Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleAugust 2024
EDHOC Is a New Security Handshake Standard: An Overview of Security Analysis
- Elsa López Pérez,
- Göran Selander,
- John Preuß Mattsson,
- Thomas Watteyne,
- Mališa Vučinić,
- James Bret Michael
We wrap up the call for formal analysis of the new security handshake protocol EDHOC by providing an overview of the protocol, a summary of the formal security analyses, and a discussion on open venues for future work.
- research-articleAugust 2024
Russian Cyber Onslaught Was Blunted by Ukrainian Cyber Resilience, Not Merely Security
- Alexander Kott,
- George Yegor Dubynskyi,
- Andrii Paziuk,
- Stephanie E. Galaitsi,
- Benjamin D. Trump,
- Igor Linkov,
- James Bret Michael
Russian cyberattacks on Ukraine largely failed to produce meaningful outcomes not merely due to robust Ukrainian cyber defenses but also because of Ukraine’s effective cyber resilience.
- research-articleMay 2024
Assured Autonomy Through Combinatorial Methods
- D. Richard Kuhn,
- M. S. Raunak,
- Raghu N. Kacker,
- Jaganmohan Chandrasekaran,
- Erin Lanus,
- Tyler Cody,
- Laura Freeman,
- James Bret Michael
Many conventional software engineering methods for high-trust software are not well suited to assured autonomy, but concepts from combinatorial testing can add confidence by providing a quantitative measure of the usefulness of a dataset.
- research-articleApril 2024
23 Security Risks in Black-Box Large Language Model Foundation Models
We applied our previous generic machine learning risk analysis to the more specific case of large language models (LLMs), identifying an architectural black box with 23 associated risks—a reasonable starting point for the regulation of LLMs.
- research-articleMarch 2024
Security Advantages and Challenges of 3D Heterogeneous Integration
- Yuntao Liu,
- Daniel Xing,
- Isaac McDaniel,
- Olsan Ozbay,
- Abir Akib,
- Mumtahina Islam Sukanya,
- Sanjay Rekhi,
- Ankur Srivastava,
- James Bret Michael
Three-dimensional heterogeneous integration offers compelling opportunities to enhance the security and trust in the current semiconductor chain while new attack surfaces may emerge.
-
- research-articleJanuary 2024
How to Measure Cybersecurity and Why Heuristics Matter
In this article, we continue our lessons learned from medical science and explore possibilities to measure cybersecurity and apply heuristics.
- research-articleJanuary 2024
Resilient Without Zero Trust
Electric power grids are vulnerable to unintentional cyber incidents and cyberattacks, but their control systems make them resilient. The electric power grids can continue to function despite degradation, denial, or destruction of their OT networks.
- research-articleNovember 2023
There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling
This article discusses the importance of control system cyber incident response programs as part of preparedness for critical-infrastructure protection.
- research-articleOctober 2023
A System Engineering Approach to AI Security and Safety
This article sheds light on the need for the computer science and the broader engineering communities to collaborate on taking a system engineering approach to artificial intelligence security and safety. I offer three recommendations to how to address ...
- research-articleJuly 2023
Machine-Learned Verification and Advance Notice Oracles for Autonomous Systems
The assurance of cyberphysical systems that employ some degree of autonomy is a difficult problem in that the underlying system is artificial-intelligence-based with almost no accompanying human-written correctness specifications. This article proposes a ...
- research-articleJune 2023
Information-Driven Security Analysis: Tools and Techniques for the Study and Practice of Security Engineering
This article reviews concepts and methods for security analysis found in the professional practice and academic study of security engineering. We also describe a set of software learning aids that may have value as interactive tools for any security ...
- research-articleApril 2023
Waterfall: Cascading Effects of a Strategic Cyber Campaign
This article uses a potential invasion of a western Pacific island nation as a hypothetical case study to examine a possible strategic cyber campaign, illustrating the need to consider the prioritization, sequencing, degree of engagement, and degree of ...
- discussionApril 2023
Software Engineering for Responsible AI
The unique characteristics of artificial intelligence (AI) systems pose new challenges to traditional software engineering approaches. Thus, new software engineering approaches are required to develop AI systems in a responsible manner.
- research-articleNovember 2022
Using Machine Learning to Work Around the Operational and Cybersecurity Limitations of Legacy Process Sensors
In this article, we describe the operational and cybersecurity limitations of legacy process sensors and how machine learning can be used to work around those limitations.
- discussionSeptember 2022
Taking a Measured Approach to Investing in Information Infrastructure for Attaining Leading-Edge Trustworthy Artificial Intelligence
IEEE Security and Privacy (IEEE-SEC-PRIVACY), Volume 20, Issue 5Pages 4–6https://doi.org/10.1109/MSEC.2022.3187308As we ramp up our investment in our artificial intelligence (AI) infrastructure, concerns about the reliability, resiliency, and security of that infrastructure need to be addressed. Competition, whether political, economic, or otherwise, along with ...
- research-articleAugust 2022
Can You Trust Zero Trust?
Developing and sustaining a “zero-trust architecture” is essentially impossible today. The concept is currently a moving target, and its meaning is in the eye of the beholder. One thing we know for certain is that it’s a misnomer.
- research-articleJuly 2022
Placing Trust in Automated Software Development Processes
Automation of certain aspects of software development and maintenance help us achieve our software-productivity goals, but we need to consider the trust we can place in that automation.
- research-articleMay 2022
Strategy and Tactics Against Ransomware
Achieving comprehensive visibility by correlating threat activities from diversified data sources is a promising approach for early warnings with minimal false alarms.
- discussionJanuary 2022
Control System Cyber Incidents Are Real—and Current Prevention and Mitigation Strategies Are Not Working
There is a disconnect between the assumptions and practices within the IT and operational technology communities. This article highlights the disparities in the context of the security and safety of industrial control systems.
- research-articleNovember 2021
Trusting Human–Machine Teaming
Equipping humanoid robots with software-intensive artificial intelligence and machine learning systems introduces opportunities for enhancing human–machine teaming and challenges for placing trust in those relationships.