Trust and reputation policy-based mechanisms for self-protection in autonomic communications

Currently, there is an increasing tendency to migrate the management of communications and information systems onto the Web. This is making many traditional service support models obsolete. In addition, current security mechanisms are not sufficiently robust to protect each management system and/or subsystem from web-based intrusions, malware, and hacking attacks. This paper presents research challenges in autonomic management to provide self-protection mechanisms and tools by using trust and reputation concepts based on policy-based management to decentralize management decisions. This work also uses user-based reputation mechanisms to help enforce trust management in pervasive and communications services. The scope of this research is founded in social models, where the application of trust and reputation applied in communication systems helps detect potential users as well as hackers attempting to corrupt management operations and services. These so-called “cheating services” act as “attacks”, altering the performance and the security in communication systems by consumption of computing or network resources unnecessarily

Attack trees in Isabelle

In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification

Efficient Attack Graph Analysis through Approximate Inference

Attack graphs provide compact representations of the attack paths that an attacker can follow to compromise network resources by analysing network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. Bayesian inference on attack graphs enables the estimation of the risk of compromise to the system's components given their vulnerabilities and interconnections, and accounts for multi-step attacks spreading through the system. Whilst static analysis considers the risk posture at rest, dynamic analysis also accounts for evidence of compromise, e.g. from SIEM software or forensic investigation. However, in this context, exact Bayesian inference techniques do not scale well. In this paper we show how Loopy Belief Propagation - an approximate inference technique - can be applied to attack graphs, and that it scales linearly in the number of nodes for both static and dynamic analysis, making such analyses viable for larger networks. We experiment with different topologies and network clustering on synthetic Bayesian attack graphs with thousands of nodes to show that the algorithm's accuracy is acceptable and converge to a stable solution. We compare sequential and parallel versions of Loopy Belief Propagation with exact inference techniques for both static and dynamic analysis, showing the advantages of approximate inference techniques to scale to larger attack graphs.Comment: 30 pages, 14 figure

Some Directions beyond Traditional Quantum Secret Sharing

We investigate two directions beyond the traditional quantum secret sharing (QSS). First, a restriction on QSS that comes from the no-cloning theorem is that any pair of authorized sets in an access structure should overlap. From the viewpoint of application, this places an unnatural constraint on secret sharing. We present a generalization, called assisted QSS (AQSS), where access structures without pairwise overlap of authorized sets is permissible, provided some shares are withheld by the share dealer. We show that no more than $\lambda-1$ withheld shares are required, where $\lambda$ is the minimum number of {\em partially linked classes} among the authorized sets for the QSS. Our result means that such applications of QSS need not be thwarted by the no-cloning theorem. Secondly, we point out a way of combining the features of QSS and quantum key distribution (QKD) for applications where a classical information is shared by quantum means. We observe that in such case, it is often possible to reduce the security proof of QSS to that of QKD.Comment: To appear in Physica Scripta, 7 pages, 1 figure, subsumes arXiv:quant-ph/040720

Quantum Cryptography

Quantum cryptography is a new method for secret communications offering the ultimate security assurance of the inviolability of a Law of Nature. In this paper we shall describe the theory of quantum cryptography, its potential relevance and the development of a prototype system at Los Alamos, which utilises the phenomenon of single-photon interference to perform quantum cryptography over an optical fiber communications link.Comment: 36 pages in compressed PostScript format, 10 PostScript figures compressed tar fil

Cognitive-Behavioral Group Therapy versus Phenelzine in Social Phobia: Long-Term Outcome

To evaluate the effects of maintenance treatment and durability of gains after treatment discontinuation, responders to either phenelzine (PZ) or cognitive-behavioral group therapy (CBGT) from an acute trial comparing these two treatments as well as pill placebo and a psychotherapy control (educational supportive group therapy) were enrolled into maintenance and treatment-free follow-up phases. Experimental design: Responders to an acute trial contrasting PZ and CBGT entered a six-month maintenance phase. Patients who continued to respond through the maintenance phase entered a six-month treatment-free phase. Patients receiving pill placebo or educational supportive group therapy in the acute trial did not enter the long-term study. Principal observations: PZ patients entered maintenance more improved than CBGT patients, and nonrelapsing PZ patients maintained their superior gains throughout the study. Relapse during maintenance did not differ between treatments. However, PZ patients showed a trend toward greater relapse during treatment-free follow-up. There was a greater relapse among patients with generalized social phobia with phenelzine. Conclusions: PZ and cognitive-behavioral group therapy may differ in their long-term effects. The superiority seen with PZ on some measures in the acute study persisted in patients who maintained their gains over the course of maintenance and treatment-free follow-up. However, CBGT may lead to a greater likelihood of maintaining response after treatment has terminated. Replication with larger samples is needed, as is a study of the acute and long-term efficacy of combined PZ and CBGT

Quantum asymmetric cryptography with symmetric keys

Based on quantum encryption, we present a new idea for quantum public-key cryptography (QPKC) and construct a whole theoretical framework of a QPKC system. We show that the quantum-mechanical nature renders it feasible and reasonable to use symmetric keys in such a scheme, which is quite different from that in conventional public-key cryptography. The security of our scheme is analyzed and some features are discussed. Furthermore, the state-estimation attack to a prior QPKC scheme is demonstrated.Comment: 8 pages, 1 figure, Revtex

Gaussian Quantum Information

The science of quantum information has arisen over the last two decades centered on the manipulation of individual quanta of information, known as quantum bits or qubits. Quantum computers, quantum cryptography and quantum teleportation are among the most celebrated ideas that have emerged from this new field. It was realized later on that using continuous-variable quantum information carriers, instead of qubits, constitutes an extremely powerful alternative approach to quantum information processing. This review focuses on continuous-variable quantum information processes that rely on any combination of Gaussian states, Gaussian operations, and Gaussian measurements. Interestingly, such a restriction to the Gaussian realm comes with various benefits, since on the theoretical side, simple analytical tools are available and, on the experimental side, optical components effecting Gaussian processes are readily available in the laboratory. Yet, Gaussian quantum information processing opens the way to a wide variety of tasks and applications, including quantum communication, quantum cryptography, quantum computation, quantum teleportation, and quantum state and channel discrimination. This review reports on the state of the art in this field, ranging from the basic theoretical tools and landmark experimental realizations to the most recent successful developments.Comment: 51 pages, 7 figures, submitted to Reviews of Modern Physic

The ‘uberization of policing’? How police negotiate and operationalise predictive policing technology

Predictive policing generally refers to police work that utilises strategies, algorithmic technologies, and big data to generate near-future predictions about the people and places deemed likely to be involved in or experience crime. Claimed benefits of predictive policing centre on the technology’s ability to enable pre-emptive police work by automating police decisions. The goal is that officers will rely on computer software and smartphone applications to instruct them about where and who to police just as Uber drivers rely on similar technologies to instruct them about where to pick up passengers. Unfortunately, little is known about the experiences of the in-field users of predictive technologies. This article helps fill this gap by addressing the under researched area of how police officers engage with predictive technologies. As such, data is presented that outlines the findings of a qualitative study with UK police organisations involved in designing and trialing predictive policing software. Research findings show that many police officers have a detailed awareness of the limitations of predictive technologies, specifically those brought about by errors and biases in input data. This awareness has led many officers to develop a sceptical attitude towards predictive technologies and, in a few cases, these officers have expressed a reluctance to use predictive technologies. Based on these findings, this paper argues that claims about predictive software’s ability to neutralise the subjectivity of police work overlooks the ongoing struggles of the police officer to assert their agency and mediate the extent to which predictions will be trusted and utilised