How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.Comment: GraMSec 2015, 16 page

Role of Insects and Diseases in a Jack Pine Provenance Study

Two jack pine plantations were established at the Cloquet Forestry Center, Cloquet, Minnesota, in 1942 and 1943, using trees originating from 22 sites in the United States and 10 in Canada. From 1945 to 1953 the incidence of attack by insects and diseases was recorded individually for all trees, and in 1980-1981 the diameter and form of both living and dead trees were recorded. There were differences in the incidence of attack by the pests and in tree response to early injury among the various seed sources. In 1980 and in 1981 there were differences in tree form resulting from insect and both living and dead pest-free trees had the best form. The diameter increases from 1955 to 1980-1981 were almost identical for all categories with the exception of the dead pest-free trees which had the smallest diameters

Impact of pine looper defoliation in Scots pine

Widespread defoliation of forests caused by insects or fungi cause economic losses throughout the world. Successful outbreak management involves cost/benefit estimation and requires knowledge of potential yield losses. Currently, such knowledge is scarce. This thesis evaluates the significance of single-year defoliation by the pine looper moth (Bupalus piniaria L.) (Lepidoptera: Geometridae) and secondary attack by the pine shoot beetle (Tomicus piniperda L.) (Coleoptera: Scolytinae) for yield losses in Scots pine (Pinus sylvestris L.). In a seven-year study, tree mortality and growth losses were quantified after a B. piniaria outbreak with a subsequent T. piniperda infestation at Hökensås in 1996. Secondary attack by T. piniperda was also studied in a Scots pine stand at Fredriksberg, infested by Gremmeniella abietina (Lagerberg) Morelet. in 2001. Tree mortality at Hökensås mainly occurred in areas with an average defoliation intensity of 90-100%. Tree mortality averaged 25%, and the “defoliation threshold” for tree survival was found to be 90% defoliation. Tree mortality peaked two years after the defoliation event, which coincided with high levels of pine shoot beetles. Involvement of T. piniperda in tree mortality increased with time since defoliation, and tree susceptibility to beetle attack increased with increasing defoliation intensity and decreasing dominance status of trees. As foliage of trees recovered, fewer trees were susceptible to beetle attack, and ultimately, beetle attacks ended as breeding substrate was depleted. Tree susceptibility to beetle attack was a function of tree vigour and beetle density. Growth losses at the Hökensås site were a combined effect of pine looper defoliation and shoot pruning by T. piniperda. Radial, height and volume growth losses were proportional to defoliation intensity. Whereas radial growth was little affected by beetle-induced shoot pruning, height growth was severely affected by beetle-induced damage to leading shoots. Growth losses alone, excluding tree mortality, were large enough to economically justify control of the pine looper outbreak had the outbreak been prevented in 1996. At Fredriksberg, T. piniperda colonised trees that would have survived the damage caused by G. abietina. However, trees with 90-100% foliage losses died because of the damage caused by G. abietina alone, and tree survival seemed to require that trees retained at least 20% of full foliage

Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.Comment: Tp appear in the CCNC 2019 Conferenc

Attack-defense trees

Attack-defense trees are a novel methodology for graphical security modelling and assessment. They extend the well- known formalism of attack trees by allowing nodes that represent defensive measures to appear at any level of the tree. This enlarges the modelling capabilities of attack trees and makes the new formalism suitable for representing interactions between an attacker and a defender. Our formalization supports different semantical approaches for which we provide usage scenarios. We also formalize how to quantitatively analyse attack and defense scenarios using attribute

Strategic Network Formation with Attack and Immunization

Strategic network formation arises where agents receive benefit from connections to other agents, but also incur costs for forming links. We consider a new network formation game that incorporates an adversarial attack, as well as immunization against attack. An agent's benefit is the expected size of her connected component post-attack, and agents may also choose to immunize themselves from attack at some additional cost. Our framework is a stylized model of settings where reachability rather than centrality is the primary concern and vertices vulnerable to attacks may reduce risk via costly measures. In the reachability benefit model without attack or immunization, the set of equilibria is the empty graph and any tree. The introduction of attack and immunization changes the game dramatically; new equilibrium topologies emerge, some more sparse and some more dense than trees. We show that, under a mild assumption on the adversary, every equilibrium network with $n$ agents contains at most $2n-4$ edges for $n\geq 4$. So despite permitting topologies denser than trees, the amount of overbuilding is limited. We also show that attack and immunization don't significantly erode social welfare: every non-trivial equilibrium with respect to several adversaries has welfare at least as that of any equilibrium in the attack-free model. We complement our theory with simulations demonstrating fast convergence of a new bounded rationality dynamic which generalizes linkstable best response but is considerably more powerful in our game. The simulations further elucidate the wide variety of asymmetric equilibria and demonstrate topological consequences of the dynamics e.g. heavy-tailed degree distributions. Finally, we report on a behavioral experiment on our game with over 100 participants, where despite the complexity of the game, the resulting network was surprisingly close to equilibrium.Comment: The short version of this paper appears in the proceedings of WINE-1

Enumeration of spanning trees in a pseudofractal scale-free web

Spanning trees are an important quantity characterizing the reliability of a network, however, explicitly determining the number of spanning trees in networks is a theoretical challenge. In this paper, we study the number of spanning trees in a small-world scale-free network and obtain the exact expressions. We find that the entropy of spanning trees in the studied network is less than 1, which is in sharp contrast to previous result for the regular lattice with the same average degree, the entropy of which is higher than 1. Thus, the number of spanning trees in the scale-free network is much less than that of the corresponding regular lattice. We present that this difference lies in disparate structure of the two networks. Since scale-free networks are more robust than regular networks under random attack, our result can lead to the counterintuitive conclusion that a network with more spanning trees may be relatively unreliable.Comment: Definitive version accepted for publication in EPL (Europhysics Letters

Attack Defense Trees with Sequential Conjunction

Attack defense trees are used to show the interaction between potential attacks on a system and the system defenses. In this paper we present a formal semantic model for attack defense trees with sequential composition, allowing for the description of attacks that are performed as a sequence of steps. The main contributions of our work are a formal representation of attack defense trees with sequential conjunction, a demonstration that this representation is equivalent to a process-algebraic one, and an algorithm for identifying the existence of attacks. We illustrate with an attack on over the air updates

Scotch Pine Deterioration in Michigan Caused by Pine Root Weevil Complex

Pine root tip weevil, Hylobius rhizophagus, and pine root collar weevil, H. radicis, attack certain Scotch pine stands simultaneously causing more mortality than expected from either insect alone. Recommendations for curtailing this insect complex include favoring red pine, planting Scotch pine far from brood sources, and avoiding stump culture of Christmas trees