发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security最新文献

筛选
英文 中文
Towards quantification of firewall policy complexity 迈向防火墙策略复杂度的量化
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746212
Haining Chen, Omar Chowdhury, J. Chen, Ninghui Li, R. Proctor
{"title":"Towards quantification of firewall policy complexity","authors":"Haining Chen, Omar Chowdhury, J. Chen, Ninghui Li, R. Proctor","doi":"10.1145/2746194.2746212","DOIUrl":"https://doi.org/10.1145/2746194.2746212","url":null,"abstract":"Developing metrics for quantifying the security and usability aspects of a system has been of constant interest to the cybersecurity research community. Such metrics have the potential to provide valuable insight on security and usability of a system and to aid in the design, development, testing, and maintenance of the system. Working towards the overarching goal of such metric development, in this work we lay down the groundwork for developing metrics for quantifying the complexity of firewall policies. We are particularly interested in capturing the human perceived complexity of firewall policies. To this end, we propose a potential workflow that researchers can follow to develop empirically-validated, objective metrics for measuring the complexity of firewall policies. We also propose three hypotheses that capture salient properties of a firewall policy which constitute the complexity of a policy for a human user. We identify two categories of human-perceived policy complexity (i.e., syntactic complexity and semantic complexity), and for each of them propose potential complexity metrics for firewall policies that exploit two of the hypotheses we suggest. The current work can be viewed as a stepping stone for future research on development of such policy complexity metrics.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121881042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security 2015年安全科学研讨会暨训练营论文集
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194
D. Nicol
{"title":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","authors":"D. Nicol","doi":"10.1145/2746194","DOIUrl":"https://doi.org/10.1145/2746194","url":null,"abstract":"The Symposium and Bootcamp on the Science of Security (HotSoS), is a research event centered on the Science of Security (SoS). HotSoS 2015 follows on the heels of HotSoS 2014, establishing what we expect will be an annual pattern for bringing together researchers in the Science of Security. \u0000 \u0000The motivation behind the study of the Science of Security is to focus on systems' security properties as fist-class objects of study. The challenges are in defining those properties precisely within some kind of modeling framework, prove theorems about those properties and how they are achieved, identify metrics and means of empirically gathering, estimating, and/or inferring them in an experimental context, design effective experiments to gather those metrics and make statistically significant inferences about them, and close the loop by validating the abstract models with experiments.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134178073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Quantitative security metrics with human in the loop 有人力参与的定量安全指标
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746215
Mohammad A. Noureddine, K. Keefe, W. Sanders, Masooda N. Bashir
{"title":"Quantitative security metrics with human in the loop","authors":"Mohammad A. Noureddine, K. Keefe, W. Sanders, Masooda N. Bashir","doi":"10.1145/2746194.2746215","DOIUrl":"https://doi.org/10.1145/2746194.2746215","url":null,"abstract":"The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element. In this work, we summarize the state of the art work in human cybersecurity research, and present the Human-Influenced Task-Oriented (HITOP) formalism for modeling human decisions in security systems. We also provide a roadmap for future research. We aim at developing a simulation tool that allows modeling and analysis of security systems in light of the uncertainties of human behavior.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124130022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Effectiveness of a phishing warning in field settings 字段设置中网络钓鱼警告的有效性
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746208
Weining Yang, J. Chen, Aiping Xiong, R. Proctor, Ninghui Li
{"title":"Effectiveness of a phishing warning in field settings","authors":"Weining Yang, J. Chen, Aiping Xiong, R. Proctor, Ninghui Li","doi":"10.1145/2746194.2746208","DOIUrl":"https://doi.org/10.1145/2746194.2746208","url":null,"abstract":"We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to \"fake\" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124808992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Detecting abnormal user behavior through pattern-mining input device analytics 通过模式挖掘输入设备分析检测异常用户行为
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746205
Ignacio X. Domínguez, Alok Goel, D. Roberts, R. Amant
{"title":"Detecting abnormal user behavior through pattern-mining input device analytics","authors":"Ignacio X. Domínguez, Alok Goel, D. Roberts, R. Amant","doi":"10.1145/2746194.2746205","DOIUrl":"https://doi.org/10.1145/2746194.2746205","url":null,"abstract":"This paper presents a method for detecting patterns in the usage of a computer mouse that can give insights into user's cognitive processes. We conducted a study using a computer version of the Memory game (also known as the Concentration game) that allowed some participants to reveal the content of the tiles, expecting their low-level mouse interaction patterns to deviate from those of normal players with no access to this information. We then trained models to detect these differences using task-independent input device features. The models detected cheating with 98.73% accuracy for players who cheated or did not cheat consistently for entire rounds of the game, and with 89.18% accuracy for cases in which players enabled and then disabled cheating within rounds.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126590347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Systematization of metrics in intrusion detection systems 入侵检测系统中度量的系统化
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746222
Yufan Huang, Xiaofan He, H. Dai
