Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are in...Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,...Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,the issue of optimal defense timing remains underexplored.Current default approaches—periodic or overly frequent MTD triggers—lead to suboptimal trade-offs among system security,performance,and cost.The timing of MTD strategy activation critically impacts both defensive efficacy and operational overhead,yet existing frameworks inadequately address this temporal dimension.To bridge this gap,this paper proposes a Stackelberg-FlipIt game model that formalizes asymmetric cyber conflicts as alternating control over attack surfaces,thereby capturing the dynamic security state evolution of MTD systems.We introduce a belief factor to quantify information asymmetry during adversarial interactions,enhancing the precision of MTD trigger timing.Leveraging this game-theoretic foundation,we employMulti-Agent Reinforcement Learning(MARL)to derive adaptive temporal strategies,optimized via a novel four-dimensional reward function that holistically balances security,performance,cost,and timing.Experimental validation using IP addressmutation against scanning attacks demonstrates stable strategy convergence and accelerated defense response,significantly improving cybersecurity affordability and effectiveness.展开更多
基金supported by Natural Science Foundation of China under award No.61303024Natural Science Foundation of Jiangsu Province under award No.BK20130372+3 种基金National 973 Program of China under award No.2014CB340600National High Tech 863 Program of China under award No.2015AA016002supported by Natural Science Foundation of China under award No.61272452supported in part by ARO Grant # W911NF-12-1-0286 and NSF Grant #1111925
文摘Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金funded by National Natural Science Foundation of China No.62302520.
文摘Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,the issue of optimal defense timing remains underexplored.Current default approaches—periodic or overly frequent MTD triggers—lead to suboptimal trade-offs among system security,performance,and cost.The timing of MTD strategy activation critically impacts both defensive efficacy and operational overhead,yet existing frameworks inadequately address this temporal dimension.To bridge this gap,this paper proposes a Stackelberg-FlipIt game model that formalizes asymmetric cyber conflicts as alternating control over attack surfaces,thereby capturing the dynamic security state evolution of MTD systems.We introduce a belief factor to quantify information asymmetry during adversarial interactions,enhancing the precision of MTD trigger timing.Leveraging this game-theoretic foundation,we employMulti-Agent Reinforcement Learning(MARL)to derive adaptive temporal strategies,optimized via a novel four-dimensional reward function that holistically balances security,performance,cost,and timing.Experimental validation using IP addressmutation against scanning attacks demonstrates stable strategy convergence and accelerated defense response,significantly improving cybersecurity affordability and effectiveness.
