539 research outputs found
Believing the Integrity of a System (Invited Talk)
AbstractAn integrity policy defines the situations when modification of information is authorised and is enforced by the protection mechanisms of a system. Traditional models of protection tend to define integrity in terms of ad-hoc authorisation techniques whose effectiveness are justified more on the basis of experience and "best practice" rather than on any theoretical foundation. In a complex application system it is possible that an integrity policy may have been incorrectly configured, or that the protection mechanisms are inadequate, resulting in an unexpected system compromise. This paper examines the meaning of integrity and and describes a simple belief logic approach for analysing the integrity of a system configuration
Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use
A challenge is to develop cyber-physical system scenarios that reflect the
diversity and complexity of real-life cyber-physical systems in the research
questions that they address. Time-bounded collaborative events, such as
hackathons, jams and sprints, are increasingly used as a means of bringing
groups of individuals together, in order to explore challenges and develop
solutions. This paper describes our experiences, using a science hackathon to
bring individual researchers together, in order to develop a common use-case
implemented on a shared CPS testbed platform that embodies the diversity in
their own security research questions. A qualitative study of the event was
conducted, in order to evaluate the success of the process, with a view to
improving future similar events
A bloom filter based model for decentralized authorization
A decentralized authorization mechanism is proposed that uses Bloom filters to implement authorization delegation. This lightweight mechanism is unlike conventional approaches that typically rely on public key certificates to implement distributed delegation. In taking an approach based on one-way hash functions, the mechanism may be preferable for use in computationally constrained environments where public-key cryptography is not desirable
Quantitatively measuring privacy in interactive query settings within RDBMS framework
Little attention has been paid to the measurement of risk to privacy in Database Management Systems, despite their prevalence as a modality of data access. This paper proposes PriDe, a quantitative privacy metric that provides a measure (privacy score) of privacy risk when executing queries in relational database management systems. PriDe measures the degree to which attribute values, retrieved by a principal (user) engaging in an interactive query session, represent a reduction of privacy with respect to the attribute values previously retrieved by the principal. It can be deployed in interactive query settings where the user sends SQL queries to the database and gets results at run-time and provides privacy-conscious organizations with a way to monitor the usage of the application data made available to third parties in terms of privacy. The proposed approach, without loss of generality, is applicable to BigSQL-style technologies. Additionally, the paper proposes a privacy equivalence relation that facilitates the computation of the privacy score
Swope Supernova Survey 2017a (SSS17a), the Optical Counterpart to a Gravitational Wave Source
On 2017 August 17, the Laser Interferometer Gravitational-wave Observatory
(LIGO) and the Virgo interferometer detected gravitational waves emanating from
a binary neutron star merger, GW170817. Nearly simultaneously, the Fermi and
INTEGRAL telescopes detected a gamma-ray transient, GRB 170817A. 10.9 hours
after the gravitational wave trigger, we discovered a transient and fading
optical source, Swope Supernova Survey 2017a (SSS17a), coincident with
GW170817. SSS17a is located in NGC 4993, an S0 galaxy at a distance of 40
megaparsecs. The precise location of GW170817 provides an opportunity to probe
the nature of these cataclysmic events by combining electromagnetic and
gravitational-wave observations.Comment: 25 pages, 10 figures, 2 tables, published today in Scienc
- …