{"title":"Systematization of metrics in intrusion detection systems","authors":"Yufan Huang, Xiaofan He, H. Dai","doi":"10.1145/2746194.2746222","DOIUrl":"https://doi.org/10.1145/2746194.2746222","url":null,"abstract":"Intrusion detection assumes paramount importance in this information era due to its capability of providing security protection to information systems. In addition to advancing the specific intrusion detection techniques, substantial efforts have been devoted to the taxonomy of existing IDSs, mostly focusing on the methodology, audit source and architecture aspects. The employed metric is another decisive factor of IDS performance, yet a systematized understanding in this aspect is still lacking. As an initial effort towards this objective, a categorization of IDS metrics is proposed in this work, where existing IDS metrics are divided into four types - information theoretic, probabilistic, proximity-based, and reliability-based metrics. Simulation studies of several intrusion detection algorithms that match the proposed categorization are also conducted based on the KDD'99 dataset.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116429435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Enabling forensics by proposing heuristics to identify mandatory log events 通过提出启发式方法来识别强制日志事件,从而支持取证
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746200
J. King, Rahul Pandita, L. Williams
{"title":"Enabling forensics by proposing heuristics to identify mandatory log events","authors":"J. King, Rahul Pandita, L. Williams","doi":"10.1145/2746194.2746200","DOIUrl":"https://doi.org/10.1145/2746194.2746200","url":null,"abstract":"Software engineers often implement logging mechanisms to debug software and diagnose faults. As modern software manages increasingly sensitive data, logging mechanisms also need to capture detailed traces of user activity to enable forensics and hold users accountable. Existing techniques for identifying what events to log are often subjective and produce inconsistent results. The objective of this study is to help software engineers strengthen forensic-ability and user accountability by 1) systematically identifying mandatory log events through processing of unconstrained natural language software artifacts; and 2) proposing empirically-derived heuristics to help determine whether an event must be logged. We systematically extract each verb and object being acted upon from natural language software artifacts for three open-source software systems. We extract 3,513 verb-object pairs from 2,128 total sentences studied. Two raters classify each verb-object pair as either a mandatory log event or not. Through grounded theory analysis of discussions to resolve disagreements between the two raters, we develop 12 heuristics to help determine whether a verb-object pair describes an action that must be logged. Our heuristics help resolve 882 (96%) of 919 disagreements between the two raters. In addition, our results demonstrate that the proposed heuristics facilitate classification of 3,372 (96%) of 3,513 extracted verb-object pairs as either mandatory log events or not.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126805954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
PREDICT: an important resource for the science of security 预测:安全科学的重要资源
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746210
C. Scheper, S. Cantor
{"title":"PREDICT: an important resource for the science of security","authors":"C. Scheper, S. Cantor","doi":"10.1145/2746194.2746210","DOIUrl":"https://doi.org/10.1145/2746194.2746210","url":null,"abstract":"The Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) was established by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to provide real network operational data and to provide a trusted framework within which to share that data with the cyber security research community. PREDICT was conceived as a distributed repository to provide secure, centralized access to multiple sources of data and to promote data-sharing methods that protect the privacy of the data producers and the security of their networks. It also opened new research programs into the ethics of information and communication technology research [1] and disclosure control. [2] PREDICT initially took a conservative approach to its legal framework, applying the strictest requirements to all data classes regardless of the data's inherent sensitivity. Building on lessons learned through three phases of development, a less cumbersome framework has evolved and access to data for vital cyber security research has increased.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115845961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Active cyber defense dynamics exhibiting rich phenomena 积极的网络防御动态表现出丰富的现象
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746196
Ren Zheng, Wenlian Lu, Shouhuai Xu
{"title":"Active cyber defense dynamics exhibiting rich phenomena","authors":"Ren Zheng, Wenlian Lu, Shouhuai Xu","doi":"10.1145/2746194.2746196","DOIUrl":"https://doi.org/10.1145/2746194.2746196","url":null,"abstract":"The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In this paper, we explore the rich phenomena that can be exhibited when the defender employs active defense to combat cyber attacks. To the best of our knowledge, this is the first study that shows that active cyber defense dynamics (or more generally, cybersecurity dynamics) can exhibit the bifurcation and chaos phenomena. This has profound implications for cyber security measurement and prediction: (i) it is infeasible (or even impossible) to accurately measure and predict cyber security under certain circumstances; (ii) the defender must manipulate the dynamics to avoid such unmanageable situations in real-life defense operations.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"343 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122758285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
Modelling user availability in workflow resiliency analysis 在工作流弹性分析中建模用户可用性
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746201
John C. Mace, C. Morisset, A. Moorsel
{"title":"Modelling user availability in workflow resiliency analysis","authors":"John C. Mace, C. Morisset, A. Moorsel","doi":"10.1145/2746194.2746201","DOIUrl":"https://doi.org/10.1145/2746194.2746201","url":null,"abstract":"Workflows capture complex operational processes and include security constraints limiting which users can perform which tasks. An improper security policy may prevent certain tasks being assigned and may force a policy violation. Deciding whether a valid user-task assignment exists for a given policy is known to be extremely complex, especially when considering user unavailability (known as the resiliency problem). Therefore tools are required that allow automatic evaluation of workflow resiliency. Modelling well defined workflows is fairly straightforward, however user availability can be modelled in multiple ways for the same workflow. Correct choice of model is a complex yet necessary concern as it has a major impact on the calculated resiliency. We describe a number of user availability models and their encoding in the model checker PRISM, used to evaluate resiliency. We also show how model choice can affect resiliency computation in terms of its value, memory and CPU time.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129570995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信