Visible to the public Biblio

Found 1492 results

Filters: First Letter Of Title is S  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R [S] T U V W X Y Z   [Show ALL]
Daniels, Wilfried, Hughes, Danny, Ammar, Mahmoud, Crispo, Bruno, Matthys, Nelson, Joosen, Wouter.  2017.  SΜV - the Security Microvisor: A Virtualisation-based Security Middleware for the Internet of Things. Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track. :36–42.
The Internet of Things (IoT) creates value by connecting digital processes to the physical world using embedded sensors, actuators and wireless networks. The IoT is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface and inhibiting the adoption of IoT technologies. Hardware security modules address this problem, however, their use increases the cost of embedded IoT devices. Furthermore, millions of IoT devices are already deployed without hardware security support. This paper addresses this problem by introducing a Security MicroVisor (SμV) middleware, which provides memory isolation and custom security operations using software virtualisation and assembly-level code verification. We showcase SμV by implementing a key security feature: remote attestation. Evaluation shows extremely low overhead in terms of memory, performance and battery lifetime for a representative IoT device.
Jayapalan, Avila, Savarinathan, Prem, Priya, Apoorva.  2019.  SystemVue based Secure data transmission using Gold codes. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). :1—4.
Wireless technology has seen a tremendous growth in the recent past. Orthogonal Frequency Division Multiplexing (OFDM) modulation scheme has been utilized in almost all the advanced wireless techniques because of the advantages it offers. Hence in this aspect, SystemVue based OFDM transceiver has been developed with AWGN as the channel noise. To mitigate the channel noise Convolutional code with Viterbi decoder has been depicted. Further to protect the information from the malicious users the data is scrambled with the aid of gold codes. The performance of the transceiver is analysed through various Bit Error Rate (BER) versus Signal to Noise Ratio (SNR) graphs.
Span, M. T., Mailloux, L. O., Grimaila, M. R., Young, W. B..  2018.  A Systems Security Approach for Requirements Analysis of Complex Cyber-Physical Systems. 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
Today's highly interconnected and technology reliant environment places greater emphasis on the need for dependably secure systems. This work addresses this problem by detailing a systems security analysis approach for understanding and eliciting security requirements for complex cyber-physical systems. First, a readily understandable description of key architectural analysis definitions and desirable characteristics is provided along with a survey of commonly used security architecture analysis approaches. Next, a tailored version of the System-Theoretic Process Analysis approach for Security (STPA-Sec) is detailed in three phases which supports the development of functional-level security requirements, architectural-level engineering considerations, and design-level security criteria. In particular, these three phases are aligned with the systems and software engineering processes defined in the security processes of NIST SP 800-160. Lastly, this work is important for advancing the science of systems security by providing a viable systems security analysis approach for eliciting, defining, and analyzing traceable security, safety, and resiliency requirements which support evaluation criteria that can be designed-for, built-to, and verified with confidence.
Tekinerdoğan, B., Özcan, K., Yağız, S., Yakın, İ.  2020.  Systems Engineering Architecture Framework for Physical Protection Systems. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1–8.
A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent intruder attacks. In this paper we focus on the architecture modeling of PPS to support the communication among stakeholders, analysis and guiding the systems development activities. A common practice for modeling architecture is by using an architecture framework that defines a coherent set of viewpoints. Existing systems engineering modeling approaches appear to be too general and fail to address the domain-specific aspects of PPSs. On the other hand, no dedicated architecture framework approach has been provided yet to address the specific concerns of PPS. In this paper, we present an architecture framework for PPS (PPSAF) that has been developed in a real industrial context focusing on the development of multiple PPSs. The architecture framework consists of six coherent set of viewpoints including facility viewpoint, threats and vulnerabilities viewpoint, deterrence viewpoint, detection viewpoint, delay viewpoint, and response viewpoint. We illustrate the application of the architecture framework for the design of a PPS architecture of a building.
[Anonymous].  2018.  A Systems Approach to Indicators of Compromise Utilizing Graph Theory. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.
It is common to record indicators of compromise (IoC) in order to describe a particular breach and to attempt to attribute a breach to a specific threat actor. However, many network security breaches actually involve multiple diverse modalities using a variety of attack vectors. Measuring and recording IoC's in isolation does not provide an accurate view of the actual incident, and thus does not facilitate attribution. A system's approach that describes the entire intrusion as an IoC would be more effective. Graph theory has been utilized to model complex systems of varying types and this provides a mathematical tool for modeling systems indicators of compromise. This current paper describes the applications of graph theory to creating systems-based indicators of compromise. A complete methodology is presented for developing systems IoC's that fully describe a complex network intrusion.
Tan, B., Biglari-Abhari, M., Salcic, Z..  2016.  A system-level security approach for heterogeneous MPSoCs. 2016 Conference on Design and Architectures for Signal and Image Processing (DASIP). :74–81.

