| Title | A Taxonomy of Operational Cyber Security Risks |
| Author | James J. Cebula Lisa R. Young |
| Year | |
| Keyword | |
| Abstract |
| Title | Insiders Behaving Badly: Addressing Bad Actors and Their Actions |
| Author | Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford |
| Year | 2009 |
| Keyword | Cyber crime, cyber security, insider threat. |
| Abstract | We present a framework for describing insiders and their actions based on the organization, the environment, the system, and the individual. Using several real examples of unwelcome insider action (hard drive removal, stolen intellectual property, tax fraud, and proliferation of e-mail responses), we show how the taxonomy helps in understanding how each situation arose and could have been addressed. The differentiation among types of threats suggests how effective responses to insider threats might be shaped, what choices exist for each type of threat, and the implications of each. Future work will consider appropriate strategies to address each type of insider threat in terms of detection, prevention, mitigation, remediation, and punishment. |
| Title | |
| Author | Jereme N. Haack, Glenn A. Fink, Wendy M. Maiden, David McKinnon, |
| Year | |
| Keyword | agents; security; mixed-initiative |
| Abstract | Organizations and their computer infrastructures have grown intertwined in complex relationships through mergers, acquisitions, reorganizations, and cooperative service delivery. Consequently, defensive actions and policy changes by one organization may have far-reaching negative consequences on the partner organizations. Human-centric and machine-centric approaches are insufficient for defending the security of today's increasingly complex computer infrastructures. The former are slow but highly adaptive, while the latter are fast but highly specialized. We believe the solution lies in mixed-initiative defenses combining the complementary qualities of both human- and machine-based approaches. We describe the Cooperative Infrastructure Defense (CID), a new cyberdefense paradigm designed to unify complex-adaptive swarm intelligence, logical rational agents, and human insight. CID will enable cooperative defense of infrastructure through situational awareness using visualization, security policy dialogue between humans and agents, shared initiative in solving cyber problems, and a foundation for building trust between humans and agents within and between organizations. |
| Title | Inadvertent Threat Detection According to Power System Components |
| Author | Hyuk Kim †, ††, and Jung-Chan Na †, †† |
| Year | 2012 |
| Keyword | |
| Abstract |
| Title | Inadvertent Threat Detection According to Power System Components |
| Author | Hyuk Kim †, ††, and Jung-Chan Na †, †† |
| Year | 2012 |
| Keyword | |
| Abstract |
| Title | Inadvertent Threat Detection According to Power System Components |
| Author | Hyuk Kim †, ††, and Jung-Chan Na †, †† |
| Year | 2012 |
| Keyword | |
| Abstract |
| Title | Inadvertent Threat Detection According to Power System Components |
| Author | Hyuk Kim †, ††, and Jung-Chan Na †, †† |
| Year | 2012 |
| Keyword | |
| Abstract |
| Title | Insiders Behaving Badly: Addressing Bad Actors and Their Actions |
| Author | Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford |
| Year | 2009 |
| Keyword | Cyber crime, cyber security, insider threat. |
| Abstract | We present a framework for describing insiders and their actions based on the organization, the environment, the system, and the individual. Using several real examples of unwelcome insider action (hard drive removal, stolen intellectual property, tax fraud, and proliferation of e-mail responses), we show how the taxonomy helps in understanding how each situation arose and could have been addressed. The differentiation among types of threats suggests how effective responses to insider threats might be shaped, what choices exist for each type of threat, and the implications of each. Future work will consider appropriate strategies to address each type of insider threat in terms of detection, prevention, mitigation, remediation, and punishment. |
| Title | Towards Mechanisms for Detection and Prevention of Data Exfiltration by Insiders |
| Author | Keynote Talk Paper Elisa Bertino Gabriel Ghinita |
| Year | 2011 |
| Keyword | Insider Threat, Data Exfiltration. |
| Abstract | Data represent an extremely important asset for any organization. Confidential data such as military secrets or intellectual property must never be disclosed outside the organization. Therefore, one of the most severe threats in the case of cyber-insider attacks is the loss of confidential data due to exfiltration. A malicious insider who has the proper credentials to access the organization databases may, over time, send data outside the organization network through a variety of channels, such as email, crafted HTTP requests that encapsulate data, etc. Existing security tools for detection of cyber-attacks focus on protecting the boundary between the organization and the outside world. Numerous network-level intrusion detection systems (IDS) exist, which monitor the traffic pattern and attempt to infer anomalous behavior. While such tools may be effective in protecting against external attacks, they are less suitable when the data exfiltration is performed by an insider who has the proper credentials and authorization to access resources within the organization. In this paper, we argue that DBMS-layer detection