Security-by-experiment: lessons from responsible deployment in cyberspace

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safetyrelated, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, dversarial agents (attackers)may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies

Reconciling Malicious and Accidental Risk in Cyber Security

Abstract Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from system design, due to the strategic behaviour of attackers. Although there are risk assessment methods that deal with strategic attackers, these do not provide expected frequencies as outputs, making it impossible to integrate those in existing (safety) risk management practices. To overcome this problem, we propose to extend the FAIR (Factor Analysis of Information Risk) framework to support malicious, targeted attacks. Our approach is based on (1) a clear separation of system vulnerability and environmental threat event frequencies, and (2) deriving threat event frequencies from attacker resources and attacker strategies rather than estimating them directly, drawing upon work in adversarial risk analysis. This approach constitutes an innovative way to quantify expected attack frequencies as a component of (information) security metrics for investment decisions

The process matters: cyber security in industrial control systems

An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important. In this context, the most valuable asset is the process that is under the control of the ICS. As a result of attacks on the process, the behaviour of the process (i.e., the program output in a computer program) changes due to modifications in: a) the automation logic (i.e., program instruction set) or b) the process input parameters (i.e., the program input). The detection of process manipulations through attacks is challenging as it requires the understanding of complex process dependencies in sensitive and often proprietary environments. Due to these conditions, the problem of process manipulations has not been thoroughly studied by security researchers. This thesis tackles this challenge by performing pioneering work in exploring suitable techniques for detecting process attacks in ICS. The main focus of the thesis is the problem of malicious manipulations in process input. We consider input manipulations carried through a) user application and b) network infrastructure. Our work shows that relevant information describing process operation can be extracted and analysed from common system traces (i.e., network traffic and system logs) to improve the awareness of the detector about the process that is under the control of the ICS. By doing this, we lay the ground for detecting critical process attacks that cannot be addressed by the existing solutions

Security-by-experiment Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace

Abstract Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safetyrelated, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents (attackers) may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies

TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster)

Existing methods for security risk analysis typically estimate time, cost, or likelihood of success of attack steps. When the threat environment changes, such values have to be updated as well. However, the estimated values reflect both system properties and attacker properties: the time required for an attack step depends on attacker skill as well as the strength of a particular system component. In the TRESPASS project, we propose the separation of attacker and system properties. By doing so, we enable “plug-and-play” attacker profiles: profiles of adversaries that are independent of system properties, and thus can be re- used in the same or different organisation to compare risk in case of different attacker profiles. We demonstrate its application in the framework of attack trees, as well as our new concept of attack navigators

Valutazione preliminare del ruolo del valore di mesotelina sierica nel monitoraggio di nodularita' polmonari in lavoratori esposti ad amianto sottoposti ad accertamenti preventivi

il lavoro di tesi consiste nella valutazione preliminare del ruolo della mesotelina sierica come marcatore precoce di noduli polmonari non Tac specifici ottenuto confrontando l'aumento volumetrico e numerico di tali nodularita'con il valore della mesotelina sieric