Embedded systems are becoming increasingly complex as designers integrate different functionalities into a single application for execution on heterogeneous hardware platforms. In this work we propose a system-level security approach in order to provide isolation of tasks without the need to trust a central authority at run-time. We discuss security requirements that can be found in complex embedded systems that use heterogeneous execution platforms, and by regulating memory access we create mechanisms that allow safe use of shared IP with direct memory access, as well as shared libraries. We also present a prototype Isolation Unit that checks memory transactions and allows for dynamic configuration of permissions.

Zeng, Jing, Yang, Laurence T., Lin, Man, Shao, Zili, Zhu, Dakai.  2017.  System-Level Design Optimization for Security-Critical Cyber-Physical-Social Systems. ACM Trans. Embed. Comput. Syst.. 16:39:1–39:21.

Cyber-physical-social systems (CPSS), an emerging computing paradigm, have attracted intensive attentions from the research community and industry. We are facing various challenges in designing secure, reliable, and user-satisfied CPSS. In this article, we consider these design issues as a whole and propose a system-level design optimization framework for CPSS design where energy consumption, security-level, and user satisfaction requirements can be fulfilled while satisfying constraints for system reliability. Specifically, we model the constraints (energy efficiency, security, and reliability) as the penalty functions to be incorporated into the corresponding objective functions for the optimization problem. A smart office application is presented to demonstrate the feasibility and effectiveness of our proposed design optimization approach.

Mailloux, L. O., Sargeant, B. N., Hodson, D. D., Grimaila, M. R..  2017.  System-level considerations for modeling space-based quantum key distribution architectures. 2017 Annual IEEE International Systems Conference (SysCon). :1–6.

Quantum Key Distribution (QKD) is a revolutionary technology which leverages the laws of quantum mechanics to distribute cryptographic keying material between two parties with theoretically unconditional security. Terrestrial QKD systems are limited to distances of \textbackslashtextless;200 km in both optical fiber and line-of-sight free-space configurations due to severe losses during single photon propagation and the curvature of the Earth. Thus, the feasibility of fielding a low Earth orbit (LEO) QKD satellite to overcome this limitation is being explored. Moreover, in August 2016, the Chinese Academy of Sciences successfully launched the world's first QKD satellite. However, many of the practical engineering performance and security tradeoffs associated with space-based QKD are not well understood for global secure key distribution. This paper presents several system-level considerations for modeling and studying space-based QKD architectures and systems. More specifically, this paper explores the behaviors and requirements that researchers must examine to develop a model for studying the effectiveness of QKD between LEO satellites and ground stations.

Mane, Y. D., Khot, U. P..  2020.  A Systematic Way to Implement Private Tor Network with Trusted Middle Node. 2020 International Conference for Emerging Technology (INCET). :1—6.
Initially, legitimate users were working under a normal web browser to do all activities over the internet [1]. To get more secure service and to get protection against Bot activity, the legitimate users switched their activity from Normal web browser to low latency anonymous communication such as Tor Browser. The Traffic monitoring in Tor Network is difficult as the packets are traveling from source to destination in an encrypted fashion and the Tor network hides its identity from destination. But lately, even the illegitimate users such as attackers/criminals started their activity on the Tor browser. The secured Tor network makes the detection of Botnet more difficult. The existing tools for botnet detection became inefficient against Tor-based bots because of the features of the Tor browser. As the Tor Browser is highly secure and because of the ethical issues, doing practical experiments on it is not advisable which could affect the performance and functionality of the Tor browser. It may also affect the endanger users in situations where the failure of Tor's anonymity has severe consequences. So, in the proposed research work, Private Tor Networks (PTN) on physical or virtual machines with dedicated resources have been created along with Trusted Middle Node. The motivation behind the trusted middle node is to make the Private Tor network more efficient and to increase its performance.
Babu, T. Kishore, Guruprakash, C. D..  2019.  A Systematic Review of the Third Party Auditing in Cloud Security: Security Analysis, Computation Overhead and Performance Evaluation. 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). :86–91.
Cloud storage offers a considerable efficiency and security to the user's data and provide high flexibility to the user. The hackers make attempt of several attacks to steal the data that increase the concern of data security in cloud. The Third Party Auditing (TPA) method is introduced to check the data integrity. There are several TPA methods developed to improve the privacy and efficiency of the data integrity checking method. Various methods involved in TPA, have been analyzed in this review in terms of function, security and overall performance. Merkel Hash Tree (MHT) method provides efficiency and security in checking the integrity of data. The computational overhead of the proof verify is also analyzed in this review. The communication cost of the most TPA methods observed as low and there is a need of improvement in security of the public auditing.
Hettiarachchi, Charitha, Do, Hyunsook.  2019.  A Systematic Requirements and Risks-Based Test Case Prioritization Using a Fuzzy Expert System. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS). :374–385.