and prevention systems are the best alternative to defend against data exfiltration because: (1) DBMS access is performed through a standard, unique language (SQL) with well-understood semantics; (2) monitoring the potential disclosure of confidential data is more effective if done as close as possible to the data source; and (3) the DBMS layer already has in place a thorough mechanism for enforcing access control based on subject credentials. By analyzing the pattern of interaction between subjects and the DBMS, it is possible to detect anomalous activity that is indicative of early signs of exfiltration. In the paper, we outline a taxonomy of cyber-insider dimensions of activities that are indicative of data exfiltration, and we discuss a high-level architecture and mechanisms for early detection of exfiltration by insiders. We also outline a virtualization-based mechanism that prevents insiders from exfiltrating data, even in the case when they manage to gain control over the network. The protection mechanism relies on explicit authorization of data transfers that cross the organizational boundary. |
| Title | Cybercrime: Vandalizing the Information Society |
| Author | Steven Furnell |
| Year | 2003 |
| Keyword | |
| Abstract | Cybercrime has received significant coverage in recent years, with the media, law enforcers, and governments all working to bring the issue to our attention. This paper begins by presenting an overview of the problem, considering the scope and scale of reported incidents. From this, a series of common attack types are considered (focusing upon website defacement, denial of service and malware), with specific emphasis upon the potential for these to be automated and mounted by novices. Leading on from this, the problem of policing cybercrime is considered, with attention to the need for suitable legislation, and appropriate resourcing of law enforcers. It is concluded that that cybercrime is an inevitable downside of the information society, and that organizations and individuals consequently have a stake in ensuring their own protection. |
| Title | A survey of end-users The challenges of understanding and using security: |
| Author | |
| Year | 2005 |
| Keyword | Security Usability Human–computer interaction |
| Abstract |
| Title | A survey of end-users The challenges of understanding and using security: |
| Author | |
| Year | 2005 |
| Keyword | Security Usability Human–computer interaction |
| Abstract |
| Title | A survey of end-users The challenges of understanding and using security: |
| Author | |
| Year | 2005 |
| Keyword | Security Usability Human–computer interaction |
| Abstract |
| Title | A survey of end-users The challenges of understanding and using security: |
| Author | |
| Year | 2005 |
| Keyword | Security Usability Human–computer interaction |
| Abstract |
| Title | |
| Author | Farkhod Alsiherov, Taihoon Kim Dept. Multimedia Engineering Hannam University Daejeon, South Korea |
| Year | 2010 |
| Keyword | |
| Abstract | The overall security concern facing the designers and operators of SCADA and, more generally, of industrial control systems typically originates either from malicious threat agents attempting to disrupt the control system operation, e.g. to create a power outage, or it originates from inadvertent actions, equipment failure, or similar. Electric utilities require secure network and control system. This paper illustrates solutions for control networks and equipment, SCADA data and communications. |
| Title | SaaS Performance and Scalability Evaluation in Clouds |
| Author | San Jose State University, USA ®Tsinghua University, China Xiaoying Bai w. T. Tsai |
| Year | 2011 |
| Keyword | |
| Abstract | Cloud computing not only changes today's computing infrastructure, but also alters the way of obtaining computing resources, managing and delivering software and services. Meanwhile, cloud computing brings new issues, challenges, and needs in performance testing, evaluation and scalability measurement due to the special features of cloud computing, such as elasticity and scalability. This paper focuses on performance evaluation and scalability measurement issue for Software as a Service (SaaS) in clouds. It proposes new formal graphic models and metrics to evaluate SaaS performance and analyze system scalability in clouds. In addition, the paper reports an evaluation approach based on Amazon's EC2 cloud technology and detailed case study results using the proposed models and metrics. |
| Title | SaaS Performance and Scalability Evaluation in Clouds |
| Author | San Jose State University, USA ®Tsinghua University, China Xiaoying Bai w. T. Tsai |
| Year | 2011 |
| Keyword | |
| Abstract | Cloud computing not only changes today's computing infrastructure, but also alters the way of obtaining computing resources, managing and delivering software and services. Meanwhile, cloud computing brings new issues, challenges, and needs in performance testing, evaluation and scalability measurement due to the special features of cloud computing, such as elasticity and scalability. This paper focuses on performance evaluation and scalability measurement issue for Software as a Service (SaaS) in clouds. It proposes new formal graphic models and metrics to evaluate SaaS performance and analyze system scalability in clouds. In addition, the paper reports an evaluation approach based on Amazon's EC2 cloud technology and detailed case study results using the proposed models and metrics. |
