nach oben

Erschienen in:

01.10.2016

Leveraging information security and computational trust for cybersecurity

verfasst von: Robson de Oliveira Albuquerque, Luis Javier García Villalba, Ana Lucila Sandoval Orozco, Rafael Timóteo de Sousa Júnior, Tai-Hoon Kim

Erschienen in: The Journal of Supercomputing | Ausgabe 10/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cybersecurity has an enormous impact in modern society, since almost everything in our day-to-day activities depends on some information and communication technology that is prone to some form of threat. This paper argues that cybersecurity depends on the combined effect of information security measures together with explicit trust verification that these measures are operational and effective. In this sense, this paper provides a view of information treatments related to trust and information security and discusses how together they can counter advanced persistent threats and exploits that now plague the cyberspace.

Vorheriger Artikel Improving the classification performance of biological imbalanced datasets by swarm optimization algorithms

Nächster Artikel Recent advances in metaheuristic algorithms: Does the Makara dragon exist?

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Andy G (2015) New dark-web market is selling zero-day exploits to hackers. http://www.wired.com/2015/04/therealdeal-zero-day-exploits/. Accessed 5 May 2015

Bell DE, LaPadula LJ (1973) Secure computer systems: mathematical foundations. Technical report, DTIC document

Ben-Asher N, Gonzalez C (2015) Effects of cyber security knowledge on attack detection. Comput Hum Behav 48:51–61CrossRef

Biba KJ (1977) Integrity considerations for secure computer systems. Technical report, DTIC document

Bilge L, Dumitras T (2012) Before we knew it—an empirical study of zero-day attacks in the real world. Symantec Research Labs. https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

Brook C (2015) All major browsers fall at Pwn2Own Day 2. https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731. Accessed 8 Apr 2015

Burrows JH (1983) Guideline for computer security certification and accreditation. Technical report, Information Assurance Technology Analysis Center, Falls Church Va

Byres E, Lowe J (2004) The myths and facts behind cyber security risks for industrial control systems. In: Proceedings of the VDE kongress, Berlin, Germany, vol 116, pp 213–218

Committee on National Security Systems Instruction No. 4009: National Information Assurance (IA) Glossary (2010) http://www.ncsc.gov/publications/policy/docs/CNSSI_4009.pdf

10.

Dasgupta P (2000) Trust as a commodity. Trust: Mak Break Coop Rel 4:49–72

11.

Dempsey K, et al. (2011) Information security continuous monitoring (ISCM) for federal systems and organisations. NIST Special Publication, pp 800–137

12.

Department of Communications, Information Technology and the Arts and the Trusted Information Sharing Network: Secure Your Information: Information Security Principles for Enterprise Architecture (2007). http://www.tisn.gov.au/Documents/Secure_Your+Information+-+Information+Security+Principles+for+Enterprise+Architecture+-+Report.pdf. Accessed 6 Apr 2015

13.

Elhage N (2011) Virtunoid: a KVM guest—host privilege escalation exploit. http://media.blackhat.com/bh-us-11/Elhage/BH_US_11_Elhage_Virtunoid_WP.pdf. Accessed 6 Apr 2015

14.

ENISA (2015) European Union Agency for Network and Information Security: National Cyber Security Strategies in the World. https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world. Accessed 10 Mar 2015

15.

Frei S (2013) The known unknowns: empirical analysis of publicly unknown vulnerabilities. NSS Labs Inc., Austin

16.

Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57CrossRef

17.

Gambetta D (2000) Can we Trust Trust. Trust: Mak Break Coop Relat 2000:213–237

18.

Gandotra E, Bansal D, Sofat S (2014) Computational techniques for predicting cyber threats. In: Proceedings of the international conference on intelligent computing, communication and devices (ICCD), pp 247–253

19.

Geer D (2014) Cybersecurity as realpolitik. https://www.blackhat.com/us-14/video/cybersecurity-as-realpolitik.html. Accessed 10 Apr 2015

20.

Gold S (2014) APTs: not as advanced as you might think. http://www.scmagazineuk.com/apts-not-as-advanced-as-you-might-think/article/345953/. Accessed 14 Apr 2015

21.

Goncharov M (2014) Russian underground revisited. Technical report, Trend Micro

22.

Greenberg A (2012) Shopping for zero-days: a price list for hackers’ secret software exploits. Forbes Mag. http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

23.

Greenwald G, MacAskill E, Poitras L (2013) Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian News and Media Limited. http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

24.

Harrington SL (2010) Cyber security active defense: playing with fire or sound risk management? Richmond J Law Technol 20(4):1–41MathSciNet

25.

Help Net Security (2015) Attackers Use Deceptive Tactics to Dominate Corporate Networks. http://www.net-security.org/secworld.php?id=18208. Accessed 29 Apr 2015

26.

