18,786 research outputs found
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier
As universities recognize the inherent value in the data they collect and
hold, they encounter unforeseen challenges in stewarding those data in ways
that balance accountability, transparency, and protection of privacy, academic
freedom, and intellectual property. Two parallel developments in academic data
collection are converging: (1) open access requirements, whereby researchers
must provide access to their data as a condition of obtaining grant funding or
publishing results in journals; and (2) the vast accumulation of 'grey data'
about individuals in their daily activities of research, teaching, learning,
services, and administration. The boundaries between research and grey data are
blurring, making it more difficult to assess the risks and responsibilities
associated with any data collection. Many sets of data, both research and grey,
fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities
are exploiting these data for research, learning analytics, faculty evaluation,
strategic decisions, and other sensitive matters. Commercial entities are
besieging universities with requests for access to data or for partnerships to
mine them. The privacy frontier facing research universities spans open access
practices, uses and misuses of data, public records requests, cyber risk, and
curating data for privacy protection. This paper explores the competing values
inherent in data stewardship and makes recommendations for practice, drawing on
the pioneering work of the University of California in privacy and information
security, data governance, and cyber risk.Comment: Final published version, Sept 30, 201
SARGOS: Securing Offshore Infrastructures Through a Global Alert and Graded Response System
International audienceThe purpose of the project SARGOS is to develop a global alert and graded response system to answer the recent but strong need for securing critical civilian offshore infrastructures, vulnerable to piracy or terrorist actions from the sea. The challenge of protecting these infrastructures against malevolent intrusions requires to develop innovative strategies so as to ensure in a coordinate way the whole processing line: automatic surveillance, robust detection, continuous adjustment of the reaction plan and graded implementation of the relevant set of reactions. The system handles : Automatic and robust detection and classification of small size maritime targets in rough sea; Detection of suspicious behaviors in a security zone around the platform; Formalization and modeling of graded internal and external reactions, adapted to the dangerousness of the detected intrusion and taking into account security rules in force on the platform, geopolitical environment and legal aspects; Activation of progressive and reversible reactions, according to an intelligent situation analysis process. Reactions can go from a simple alert up to bringing non lethal reaction means into play. The project will materialize with the implementation of all the processing line in a single platform that will be used to carry out experimentations and to validate the overcoming of critical issues and the appropriateness of the proposed concept with regards to users' needs. SARGOS has been selected by the French Nationa
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
The changing nature of risk and risk management: the challenge of borders, uncertainty and resilience
No abstract available
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
A Quantitative Research Study on Probability Risk Assessments in Critical Infrastructure and Homeland Security
This dissertation encompassed quantitative research on probabilistic risk assessment (PRA) elements in homeland security and the impact on critical infrastructure and key resources. There are 16 crucial infrastructure sectors in homeland security that represent assets, system networks, virtual and physical environments, roads and bridges, transportation, and air travel. The design included the Bayes theorem, a process used in PRAs when determining potential or probable events, causes, outcomes, and risks. The goal is to mitigate the effects of domestic terrorism and natural and man-made disasters, respond to events related to critical infrastructure that can impact the United States, and help protect and secure natural gas pipelines and electrical grid systems. This study provides data from current risk assessment trends in PRAs that can be applied and designed in elements of homeland security and the criminal justice system to help protect critical infrastructures. The dissertation will highlight the aspects of the U.S. Department of Homeland Security National Infrastructure Protection Plan (NIPP). In addition, this framework was employed to examine the criminal justice triangle, explore crime problems and emergency preparedness solutions to protect critical infrastructures, and analyze data relevant to risk assessment procedures for each critical infrastructure identified. Finally, the study addressed the drivers and gaps in research related to protecting and securing natural gas pipelines and electrical grid systems
Framing the UKâs counter-terrorism policy within the context of a wicked problem
Terrorist attacks can be seen as the ultimate wicked problem. After 9/11, terrorists moved
from so-called âspectacularâ events to relatively low-intensity attacks against individuals and
groups. The emergence of what has become known as the âhome-grownâ terrorist has added a
further dimension to the âwickedâ nature of the problem. This paper considers the UKâs
CONTEST and PREVENT strategies as a policy response to the threats from terrorism
and the impact that the policies themselves can have on the radicalization of individuals.
The author highlights some of the limitations of the PREVENT strand of the overall
strategy and the constraints that are imposed on government policies by failing to take a
holistic perspective on the nature of the problem
Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061
The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts
European Reference Network for Critical Infrastructure Protection: ERNCIP Handbook 2017 edition Version 1.0
The ERNCIP network has been established to improve the protection of critical infrastructures in the EU. The European Reference Network for Critical Infrastructure Protection (ERNCIP) therefore works in close cooperation with all types of CIP stakeholders, focusing particularly on the technical protective security solutions.
This handbook aims to assist the dissemination of the activities and results of ERNCIP. It is intended that the document will be updated and issued by the ERNCIP Office in spring each year. The information provided will be up to date as of the end of the previous calendar year, i.e. in this case as at 31 December 2016.
The report summarises the achievements of all the ERNCIP Thematic Groups, providing a convenient way to access information on any specific theme of interest covered by ERNCIP. The report also describes current thematic group activities, to allow subject-matter experts and critical infrastructure operators to identify ongoing areas of research they might be interested in assisting.
This report is publicly available via the ERNCIP web site, and is distributed to all ERNCIP Group of EU CIP Experts for onward dissemination within their Member State.JRC.E.2-Technology Innovation in Securit
- âŠ