The use of risk information can help software engineers identify software components that are likely vulnerable or require extra attention when testing. Some studies have shown that the requirements risk-based approaches can be effective in improving the effectiveness of regression testing techniques. However, the risk estimation processes used in such approaches can be subjective, time-consuming, and costly. In this research, we introduce a fuzzy expert system that emulates human thinking to address the subjectivity related issues in the risk estimation process in a systematic and an efficient way and thus further improve the effectiveness of test case prioritization. Further, the required data for our approach was gathered by employing a semi-automated process that made the risk estimation process less subjective. The empirical results indicate that the new prioritization approach can improve the rate of fault detection over several existing test case prioritization techniques, while reducing threats to subjective risk estimation.

Mozaffari-Kermani, M., Sur-Kolay, S., Raghunathan, A., Jha, N. K..  2015.  Systematic Poisoning Attacks on and Defenses for Machine Learning in Healthcare. IEEE Journal of Biomedical and Health Informatics. 19:1893–1905.

Machine learning is being used in a wide range of application domains to discover patterns in large datasets. Increasingly, the results of machine learning drive critical decisions in applications related to healthcare and biomedicine. Such health-related applications are often sensitive, and thus, any security breach would be catastrophic. Naturally, the integrity of the results computed by machine learning is of great importance. Recent research has shown that some machine-learning algorithms can be compromised by augmenting their training datasets with malicious data, leading to a new class of attacks called poisoning attacks. Hindrance of a diagnosis may have life-threatening consequences and could cause distrust. On the other hand, not only may a false diagnosis prompt users to distrust the machine-learning algorithm and even abandon the entire system but also such a false positive classification may cause patient distress. In this paper, we present a systematic, algorithm-independent approach for mounting poisoning attacks across a wide range of machine-learning algorithms and healthcare datasets. The proposed attack procedure generates input data, which, when added to the training set, can either cause the results of machine learning to have targeted errors (e.g., increase the likelihood of classification into a specific class), or simply introduce arbitrary errors (incorrect classification). These attacks may be applied to both fixed and evolving datasets. They can be applied even when only statistics of the training dataset are available or, in some cases, even without access to the training dataset, although at a lower efficacy. We establish the effectiveness of the proposed attacks using a suite of six machine-learning algorithms and five healthcare datasets. Finally, we present countermeasures against the proposed generic attacks that are based on tracking and detecting deviations in various accuracy metrics, and benchmark their effectiveness.

