Your search keyword '"Pieters, W."' showing total 5 results

1. Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace.

Author

Pieters W, Hadžiosmanović D, and Dechesne F

Subjects

Computer Security ethics, Empirical Research, Models, Theoretical, Risk Management, Computer Security standards, Internet

Abstract

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safety-related, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents (attackers) may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies.

Published

2016

2. Bayesian Network Models in Cyber Security: A Systematic Review

Author

Chockalingam, S., Pieters, W., Herdeiro Teixeira, A.M., van Gelder, P.H.A.J.M., Lipmaa, Helger, Mitrokotsa, Aikaterini, and Matulevicius, Raimundas

Subjects

Information security, Computer science, Bayesian network, Insider threat, 020206 networking & telecommunications, 02 engineering and technology, Scientific literature, Computer security, computer.software_genre, Cyber security, Outcome (game theory), Bayesian Network, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, computer, Bayesian attack graph, Data limitations

Abstract

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 9 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps.

Published

2017

3. Acceptance of voting technology: Between confidence and trust

Author

Pieters, W., Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F., Stølen, K., Winsborough, W.H., Martinelli, F., and Massacci, F.

Subjects

IR-62535, Social psychology (sociology), Computer science, Electronic voting, business.industry, media_common.quotation_subject, SCS-Cybersecurity, Perspective (graphical), Information technology, EWI-14066, Cryptographic protocol, Computer security, computer.software_genre, Voting, Lect. Notes Comp. Sci, Information system, Positive economics, business, computer, Security of Systems, media_common

Abstract

Social aspects of security of information systems are often discussed in terms of “actual security��? and “perceived security��?. This may lead to the hypothesis that e-voting is controversial because in paper voting, actual and perceived security coincide, whereas they do not in electronic systems. In this paper, we argue that the distinction between actual and perceived security is problematic from a philosophical perspective, and we develop an alternative approach, based on the notion of trust. We investigate the different meanings of this notion in computer science, and link these to the philosophical work of Luhmann, who distinguishes between familiarity, confidence and trust. This analysis yields several useful distinctions for discussing trust relations with respect to information technology. We apply our framework to electronic voting, and propose some hypotheses that can possibly explain the smooth introduction of electronic voting machines in the Netherlands in the early nineties.

Published

2006

4. Provable anonymity

Author

Garcia, F. D., Hasuo, I., Pieters, W., Rossum, P.J.B. van, K, Ralf, and K, Ralf

Subjects

Computer science, business.industry, SCS-Cybersecurity, Cryptography, EWI-14065, Computer security, computer.software_genre, Crowds, Epistemic modal logic, Key (cryptography), Onion routing, Observational equivalence, business, Communications protocol, computer, GeneralLiterature_REFERENCE(e.g.,dictionaries,encyclopedias,glossaries), Security of Systems, Anonymity, IR-62534

Abstract

This paper provides a formal framework for the analysis of information hiding properties of anonymous communication protocols in terms of epistemic logic. The key ingredient is our notion of observational equivalence, which is based on the cryptographic structure of messages and relations between otherwise random looking messages. Two runs are considered observationally equivalent if a spy cannot discover any meaningful distinction between them. We illustrate our approach by proving sender anonymity and unlinkability for two anonymizing protocols, Onion Routing and Crowds. Moreover, we consider a version of Onion Routing in which we inject a subtle error and show how our framework is capable of capturing this flaw.

Published

2005

5. Effectiveness of qualitative and quantitative security obligations.

Author

Pieters, W., Padget, J., Dechesne, F., Dignum, V., and Aldewereld, H.

Subjects

*COMPUTER crimes, *COMPUTER security, *LOGIC, *GRAPH theory, *COMPUTER software correctness

Abstract

Security policies in organisations typically take the form of obligations for the employees. However, it is often unclear what the purpose of such obligations is, and how these can be integrated in the operational processes of the organisation. This can result in policies that may be either too strong or too weak, leading to unnecessary productivity loss, or the possibility of becoming victim to attacks that exploit the weaknesses, respectively. In this paper, we propose a framework in which the security obligations of employees are linked directly to prohibitions that prevent external agents (attackers) from reaching their goals. We use logic-based and graph-based approaches to formalise and reason about such policies, and show how the framework can be used to verify correctness of the associated refinements. Finally, we extend the graph-based model with quantitative policies and associated quantitative analysis, based on the time an adversary needs for an attack. The framework can assist organisations in aligning security policies with their threat model. [ABSTRACT FROM AUTHOR]

Published

2015