| Title | Cyber Security Components for Pervasive Enterprise Security Management and the Virtualization Aspects |
| Author | Bassam S. Farroha Deborah L. Farroha |
| Year | 2010 |
| Keyword | |
| Abstract |
| Title | Cyber Security Components for Pervasive Enterprise Security Management and the Virtualization Aspects |
| Author | Bassam S. Farroha Deborah L. Farroha |
| Year | 2010 |
| Keyword | |
| Abstract |
| Title | Application Stress Testing |
| Author | Achieving Cyber Security by Testing Cyber Attacks Al Underbrink, Andrew Potter, PhD, and Holger Jaenisch, PhD Donald J. Reifer |
| Year | 2012 |
| Keyword | penetration testing; application testing; attack; software assurance; softwaer quality |
| Abstract | Application stress testing applies the concept of computer network penetration testing to software applications. Since software applications may be attacked – from inside or outside a protected network boundary – they are threatened by actions and conditions which cause delays, disruptions, or failures. Stress testing exposes software systems to simulated cyber attacks, revealing potential weaknesses and vulnerabilities in their implementation. By using such testing, these internal weaknesses and vulnerabilities can be discovered earlier in the software development life cycle, corrected prior to deployment, and lead to improved software quality. Application stress testing is a process and software prototype for verifying the quality of software applications under severe operating conditions. Since stress testing is rarely – if at all – performed today, the possibility of deploying critical software systems that have been stress tested provides a much stronger indication of their ability to withstand cyber attacks. Many possible attack vectors against critical software can be verified as true threats and mitigated prior to deployment. This improves software quality and serves as a tremendous risk reduction for critical software systems used in government and commercial enterprises. The software prototype models and verifies failure conditions of a system under test (SUT). The SUT is first executed in a virtual environment and its normal operational modes are observed. A normal behavior model is generated in order to predict failure conditions based on attack models and external SUT interfaces. Using off-the-shelf software tools, the predictions are verified in the virtual environment by stressing the executing SUT with attacks against the SUT. Results are presented to testers and system developers for dispensation or mitigation. |
| Title | Application Stress Testing |
| Author | Achieving Cyber Security by Testing Cyber Attacks Al Underbrink, Andrew Potter, PhD, and Holger Jaenisch, PhD Donald J. Reifer |
| Year | 2012 |
| Keyword | penetration testing; application testing; attack; software assurance; softwaer quality |
| Abstract | Application stress testing applies the concept of computer network penetration testing to software applications. Since software applications may be attacked – from inside or outside a protected network boundary – they are threatened by actions and conditions which cause delays, disruptions, or failures. Stress testing exposes software systems to simulated cyber attacks, revealing potential weaknesses and vulnerabilities in their implementation. By using such testing, these internal weaknesses and vulnerabilities can be discovered earlier in the software development life cycle, corrected prior to deployment, and lead to improved software quality. Application stress testing is a process and software prototype for verifying the quality of software applications under severe operating conditions. Since stress testing is rarely – if at all – performed today, the possibility of deploying critical software systems that have been stress tested provides a much stronger indication of their ability to withstand cyber attacks. Many possible attack vectors against critical software can be verified as true threats and mitigated prior to deployment. This improves software quality and serves as a tremendous risk reduction for critical software systems used in government and commercial enterprises. The software prototype models and verifies failure conditions of a system under test (SUT). The SUT is first executed in a virtual environment and its normal operational modes are observed. A normal behavior model is generated in order to predict failure conditions based on attack models and external SUT interfaces. Using off-the-shelf software tools, the predictions are verified in the virtual environment by stressing the executing SUT with attacks against the SUT. Results are presented to testers and system developers for dispensation or mitigation. |
| Title | Prioritization and Policy Development in CyberSecurity Requirements Analysis, Specification, Physical Systems |
| Author | |
| Year | 2011 |
| Keyword | cyber-physical systems (CPS); CPS security requirements; high order object oriented modeling technique; CPS security requirements prioritization;.hardware-software interaction. |
