Cybersecurity and Software Assurance

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 5
  • Item
    Using ChatOps to Achieve Continuous Certification of Cloud Services
    ( 2022-01-04) Ohagen, Paul ; Lins, Sebastian ; Thiebes, Scott ; Sunyaev, Ali
    Continuous service certification (CSC) recently emerged as a promising means to provide ongoing assurances and disrupt pertinent certification approaches. CSC involves the consistent gathering and assessing of certification-relevant data by certification authorities about service operation to validate ongoing adherence to certification criteria. While research on CSC is increasing, practitioners still struggle in transferring researchers' suggestions and guidelines into practice. This study provides a tentative design and a prototype of a monitoring-based service certification (MSC) system based on the novel ChatOps approach. Iterative evaluations support our propositions that ChatOps' three key elements, a chat platform, chatbots, and third-party integrations, support the achievement of CSC. We contribute to research and practice by proving the technical feasibility of an MSC system, guiding future research and practitioners on achieving monitoring-based CSC, and validate the applicability and usefulness of extant guidelines on monitoring-based CSC proposed by prior research.
  • Item
    Tackling Challenges of Robustness Measures for Autonomous Agent Collaboration in Open Multi-Agent Systems
    ( 2022-01-04) Jin, David ; Kannengießer, Niclas ; Sturm, Benjamin ; Sunyaev, Ali
    Open multi-agent systems (OMASs) allow autonomous agents (AAs) to collaborate in coalitions to accomplish complex tasks (e.g., swarm robots exploring new terrain). In OMASs, AAs can arbitrarily join and leave the network. Thus, AAs must often collaborate with unknown AAs that may corrupt coalitions, leading to less robust systems. However, measures to improve robustness of OMASs are subject to challenges, decreasing their effectiveness. To understand how to improve coalition robustness in OMASs and address challenges of existing robustness measures, we carried out a literature review and revealed three types of robustness measures (i.e., collaboration coordination, normative control, and reliability prediction). Moreover, we found 21 challenges for the identified robustness measures and 24 corresponding solutions. By carrying out this literature review, we forge new connections between existing measures and identify challenges and measures that apply to multiple existing measures. Hereby, our work supports more robust collaborations between AAs in open systems.
  • Item
    Rigorous Validation of Systems Security Engineering Analytics
    ( 2022-01-04) Llanso, Thomas ; Mcneil, Martha ; Jamieson, Jessie
    In response to the asymmetric advantage that attackers enjoy over defenders in cyber systems, the cyber community has generated a steady stream of cybersecurity-related frameworks, methodologies, analytics, and “best practices” lists. However, these artifacts almost never under-go rigorous validation of their efficacy but instead tend to be accepted on faith, to, we suggest, our collective detriment based on evidence of continued attacker success. But what would rigorous validation look like, and can we afford it? This paper describes the design and estimates the cost of a controlled experiment whose goal is to deter-mine the effectiveness of an exemplar systems security analytic. Given the significant footprint that humans play in cyber systems (e.g., their design, use, attack, and defense), any such experiment must necessarily take into account and control for variable human behavior. Thus, the paper reinforces the argument that cybersecurity can be understood as a hybrid discipline with strong technical and human dimensions.
  • Item
    A Cryptographically Stable Computing Machine
    ( 2022-01-04) Fiske, Michael
    Malware plays a critical role in breaching computer systems. The computing behavior of a register machine program can be sabotaged, by making a very small change to the original, uninfected program. Stability has been studied extensively in dynamical systems and in engineering. Our primary contribution introduces a computing machine that is structurally stable to small changes made to its program instructions. Our procedures use quantum randomness to build unpredictable stable instructions. Our procedures can execute just before running a program so that the computing task can be performed with a different representation of its instructions during each run. Our procedures are inspired by the Red Queen hypothesis in biology: organisms evolve using robustness, unpredictablity and variability to hinder infection. Another contribution expands the mathematical notion of stability to a cryptographic model with an adversary, and explains why structurally stable machines can be resistant to malware sabotage.
  • Item
    Introduction to the Minitrack on Cybersecurity and Software Assurance
    ( 2022-01-04) George, Richard ; Llanso, Thomas ; Chamberlain, Luanne