Chhokra, Ajay, Kulkarni, Amogh, Hasan, Saqib, Dubey, Abhishek, Mahadevan, Nagabhushan, Karsai, Gabor.  2017.  A Systematic Approach of Identifying Optimal Load Control Actions for Arresting Cascading Failures in Power Systems. Proceedings of the 2Nd Workshop on Cyber-Physical Security and Resilience in Smart Grids. :41–46.
Cascading outages in power networks cause blackouts which lead to huge economic and social consequences. The traditional form of load shedding is avoidable in many cases by identifying optimal load control actions. However, if there is a change in the system topology (adding or removing loads, lines etc), the calculations have to be performed again. This paper addresses this problem by providing a workflow that 1) generates system models from IEEE CDF specifications, 2) identifies a collection of blackout causing contingencies, 3) dynamically sets up an optimization problem, and 4) generates a table of mitigation strategies in terms of minimal load curtailment. We demonstrate the applicability of our proposed methodology by finding load curtailment actions for N-k contingencies (k = 1, 2, 3) in IEEE 14 Bus system.
Nguyen, Hoai Viet, Lo Iacono, Luigi, Federrath, Hannes.  2018.  Systematic Analysis of Web Browser Caches. Proceedings of the 2Nd International Conference on Web Studies. :64–71.
The caching of frequently requested web resources is an integral part of the web ever since. Cacheability is the main pillar for the web's scalability and an important mechanism for optimizing resource consumption and performance. Caches exist in many variations and locations on the path between web client and server with the browser cache being ubiquitous to date. Web developers need to have a profound understanding of the concepts and policies of web caching even when exploiting these advantages is not relevant. Neglecting web caching may otherwise result in more serve consequences than the simple loss of scalability and efficiency. Recent misuse of web caching systems shows to affect the application's behavior as well as privacy and security. In this paper we introduce a tool-based approach to disburden web developers while keeping them informed about caching influences. Our first contribution is a structured test suite containing 397 web caching test cases. In order to make this collection easily adoptable we introduce an automated testing tool for executing the test cases against web browsers. Based on the developed testing tool we conduct a systematic analysis on the behavior of web browser caches and their compliance with relevant caching standards. Our findings on desktop and mobile versions of Chrome, Firefox, Safari and Edge show many diversities as well as discrepancies. Appropriate tooling supports web developers in uncovering such adversities. As our baseline of test cases is specified using a specification language that enables extensibility, developers as well as administrators and researchers can systematically add and empirically explore caching properties of interest even in non-browser scenarios.
Checkoway, Stephen, Maskiewicz, Jacob, Garman, Christina, Fried, Joshua, Cohney, Shaanan, Green, Matthew, Heninger, Nadia, Weinmann, Ralf-Philipp, Rescorla, Eric, Shacham, Hovav.  2016.  A Systematic Analysis of the Juniper Dual EC Incident. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :468–479.

In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers. The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator. In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident. While Dual EC is known to be insecure against an attacker who can choose the elliptic curve parameters, Juniper had claimed in 2013 that ScreenOS included countermeasures against this type of attack. We find that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable since 2008 to passive exploitation by an attacker who selects the Dual EC curve point. This vulnerability arises due to apparent flaws in Juniper's countermeasures as well as a cluster of changes that were all introduced concurrently with the inclusion of Dual EC in a single 2008 release. We demonstrate the vulnerability on a real NetScreen device by modifying the firmware to install our own parameters, and we show that it is possible to passively decrypt an individual VPN session in isolation without observing any other network traffic. We investigate the possibility of passively fingerprinting ScreenOS implementations in the wild. This incident is an important example of how guidelines for random number generation, engineering, and validation can fail in practice.

Hibshi, Hanan.  2016.  Systematic Analysis of Qualitative Data in Security. Proceedings of the Symposium and Bootcamp on the Science of Security. :52–52.
This tutorial will introduce participants to Grounded Theory, which is a qualitative framework to discover new theory from an empirical analysis of data. This form of analysis is particularly useful when analyzing text, audio or video artifacts that lack structure, but contain rich descriptions. We will frame Grounded Theory in the context of qualitative methods and case studies, which complement quantitative methods, such as controlled experiments and simulations. We will contrast the approaches developed by Glaser and Strauss, and introduce coding theory - the most prominent qualitative method for performing analysis to discover Grounded Theory. Topics include coding frames, first- and second-cycle coding, and saturation. We will use examples from security interview scripts to teach participants: developing a coding frame, coding a source document to discover relationships in the data, developing heuristics to resolve ambiguities between codes, and performing second-cycle coding to discover relationships within categories. Then, participants will learn how to discover theory from coded data. Participants will further learn about inter-rater reliability statistics, including Cohen's and Fleiss' Kappa, Krippendorf's Alpha, and Vanbelle's Index. Finally, we will review how to present Grounded Theory results in publications, including how to describe the methodology, report observations, and describe threats to validity.
Hibshi, Hanan.  2016.  Systematic Analysis of Qualitative Data in Security. Proceedings of the Symposium and Bootcamp on the Science of Security. :52–52.