| Abstract | In recent past, the security of cyber-physical systems (CPSs) has been the subject of major concern. One of the reasons is that, CPSs are often applied to mission-critical processes. Also, the automation CPSs bring in managing physical processes, and the detail of information available to them for carrying out their tasks, make securing them a prime importance. Securing CPSs is a difficult task as systems are interconnected. In order to achieve a continuous secured CPS environment, there is the need for an integrated methodology to analyze, specify and prioritize security requirements and also to develop policies to meet them. First, CPS assets are represented using high-order object models. Second, swimlane diagrams are extended to include malactivities and prevention or mitigation options to decompose use cases. We analyze security threats pertaining to the hardware components, software components and the hardware-software interaction. Security requirements are then specified, and an analytical prioritization approach, based on relative priority analysis is employed to prioritize them. Finally, security policies are then developed to meet the requirements. To demonstrate its effectiveness and evaluate its application, the proposed methodology is applied in a structured approach to a testbed – Ayushman, a Pervasive Health Monitoring System (PHMS). |
| Title | Prioritization and Policy Development in CyberSecurity Requirements Analysis, Specification, Physical Systems |
| Author | |
| Year | 2011 |
| Keyword | cyber-physical systems (CPS); CPS security requirements; high order object oriented modeling technique; CPS security requirements prioritization;.hardware-software interaction. |
| Abstract | In recent past, the security of cyber-physical systems (CPSs) has been the subject of major concern. One of the reasons is that, CPSs are often applied to mission-critical processes. Also, the automation CPSs bring in managing physical processes, and the detail of information available to them for carrying out their tasks, make securing them a prime importance. Securing CPSs is a difficult task as systems are interconnected. In order to achieve a continuous secured CPS environment, there is the need for an integrated methodology to analyze, specify and prioritize security requirements and also to develop policies to meet them. First, CPS assets are represented using high-order object models. Second, swimlane diagrams are extended to include malactivities and prevention or mitigation options to decompose use cases. We analyze security threats pertaining to the hardware components, software components and the hardware-software interaction. Security requirements are then specified, and an analytical prioritization approach, based on relative priority analysis is employed to prioritize them. Finally, security policies are then developed to meet the requirements. To demonstrate its effectiveness and evaluate its application, the proposed methodology is applied in a structured approach to a testbed – Ayushman, a Pervasive Health Monitoring System (PHMS). |
| Title | Prioritization and Policy Development in CyberSecurity Requirements Analysis, Specification, Physical Systems |
| Author | |
| Year | 2011 |
| Keyword | cyber-physical systems (CPS); CPS security requirements; high order object oriented modeling technique; CPS security requirements prioritization;.hardware-software interaction. |
| Abstract | In recent past, the security of cyber-physical systems (CPSs) has been the subject of major concern. One of the reasons is that, CPSs are often applied to mission-critical processes. Also, the automation CPSs bring in managing physical processes, and the detail of information available to them for carrying out their tasks, make securing them a prime importance. Securing CPSs is a difficult task as systems are interconnected. In order to achieve a continuous secured CPS environment, there is the need for an integrated methodology to analyze, specify and prioritize security requirements and also to develop policies to meet them. First, CPS assets are represented using high-order object models. Second, swimlane diagrams are extended to include malactivities and prevention or mitigation options to decompose use cases. We analyze security threats pertaining to the hardware components, software components and the hardware-software interaction. Security requirements are then specified, and an analytical prioritization approach, based on relative priority analysis is employed to prioritize them. Finally, security policies are then developed to meet the requirements. To demonstrate its effectiveness and evaluate its application, the proposed methodology is applied in a structured approach to a testbed – Ayushman, a Pervasive Health Monitoring System (PHMS). |
| Title | Monitoring and Management Approach for Cyber Security Events over Complex Systems |
| Author | Paul C. Hershey, Ph.D. and Charles B. Silio, Jr., Ph.D. |
| Year | 2011 |
| Keyword | Complex Systems, Cyber Security, Information Assurance, Enterprise Systems, Network Centric, Communications Systems, Monitoring and Response, Network Management |
| Abstract | DoD, agency and commercial operations centers that manage complex enterprise systems face the problem of protecting both the systems and the data they carry against cyber attacks while, at the same time, providing high quality end-to-end services that meet service level agreements and help ensure mission success. Presently there exists no comprehensive tool suite that encompasses the procedures, methods, and policies to provide an effective enterprise cyber security monitoring and management solution. This paper provides a basis from which to fill that void by introducing a new framework for monitoring and managing cyber security events in complex systems. We demonstrate application of this framework using several realistic scenarios. |