Cyber Systems: Their Science, Engineering, and Security

Permanent URI for this collection

Browse

Recent Submissions

Now showing 1 - 5 of 6
  • Item
    Towards an Organizationally-Relevant Quantification of Cyber Resilience
    ( 2021-01-05) Llanso, Thomas ; Mcneil, Martha
    Given the difficulty of fully securing complex cyber systems, there is growing interest in making cyber systems resilient to the cyber threat. However, quantifying the resilience of a system in an organizationally-relevant manner remains a challenge. This paper describes initial research into a novel metric for quantifying the resilience of a system to cyber threats called the Resilience Index (RI). We calculate the RI via an effects-based discrete event stochastic simulation that runs a large number of trials over a designated mission timeline. During the trials, adverse cyber events (ACEs) occur against cyber assets in a target system. We consider a trial a failure if an ACE causes the performance of any of the target system’s mission essential functions (MEFs) to fall below its assigned threshold level. Once all trials have completed, the simulator computes the ratio of successful trials to the total number of trials, yielding RI. The linkage of ACEs to MEFs provides the organizational tie.
  • Item
    The Abacus: A New Architecture for Policy-based Authorization
    ( 2021-01-05) Siebach, Jacob ; Giboney, Justin
    Modern authorization architectures using role-based, policy-based, and even custom solutions have numerous flaws and challenges. A new design for authorization architecture is presented called the Abacus. This paper discusses the architecture that the Abacus utilizes to overcome the issues inherent in other proprietary and open-source authorization solutions. Specifically, the Abacus respects domain boundaries, is less complex than existing systems, and does not require direct connections to domain data stores.
  • Item
    Spectral Graph-based Cyber Worm Detection Using Phantom Components and Strong Node Concept
    ( 2021-01-05) Safar, Jamie ; Tummala, Murali ; Mceachen, John
    Innovative solutions need to be developed to defend against the continued threat of computer worms. We propose the spectral graph theory worm detection model that utilizes traffic dispersion graphs, the strong node concept, and phantom components to create detection thresholds in the eigenspectrum of the dual basis. This detection method is employed in our proposed model to quickly and accurately detect worm attacks with different attack characteristics. It also intrinsically identifies infected nodes, potential victims, and estimates the worm scan rate. We test our model against the worm-free NPS2013 dataset, a modeled Blaster worm, and the WannaCry CTU-Malware-Capture-Botnet-284-1 and CTU-Malware-Capture-Botnet-285-1 datasets. Our results show that the spectral graph theory worm detection model has better performance rates compared to other models reviewed in literature.
  • Item
    Multi-subcarrier Physical Layer Authentication Using Channel State Information and Deep Learning
    ( 2021-01-05) St. Germain, Ken ; Kragh, Frank
    Strong authentication is crucial as wireless networks become more widespread and relied upon. The robust physical layer features produced by advanced communication networks lend themselves to accomplishing physical layer authentication by using channel state information (CSI). The use of deep learning with neural networks is well suited for classification tasks and can further the goal of enhancing physical layer security. To that end, we propose a semi-supervised generative adversarial network to differentiate between legitimate and malicious transmitters and accurately identify devices for authentication across a range of signal to noise ratio conditions. Our system leverages multiple input multiple output CSI across orthogonal frequency division multiplexing subcarriers using a small percentage of labeled training data.
  • Item
    Artifact Mitigation in High-Fidelity Hypervisors
    ( 2021-01-05) Norine, Christopher ; Shaffer, Alan ; Singh, Gurminder
    The use of hypervisors for cyber operations has increased significantly over the past decade, resulting in a concomitant increase in the demand for higher fidelity hypervisors that do not exhibit the markers, or artifacts that identify the execution platform type (virtualized or bare metal), prevalent in most currently available virtualization solutions. To address this need, we present an in-depth examination of a specific subset of virtualization artifacts in order to design and implement a method of mitigation that reduces the detectability of these artifacts. Our analysis compares the performance of a bare metal machine, a virtual machine without artifact mitigation, and a virtual machine with our proof-of-concept mitigation technique applied to a temperature sensor. Results of the implementation are analyzed to determine the potential impact on system performance and whether our mitigation technique is appropriate for extending high-fidelity hypervisors.