This tutorial will introduce participants to Grounded Theory, which is a qualitative framework to discover new theory from an empirical analysis of data. This form of analysis is particularly useful when analyzing text, audio or video artifacts that lack structure, but contain rich descriptions. We will frame Grounded Theory in the context of qualitative methods and case studies, which complement quantitative methods, such as controlled experiments and simulations. We will contrast the approaches developed by Glaser and Strauss, and introduce coding theory - the most prominent qualitative method for performing analysis to discover Grounded Theory. Topics include coding frames, first- and second-cycle coding, and saturation. We will use examples from security interview scripts to teach participants: developing a coding frame, coding a source document to discover relationships in the data, developing heuristics to resolve ambiguities between codes, and performing second-cycle coding to discover relationships within categories. Then, participants will learn how to discover theory from coded data. Participants will further learn about inter-rater reliability statistics, including Cohen's and Fleiss' Kappa, Krippendorf's Alpha, and Vanbelle's Index. Finally, we will review how to present Grounded Theory results in publications, including how to describe the methodology, report observations, and describe threats to validity.

LeSaint, J., Reed, M., Popick, P..  2015.  System security engineering vulnerability assessments for mission-critical systems and functions. 2015 Annual IEEE Systems Conference (SysCon) Proceedings. :608–613.

This paper describes multiple system security engineering techniques for assessing system security vulnerabilities and discusses the application of these techniques at different system maturity points. The proposed vulnerability assessment approach allows a systems engineer to identify and assess vulnerabilities early in the life cycle and to continually increase the fidelity of the vulnerability identification and assessment as the system matures.

Colesky, Michael, Caiza, Julio C..  2018.  A System of Privacy Patterns for Informing Users: Creating a Pattern System. Proceedings of the 23rd European Conference on Pattern Languages of Programs. :16:1-16:11.

The General Data Protection Regulation mandates data protection in the European Union. This includes data protection by design and having privacy-preserving defaults. This legislation has been in force since May 2018, promising severe consequences for violation. Fulfilling its mandate for data protection is not trivial, though. One approach for realizing this is the use of privacy design patterns. We have recently started consolidating such patterns into useful collections. In this paper we improve a subset of these, constructing a pattern system. This helps to identify contextually appropriate patterns. It better illustrates their application and relation to each other. The pattern system guides software developers, so that they can help users understand how their information system uses personal data. To achieve this, we rewrite our patterns to meet specific requirements. In particular, we add implementability and interconnection, while improving consistency and organization. This results in a system of patterns for informing users.

Moskvichev, A. D., Dolgachev, M. V..  2020.  System of Collection and Analysis Event Log from Sources under Control of Windows Operating System. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1—5.

The purpose of this work is to implement a universal system for collecting and analyzing event logs from sources that use the Windows operating system. The authors use event-forwarding technology to collect data from logs. Security information and event management detects incidents from received events. The authors analyze existing methods for transmitting event log entries from sources running the Windows operating system. This article describes in detail how to connect event sources running on the Windows operating system to the event collector without connecting to a domain controller. Event sources are authenticated using certificates created by the event collector. The authors suggest a scheme for connecting the event collector to security information and event management. Security information and event management must meet the requirements for use in conjunction with event forwarding technology. The authors of the article demonstrate the scheme of the test stand and the result of testing the event forwarding technology.

Nguyen-Van, Thanh, Le, Tien-Dat, Nguyen-Anh, Tuan, Nguyen-Ho, Minh-Phuoc, Nguyen-Van, Tuong, Le-Tran, Minh-Quoc, Le, Quang Nhat, Pham, Harry, Nguyen-An, Khuong.  2019.  A System for Scalable Decentralized Random Number Generation. 2019 IEEE 23rd International Enterprise Distributed Object Computing Workshop (EDOCW). :100–103.

Generating public randomness has been significantly demanding and also challenging, especially after the introduction of the Blockchain Technology. Lotteries, smart contracts, and random audits are examples where the reliability of the randomness source is a vital factor. We demonstrate a system of random number generation service for generating fair, tamper-resistant, and verifiable random numbers. Our protocol together with this system is an R&D project aiming at providing a decentralized solution to random number generation by leveraging the blockchain technology along with long-lasting cryptographic primitives including homomorphic encryption, verifiable random functions. The system decentralizes the process of generating random numbers by combining each party's favored value to obtain the final random numbers. Our novel idea is to force each party to encrypt his contribution before making it public. With the help of homomorphic encryption, all encrypted contribution can be combined without performing any decryption. The solution has achieved the properties of unpredictability, tamper-resistance, and public-verifiability. In addition, it only offers a linear overall complexity with respect to the number of parties on the network, which permits great scalability.

Qiu, Tongsheng, Wang, Xianyi, Tian, Yusen, Du, Qifei, Sun, Yueqiang.  2019.  A System Design of Real-Time Narrowband Rfi Detection And Mitigation for Gnss-R Receiver. IGARSS 2019 - 2019 IEEE International Geoscience and Remote Sensing Symposium. :5167–5170.

