Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges

As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR

Prevention of terrorism : an assessment of prior POM work and future potentials

© 2020 Production and Operations Management Society In this study, we review POM-based research related to prevention of terrorism. According to the Federal Emergency Management Agency (FEMA) terrorist attacks have the potential to be prevented. Consequently, the focus of this study is on security enhancement and improving the resiliency of a nation to prevent terrorist attacks. Accordingly, we review articles from the 25 top journals, [following procedures developed by Gupta et al. (2016)], in the fields of Production and Operations Management, Operations Research, Management Science, and Supply Chain Management. In addition, we searched some selected journals in the fields of Information Sciences, Political Science, and Economics. This literature is organized and reviewed under the following seven core capabilities defined by the Department of Homeland Security (DHS): (1) Intelligence and Information Sharing, (2) Planning, (3) Interdiction and Disruption, (4) Screening, Search, and Detection, (5) Forensics and Attribution, (6) Public Information and Warning, and (7) Operational Coordination. We found that POM research on terrorism is primarily driven by the type of information that a defending country and a terrorist have about each other. Game theory is the main technique that is used in most research papers. Possible directions for future research are discussed

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

An Overview of Catastrophic AI Risks

Rapid advancements in artificial intelligence (AI) have sparked growing concerns among experts, policymakers, and world leaders regarding the potential for increasingly advanced AI systems to pose catastrophic risks. Although numerous risks have been detailed separately, there is a pressing need for a systematic discussion and illustration of the potential dangers to better inform efforts to mitigate them. This paper provides an overview of the main sources of catastrophic AI risks, which we organize into four categories: malicious use, in which individuals or groups intentionally use AIs to cause harm; AI race, in which competitive environments compel actors to deploy unsafe AIs or cede control to AIs; organizational risks, highlighting how human factors and complex systems can increase the chances of catastrophic accidents; and rogue AIs, describing the inherent difficulty in controlling agents far more intelligent than humans. For each category of risk, we describe specific hazards, present illustrative stories, envision ideal scenarios, and propose practical suggestions for mitigating these dangers. Our goal is to foster a comprehensive understanding of these risks and inspire collective and proactive efforts to ensure that AIs are developed and deployed in a safe manner. Ultimately, we hope this will allow us to realize the benefits of this powerful technology while minimizing the potential for catastrophic outcomes

Foundations of Trusted Autonomy

Trusted Autonomy; Automation Technology; Autonomous Systems; Self-Governance; Trusted Autonomous Systems; Design of Algorithms and Methodologie

Temporal and population dynamics of depressive symptoms : empirical and modeling approaches

Depression has been estimated to be the second largest cause of years lived with a disability, and much research on depressive symptoms exists. Despite this, basic research has not found natural taxa that would correspond to clinical diagnoses for depression. It is often assumed that a one-dimensional latent continuum underlies depressive symptoms, but empirical evidence does not support this idea either. Therefore, it has been suggested that depressive symptoms are part of a complex causal network that has not yet been adequately understood. This thesis aims to understand statistical variation and joint variation of individual depressive symptoms over time, the causal relationships between these symptoms, and their potentially adaptive evolutionary origins. The research material consists of the prospective Young Finns study that began in 1980 and included 3596 participants, the 10317-participant Wisconsin Longitudinal study, and mathematical models for the evolution of cooperation. First, temporal trajectories of a depressive-symptom sum was modeled with a stochastic differential equation model which results in a more empirically justified approach than typical latent-trait models, allowing causal roles for individual symptoms rather than viewing them as passive reflections. Regarding individual symptoms, it was shown that body-image dissatisfaction was the most temporally stable symptom, and strongly associated with chronically elevated dysphoria over a 16 year follow-up. In contrast, symptoms related to sleep and tiredness were the least stable, and novel methods based on non-Gaussian distributions suggested that sleep problems cause other depressive symptoms. Finally, combining the bargaining models of depression with mathematical models for the evolution of cooperation showed that, in theory, evolution should favor the emergence of depressive symptoms in natural populations, as they promote fitness-enhancing cooperation by rendering defection from joint enterprises less tempting. Overall, instead of a single disorder, depressive symptoms may reflect multiple processes, some of them being adaptive instead of dysfunctional.Masennus on arvioitu toisiksi suurimmaksi toimintakyvyttömänä elettyjen elinvuosien aiheuttajaksi maailmassa, ja masennusoireita on tutkittu paljon. Tästä huolimatta perustutkimus ei ole löytänyt kliinistä diagnostiikkaa vastaavaa luonnollista rajaa masentuneiden ja ei-masentuneiden välille. Yksiulotteinen jatkumo usein oletetaan masennusoireiden taustavaikuttajaksi, mutta tätäkään ajatusta uusin tutkimus ei tue. Oireiden ajatellaan olevan osa huonosti tunnettua syy- ja seuraussuhteiden verkostoa. Tässä väitöskirjassa pyritään ymmärtämään yksittäisten masennusoireiden tilastollista vaihtelua ja yhteisvaihtelua ajassa, oireiden kausaaliyhteyksiä, ja niiden mahdollisia evoluution kannalta adaptiivisia ominaisuuksia. Tutkimusmateriaalina toimivat 1980-luvulta asti seurattu 3596:n suomalaisen havaintoaineisto, Lasten Sepelvaltimotaudin Riskitekijät -tutkimus, 10317 amerikkalaisen havaintoaineisto, Wisconsinin pitkättäistutkimus, sekä yhteistyön evoluution matemaattiset mallit. Usein tutkittua masennusoiresummaa tarkasteltiin stokastisen differentiaaliyhtälömallin avulla. Se tuottaa tyypillisiä latentin taustatekijän malleja realistisemman tilastollisen aikasarjakuvauksen, ja mahdollistaa yksittäisten oireiden toimimisen kausaalisesti aktiivisina tekijöinä yksiulotteisen taustatekijän heijastusten sijaan. Näistä yksittäisistä oireista todettiin, että tyytymättömyys omaan ruumiinkuvaan oli sekä ajassa poikkeuksellisen pysyvää että vahvasti yhteydessä 16 vuoden ajan suhteellisen korkeana pysyneeseen masennuspisteeseen. Sen sijaan uneen ja väsymykseen liittyvä oireilu oli lyhytkestoisempaa, ja uudenlaisen epä-Gaussisiin jakaumiin perustuvan päättelyn mukaan aiheutti muita masennusoireita. Yhdistämällä masennuksen neuvottelustrategia-malli yhteistyön evoluution matemaattisiin malleihin osoitettiin että teoriassa evoluution tulisi suosia masennuspiirteiden kehittymistä populaatiotasolla. Ne voivat edesauttaa yhteistyön syntymistä vähentämällä vapaamatkustamisen yksilökohtaisia hyötyjä. Tulokset vihjaavat että yksittäisen häiriön sijaan, masennusoireet heijastelevat useita prosesseja, joista osa voi olla ennemmin adaptiivisia kuin toimintahäiriöitä

Metaphors for cyber security.

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health)

Evolutionary Psychology Meets Social Neuroscience

This book aims to open a debate full of theoretical and experimental contributions among the different disciplines in social research, psychology, neuroscience, and sociology and to give an innovative vision to the present research and future perspective on the topic. The fundamental research areas of evolutionary psychology can be divided into two broad categories: the basic cognitive processes, and the way they evolved within the species, and the adaptive social behaviors that derive from the theory of evolution: survival, parenting, family and kinship, interactions with nonparents, and cultural evolution. Evolutionary Psychology Meets Social Neuroscience explains at individual and group level the fundamental behaviors of social life, such as altruism, cooperation, competition, social exclusion, and social support