69,077 research outputs found
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge
The Internet of Things (IoT) triggers new types of cyber risks. Therefore,
the integration of new IoT devices and services requires a self-assessment of
IoT cyber security posture. By security posture this article refers to the
cybersecurity strength of an organisation to predict, prevent and respond to
cyberthreats. At present, there is a gap in the state of the art, because there
are no self-assessment methods for quantifying IoT cyber risk posture. To
address this gap, an empirical analysis is performed of 12 cyber risk
assessment approaches. The results and the main findings from the analysis is
presented as the current and a target risk state for IoT systems, followed by
conclusions and recommendations on a transformation roadmap, describing how IoT
systems can achieve the target state with a new goal-oriented dependency model.
By target state, we refer to the cyber security target that matches the generic
security requirements of an organisation. The research paper studies and adapts
four alternatives for IoT risk assessment and identifies the goal-oriented
dependency modelling as a dominant approach among the risk assessment models
studied. The new goal-oriented dependency model in this article enables the
assessment of uncontrollable risk states in complex IoT systems and can be used
for a quantitative self-assessment of IoT cyber risk posture
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge
AbstractThe Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.</jats:p
Quantifying Shannon's Work Function for Cryptanalytic Attacks
Attacks on cryptographic systems are limited by the available computational
resources. A theoretical understanding of these resource limitations is needed
to evaluate the security of cryptographic primitives and procedures. This study
uses an Attacker versus Environment game formalism based on computability logic
to quantify Shannon's work function and evaluate resource use in cryptanalysis.
A simple cost function is defined which allows to quantify a wide range of
theoretical and real computational resources. With this approach the use of
custom hardware, e.g., FPGA boards, in cryptanalysis can be analyzed. Applied
to real cryptanalytic problems, it raises, for instance, the expectation that
the computer time needed to break some simple 90 bit strong cryptographic
primitives might theoretically be less than two years.Comment: 19 page
User's Privacy in Recommendation Systems Applying Online Social Network Data, A Survey and Taxonomy
Recommender systems have become an integral part of many social networks and
extract knowledge from a user's personal and sensitive data both explicitly,
with the user's knowledge, and implicitly. This trend has created major privacy
concerns as users are mostly unaware of what data and how much data is being
used and how securely it is used. In this context, several works have been done
to address privacy concerns for usage in online social network data and by
recommender systems. This paper surveys the main privacy concerns, measurements
and privacy-preserving techniques used in large-scale online social networks
and recommender systems. It is based on historical works on security,
privacy-preserving, statistical modeling, and datasets to provide an overview
of the technical difficulties and problems associated with privacy preserving
in online social networks.Comment: 26 pages, IET book chapter on big data recommender system
An Interaction Model for Simulation and Mitigation of Cascading Failures
In this paper the interactions between component failures are quantified and
the interaction matrix and interaction network are obtained. The quantified
interactions can capture the general propagation patterns of the cascades from
utilities or simulation, thus helping to better understand how cascading
failures propagate and to identify key links and key components that are
crucial for cascading failure propagation. By utilizing these interactions a
high-level probabilistic model called interaction model is proposed to study
the influence of interactions on cascading failure risk and to support online
decision-making. It is much more time efficient to first quantify the
interactions between component failures with fewer original cascades from a
more detailed cascading failure model and then perform the interaction model
simulation than it is to directly simulate a large number of cascades with a
more detailed model. Interaction-based mitigation measures are suggested to
mitigate cascading failure risk by weakening key links, which can be achieved
in real systems by wide area protection such as blocking of some specific
protective relays. The proposed interaction quantifying method and interaction
model are validated with line outage data generated by the AC OPA cascading
simulations on the IEEE 118-bus system.Comment: Accepted by IEEE Transactions on Power System
- …