A Research-led Practice-driven Digital Forensic Curriculum to Train Next Generation of Cyber Firefighters

Lack of skilled digital forensic professionals is seriously affecting the everyday life of everyone as businesses and law enforcement are struggling to fill the bare minimum number of digital investigator positions. This skills shortage can hinder incident response, with organizations failing to put effective measures in place following a cyberattack or to gather the digital evidence that could lead to the successful prosecution of malicious insiders and cybercriminals. It therefore makes the connected world less secure and digital economies less reliable, affecting everyone in their ecosystems. The commercial and public sectors are looking to higher education institutions to produce quality graduates equipped to enter the digital forensics profession. This paper presents our proposed research-led, practice-driven digital forensics curriculum. The curriculum is designed to respond to employers’ needs and is built on the experience of running a successful Cyber Security programme at Birmingham City University in the industrial heartland of the UK. All students will take a common set of modules in the first semester, but will be given the opportunity to specialise in digital forensics in the second semester and in their summer project, enabling them to graduate with the degree of MSc Digital Forensics

Collective responsibility and mutual coercion in IoT botnets: a tragedy of the commons problem

In recent years, several cases of DDoS attacks using IoT botnets have been reported, including the largest DDoS known, caused by the malware Mirai in 2016. The infection of the IoT devices could have been prevented with basic security hygiene, but as the actors responsible to apply these preventative measures are not the main target but just “enablers” of the attack their incentive is little. In most cases they will even be unaware of the situation. Internet, as a common and shared space allows also some costs to be absorbed by the community rather than being a direct consequence suffered by those that behave insecurely. This paper analyses the long term effects of the prevalence of a system where individual decision-making systematically causes net harm. An analogy with “the tragedy of the commons” problem is done under the understanding that rational individuals seek the maximization of their own utility, even when this damages shared resources. Four areas of solution are proposed based on the review of this problem in different contexts. It was found necessary to include non-technical solutions and consider human behaviour. This opens a discussion about a multidisciplinary focus in IoT cyber security

An Algebra for Delay-Insensitive Circuits

A novel process algebra is presented; algebraic expressions specify delay-insensitive circuits in terms of voltage-level transitions on wires. The approach appears to have several advantages over traditional state-graph and production-rule based methods. The wealth of algebraic laws makes it possible to specify circuits concisely and facilitates the verification of designs. Individual components can be composed into circuits in which signals along internal wires are hidden from the environment

An Indicators-of-Risk Library for Industrial Network Security

This paper introduces an “Indicator of Risk (IoR) Library" that leverages the MITRE ATT&CK for Industrial Control Systems (ICS) knowledge base to support continuous risk monitoring. This allows also making use of variables that are already being monitored to analyse risks in a continuous basis. IoRs broaden the concept of Indicators of Compromise by combining detection strategies with probabilistic inference as a tool for quantifying cyber-security risks. The latest version of the Library has 95 IoRs and has been reviewed by professionals from three major companies and cross-referenced against detection use-cases implemented by other researchers to validate its potential to identify variables for monitoring cyber-risks in ICS

A method for determining venous contribution to BOLD contrast sensory activation

While BOLD contrast reflects haemodynamic changes within capillaries serving neural tissue, it also has a venous component. Studies that have determined the relation of large blood vessels to the activation map indicate that veins are the source of the largest response, and the most delayed in time. It would be informative if the location of these large veins could be extracted from the properties of the functional responses, since vessels are not visible in BOLD contrast images. The present study describes a method for investigating whether measures taken from the functional response can reliably predict vein location, or at least be useful in down-weighting the venous contribution to the activation response, and illustrates this method using data from one subject. We combined fMRI at 3 Tesla with high-resolution anatomical imaging and MR venography to test whether the intrinsic properties of activation time courses corresponded to tissue type. Measures were taken from a gamma fit to the functional response. Mean magnitude showed a significant effect of tissue type (P veins ≈ grey matter > white matter. Mean delays displayed the same ranking across tissue types (P grey matter. However, measures for all tissue types were distributed across an overlapping range. A logistic regression model correctly discriminated 72% of the veins from grey matter in the absence of independent information of macroscopic vessels (ROC=0.72). Whilst tissue classification was not perfect for this subject, weighting the T contrast by the predicted probabilities materially reduced the venous component to the activation map

Criteria for the diagnosis of corticobasal degeneration

Current criteria for the clinical diagnosis of pathologically confirmed corticobasal degeneration (CBD) no longer reflect the expanding understanding of this disease and its clinicopathologic correlations. An international consortium of behavioral neurology, neuropsychology, and movement disorders specialists developed new criteria based on consensus and a systematic literature review. Clinical diagnoses (early or late) were identified for 267 nonoverlapping pathologically confirmed CBD cases from published reports and brain banks. Combined with consensus, 4 CBD phenotypes emerged: corticobasal syndrome (CBS), frontal behavioral-spatial syndrome (FBS), nonfluent/agrammatic variant of primary progressive aphasia (naPPA), and progressive supranuclear palsy syndrome (PSPS). Clinical features of CBD cases were extracted from descriptions of 209 brain bank and published patients, providing a comprehensive description of CBD and correcting common misconceptions. Clinical CBD phenotypes and features were combined to create 2 sets of criteria: more specific clinical research criteria for probable CBD and broader criteria for possible CBD that are more inclusive but have a higher chance to detect other tau-based pathologies. Probable CBD criteria require insidious onset and gradual progression for at least 1 year, age at onset ≥50 years, no similar family history or known tau mutations, and a clinical phenotype of probable CBS or either FBS or naPPA with at least 1 CBS feature. The possible CBD category uses similar criteria but has no restrictions on age or family history, allows tau mutations, permits less rigorous phenotype fulfillment, and includes a PSPS phenotype. Future validation and refinement of the proposed criteria are needed

AudiWFlow: Confidential, Collusion-resistant Auditing of Distributed Workflows

We discuss the problem of accountability when multiple parties cooperate towards an end result such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a full trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual participant is unaccountable to all others. We propose AudiWFlow, an auditing architecture which makes participants accountable for its contributions in a distributed workflow. Our scheme provides confidentiality in most cases, collusion detection and availability of evidence after the workflow terminates. AudiWFlow is based on verifiable secret sharing and real-time peer-to-peer verification of records; it further supports multiple levels of assurance to meet a desired trade-off between the availability of evidence and the overhead resulting from the auditing approach. We propose and evaluate two implementation approaches for AudiWFlow. The first one is fully distributed except for a central auxiliary point that, nevertheless, needs only a low level of trust. The second one is based on smart-contracts running on a public blockchain which is able to remove the need of any central point but requires the integration with a blockchain