Perfectly Secure Communication, based on Graph-Topological Addressing in Unique-Neighborhood Networks

We consider network graphs $G=(V,E)$ in which adjacent nodes share common secrets. In this setting, certain techniques for perfect end-to-end security (in the sense of confidentiality, authenticity (implying integrity) and availability, i.e., CIA+) can be made applicable without end-to-end shared secrets and without computational intractability assumptions. To this end, we introduce and study the concept of a unique-neighborhood network, in which nodes are uniquely identifiable upon their graph-topological neighborhood. While the concept is motivated by authentication, it may enjoy wider applicability as being a technology-agnostic (yet topology aware) form of addressing nodes in a network

Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code

We describe a mechanism to create fair and explainable incentives for software developers to reward contributions to security of a product. We use cooperative game theory to model the actions of the developer team inside a risk management workflow, considering the team to actively work against known threats, and thereby receive micro-payments based on their performance. The use of the Shapley-value provides natural explanations here directly through (new) interpretations of the axiomatic grounding of the imputation. The resulting mechanism is straightforward to implement, and relies on standard tools from collaborative software development, such as are available for git repositories and mining thereof. The micropayment model itself is deterministic and does not rely on uncertain information outside the scope of the developer team or the enterprise, hence is void of assumptions about adversarial incentives, or user behavior, up to their role in the risk management process that the mechanism is part of. We corroborate our model with a worked example based on real-life data.Comment: presented as a poster at GameSec 2023 (www.gamesec-conf.org

Integration of Ontological Scene Representation and Logic-Based Reasoning for Context-Aware Driver Assistance Systems

Co-operative driver assistance systems share information about their surrounding with each other, thus enhancing their knowledge and their performance. For successful information exchange and interpretation, a common domain understanding is needed. This paper first presents an ontology-based context-model for driving scene description, including next to spatio-temporal components also additional context information like traffic signs, state of the driver and the own-vehicle. For traffic rules, we integrate the ontological scene description with a logic programming environment, to enable complex and powerful reasoning on the given information. The proposed ontology is discussed with respect to a set of validation criteria. For integration with logic programming a prototypical development of an overtaking assistant is shown to demonstrate the feasibility of the approach