of adversaries' capabilities, actions, and intent, the same is feasible in the cyber space with cyber intelligence. Thus, we identify information sources in the military and civil environment, before we propose to link that traditional information with the technical data for a better situational picture. We give examples of information that can be collected from traditional intelligence for correlation with technical data. Thus, the same intelligence operational picture for the cyber sphere could be developed like the one that is traditionally fed from conventional intelligence disciplines. Finally we propose a way of including intelligence processing in cyber analysis. We finally outline requirements that are key for a successful exchange of information and intelligence between military/civil information providers.