103 research outputs found
Perfectly Secure Communication, based on Graph-Topological Addressing in Unique-Neighborhood Networks
We consider network graphs in which adjacent nodes share common
secrets. In this setting, certain techniques for perfect end-to-end security
(in the sense of confidentiality, authenticity (implying integrity) and
availability, i.e., CIA+) can be made applicable without end-to-end shared
secrets and without computational intractability assumptions. To this end, we
introduce and study the concept of a unique-neighborhood network, in which
nodes are uniquely identifiable upon their graph-topological neighborhood.
While the concept is motivated by authentication, it may enjoy wider
applicability as being a technology-agnostic (yet topology aware) form of
addressing nodes in a network
Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code
We describe a mechanism to create fair and explainable incentives for
software developers to reward contributions to security of a product. We use
cooperative game theory to model the actions of the developer team inside a
risk management workflow, considering the team to actively work against known
threats, and thereby receive micro-payments based on their performance. The use
of the Shapley-value provides natural explanations here directly through (new)
interpretations of the axiomatic grounding of the imputation. The resulting
mechanism is straightforward to implement, and relies on standard tools from
collaborative software development, such as are available for git repositories
and mining thereof. The micropayment model itself is deterministic and does not
rely on uncertain information outside the scope of the developer team or the
enterprise, hence is void of assumptions about adversarial incentives, or user
behavior, up to their role in the risk management process that the mechanism is
part of. We corroborate our model with a worked example based on real-life
data.Comment: presented as a poster at GameSec 2023 (www.gamesec-conf.org
Integration of Ontological Scene Representation and Logic-Based Reasoning for Context-Aware Driver Assistance Systems
Co-operative driver assistance systems share information about their surrounding with each other, thus enhancing their knowledge and their performance. For successful information exchange and interpretation, a common domain understanding is needed. This paper first presents an ontology-based context-model for driving scene description, including next to spatio-temporal components also additional context information like traffic signs, state of the driver and the own-vehicle. For traffic rules, we integrate the ontological scene description with a logic programming environment, to enable complex and powerful reasoning on the given information. The proposed ontology is discussed with respect to a set of validation criteria. For integration with logic programming a prototypical development of an overtaking assistant is shown to demonstrate the feasibility of the approach
- …