HP Research (2012) Cybercrime costs rise nearly 40 percent, attack frequency doubles. http://www8.hp.com/us/en/hp-news/press-release.html. Accessed 11 Feb 2015

27.

Lamsal P (2001) Understanding trust and security. Technical report, Department of Computer Science, University of Helsinki, Finland

28.

Memex (domain-specific search) (2014) Information Innovation Offic,e Darpa. http://www.darpa.mil/newsevents/releases/2014/02/09.aspx. Accessed 11 Feb 2015

29.

Menn J (2015) Politics intrude as cybersecurity firms hunt foreign spies. http://mobile.reuters.com/article/idUSKBN0M809N20150312?irpc=932 Accessed 2 Apr 2015

30.

Miller G (2015) CIA plans major reorganization and a focus on digital espionage. http://www.washingtonpost.com/world/national-security/cia-plans-major-reorganization-and-a-focus-on-digital-espionage/2015/03/06/87e94a1e-c2aa-11e4-9ec2-b418f57a4a99_story.html. Accessed 11 Mar 2015

31.

de Oliveira Albuquerque R, García Villalba LJ, Kim TH (2014) GTrust: group extension for trust models in distributed systems. Int J Distrib Sensor Netw 2014:872842. doi:10.1155/2014/872842

32.

de Oliveira Albuquerque R, García Villalba LJ, Sandoval Orozco AL, Mesquita Buiati F, Kim TH (2014) A layered trust information security architecture. Sensors 14(12):22,754–22,772CrossRef

33.

de Oliveira Albuquerque R, Villalba LJG, Ribeiro Torres O, Gomes de Deus FE (2011) Virtualization with automated services catalog for providing integrated information technology infrastructure. In: Proceedings of the 8th international conference autonomic and trusted computing (ATC), Banff, Canada, pp 75–91

34.

Peltier TR (2013) Information security fundamentals. CRC Press, Boca RatonCrossRef

35.

Schneider FB et al (1999) Trust in cyberspace. In: Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board, Commission on Physical Sciences, Mathematics, and Applications, National Research Council. National Academies Press

36.

Seaborn M, Dullien T (2015) Exploiting the DRAM rowhammer bug to gain kernel privileges. http://googleprojectzero.blogspot.com.br/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 12 May 2015

37.

Shah S, Mehtre BM (2013) A modern approach to cyber security analysis using vulnerability assessment and penetration testing. Int J Electron Commun Comput Eng 4(6):47–52

38.

Stephen M (1994) Formalising trust as a computational concept. Ph.D. thesis, University of Stirling, Scotland, UK

39.

Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECS-IJENS 11(5):23–29

40.

Symantec Labs (2014) 2014 internet security threat report. Technical report, Symantec

41.

Szappanos G (2015) Exploit this: evaluating the exploit skills of malware groups. Technical report, SophosLabs

42.

Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Proceedings of the 49th IEEE conference on decision and control (CDC), pp 5991–5998

43.

The National Institute of Science and Technology (NIST) (2013) Developing a framework to improve critical infrastructure cybersecurity. http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf. Accessed 27 Mar 2015

44.

Tiedata (2014) What are web based exploits?. http://www.tiedata.com/webexploits.asp. Accessed 6 Mar 2015

45.

Trusted Computing Group (2014) How to use the TPM: a guide to hardware-based endpoint security. http://www.trustedcomputinggroup.org/files/resource_files/8D42F8D4-1D09-3519-AD1FFF243B223D73/How_to_Use_TPM_Whitepaper_20090302_Final_3_.pdf. Accessed 27 Apr 2015

46.

Van Os R (2014) Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master’s thesis, Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Sweden

47.

Wadlow T (2014) Who must you trust? Queue 12(5):30–43

48.

Wang D, Muller T, Irissappane AA, Zhang J, Liu Y (2015) Using information theory to improve the robustness of trust systems. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 791–799

49.

Whitman M, Mattord H (2013) Management of information security, 4th edn. Cengage Learning, Boston

50.

Wojtczuk R (2014) Poacher turned gamekeeper: lessons learned from eight years of breaking hypervisors. Black Hat USA. https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf. Accessed 11 Mar 2015

Titel: Leveraging information security and computational trust for cybersecurity
verfasst von: Robson de Oliveira Albuquerque
Luis Javier García Villalba
Ana Lucila Sandoval Orozco
Rafael Timóteo de Sousa Júnior
Tai-Hoon Kim
Publikationsdatum: 01.10.2016
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 10/2016
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-015-1543-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 10/2016

Big data applications for healthcare: preface to special issue

NSPRING: the SPRING extension for subsequence matching of time series supporting normalization

Autonomous path based data acquisition in sensor networks

Disclosing user relationships in email networks

Finding approximate solutions of NP-hard optimization and TSP problems using elephant search algorithm

GPU-enabled back-propagation artificial neural network for digit recognition in parallel