Predictive Cyber-security Analytics Framework: A non-homogenous Markov model for Security Quantification

Numerous security metrics have been proposed in the past for protecting computer networks. However we still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. In this paper we present a stochastic security framework for obtaining quantitative measures of security using attack graphs. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. Gaining a better understanding of the relationship between vulnerabilities and their lifecycle events can provide security practitioners a better understanding of their state of security. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.Comment: 16 pages, 6 Figures in International Conference of Security, Privacy and Trust Management 201

A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot

The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.Comment: 8 pages, 3 figures, 4 table

Sustainable Sourcing of Global Agricultural Raw Materials: Assessing Gaps in Key Impact and Vulnerability Issues and Indicators.

Understanding how to source agricultural raw materials sustainably is challenging in today's globalized food system given the variety of issues to be considered and the multitude of suggested indicators for representing these issues. Furthermore, stakeholders in the global food system both impact these issues and are themselves vulnerable to these issues, an important duality that is often implied but not explicitly described. The attention given to these issues and conceptual frameworks varies greatly--depending largely on the stakeholder perspective--as does the set of indicators developed to measure them. To better structure these complex relationships and assess any gaps, we collate a comprehensive list of sustainability issues and a database of sustainability indicators to represent them. To assure a breadth of inclusion, the issues are pulled from the following three perspectives: major global sustainability assessments, sustainability communications from global food companies, and conceptual frameworks of sustainable livelihoods from academic publications. These terms are integrated across perspectives using a common vocabulary, classified by their relevance to impacts and vulnerabilities, and categorized into groups by economic, environmental, physical, human, social, and political characteristics. These issues are then associated with over 2,000 sustainability indicators gathered from existing sources. A gap analysis is then performed to determine if particular issues and issue groups are over or underrepresented. This process results in 44 "integrated" issues--24 impact issues and 36 vulnerability issues--that are composed of 318 "component" issues. The gap analysis shows that although every integrated issue is mentioned at least 40% of the time across perspectives, no issue is mentioned more than 70% of the time. A few issues infrequently mentioned across perspectives also have relatively few indicators available to fully represent them. Issues in the impact framework generally have fewer gaps than those in the vulnerability framework