With the rapid development of radio detection and wireless communication, narrowband radio-frequency interference (NB-RFI) is a serious threat for GNSS-R (global navigation satellite systems - reflectometry) receivers. However, interferometric GNSS-R (iGNSS-R) is more prone to the NB-RFIs than conventional GNSS-R (cGNSS-R), due to wider bandwidth and unclean replica. Therefore, there is strong demand of detecting and mitigating NB-RFIs for GNSS-R receivers, especially iGNSS-R receivers. Hence, focusing on working with high sampling rate and simplifying the fixed-point implementation on FPGA, this paper proposes a system design exploiting cascading IIR band-stop filters (BSFs) to suppress NB-RFIs. Furthermore, IIR BSF compared with IIR notch filter (NF) and IIR band-pass filter (BPF) is the merely choice that is able to mitigate both white narrowband interference (WNBI) and continuous wave interference (CWI) well. Finally, validation and evaluation are conducted, and then it is indicated that the system design can detect NB-RFIs and suppress WNBI and CWI effectively, which improves the signal-to-noise ratio (SNR) of the Delay-Doppler map (DDM).

Pawar, Shwetambari, Jain, Nilakshi, Deshpande, Swati.  2016.  System Attribute Measures of Network Security Analyzer. Proceedings of the ACM Symposium on Women in Research 2016. :51–54.

In this paper, we have mentioned a method to find the performance of projectwhich detects various web - attacks. The project is capable to identifying and preventing attacks like SQL Injection, Cross – Site Scripting, URL rewriting, Web server 400 error code etc. The performance of system is detected using the system attributes that are mentioned in this paper. This is also used to determine efficiency of the system.

Xiong, Xinli, Zhao, Guangsheng, Wang, Xian.  2018.  A System Attack Surface Based MTD Effectiveness and Cost Quantification Framework. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :175-179.

Moving Target Defense (MTD) is a game-changing method to thwart adversaries and reverses the imbalance situation in network countermeasures. Introducing Attack Surface (AS) into MTD security assessment brings productive concepts to qualitative and quantitative analysis. The quantification of MTD effectiveness and cost (E&C) has been under researched, using simulation models and emulation testbeds, to give accurate and reliable results for MTD technologies. However, the lack of system-view evaluation impedes MTD to move toward large-scale applications. In this paper, a System Attack Surface Based Quantification Framework (SASQF) is proposed to establish a system-view based framework for further research in Attack Surface and MTD E&C quantification. And a simulated model based on SASQF is developed to provide illustrations and software simulation methods. A typical C/S scenario and Cyber Kill Chain (CKC) attacks are presented in case study and several simulated results are given. From the simulated results, IP mutation frequency is the key to increase consumptions of adversaries, while the IP mutation pool is not the principal factor to thwart adversaries in reconnaissance and delivery of CKC steps. For system user operational cost, IP mutation frequency influence legitimate connections in relative values under ideal link state without delay, packet lose and jitter. The simulated model based on SASQF also provides a basic method to find the optimal IP mutation frequency through simulations.

Sadique, Farhan, Bakhshaliyev, Khalid, Springer, Jeff, Sengupta, Shamik.  2019.  A System Architecture of Cybersecurity Information Exchange with Privacy (CYBEX-P). 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0493—0498.
Rapid evolution of cyber threats and recent trends in the increasing number of cyber-attacks call for adopting robust and agile cybersecurity techniques. Cybersecurity information sharing is expected to play an effective role in detecting and defending against new attacks. However, reservations and or-ganizational policies centering the privacy of shared data have become major setbacks in large-scale collaboration in cyber defense. The situation is worsened by the fact that the benefits of cyber-information exchange are not realized unless many actors participate. In this paper, we argue that privacy preservation of shared threat data will motivate entities to share threat data. Accordingly, we propose a framework called CYBersecurity information EXchange with Privacy (CYBEX-P) to achieve this. CYBEX-P is a structured information sharing platform with integrating privacy-preserving mechanisms. We propose a complete system architecture for CYBEX-P that guarantees maximum security and privacy of data. CYBEX-P outlines the details of a cybersecurity information sharing platform. The adoption of blind processing, privacy preservation, and trusted computing paradigms make CYBEX-P a versatile and secure information exchange platform.