research-article

Large-scale systems security evolution: control theory approach

Authors:

T. V. Stepanova,

D. P. ZegzhdaAuthors Info & Claims

SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

Pages 135 - 141

https://doi.org/10.1145/2799979.2799993

Published: 08 September 2015 Publication History

Abstract

Rapidly expanding information technologies field clearly discovers tendency of increasing computer systems' heterogeneity and distribution level. In this paper authors reveal the hidden attributes of IT security evolution towards more assumptions about attacker power and less assertions on provided security level. The proposed view of IT security evolution makes it possible to classify security providing technologies in terms of control theory. This comparison, in turn, allows to borrow a rich theoretical framework of appropriate control theory methods (for non-linear, non-stationary, discrete-continuous automatic control systems) and adopt them for cyber security purposes. Moreover, proposed control theory view enables prediction of the future security evolution stages and allows to partially determine them.

References

[1]

Malware Evolution Research at UW-Madison. http://www.cs.wisc.edu/~archit/projects/malware/.

[2]

Yajin Zhou, Xuxian Jiang. Dissecting Android Malware: Characterization and Evolution. SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy, Pages 95--109.

Digital Library

[3]

Omer K. Jasim1, Safia Abbas, Abdel-Badeeh M. Salem. Evolution of an Emerging Symmetric Quantum Cryptographic Algorithm. JIS, PP. 82--91.

[4]

James P. Anderson, Computer Security Technology Planning Study Volume I, ESD-TR-73-51 Vol. I, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01730 (Oct. 1972).

[5]

David E. Bell and Leonard J. La Padula, "Secure Computer Systems: Mathematical Foundations," ESD-TR-73-278, Vol. I, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA 01731 (Nov. 1973).

[6]

Leonard J. La Padula and David E. Bell, "Secure Computer Systems: A Mathematical Model," ESD-TR-73-278, Vol. II, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA 01731 (Nov. 1973).

[7]

David E. Bell, "Secure Computer Systems: A Refinement of the Mathematical Model," ESD-TR-73-278, Vol. III, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA 01731 (Apr. 1974).

[8]

Ken Biba, Integrity Considerations for Secure Computer Systems, MTR-3153, The MITRE Corporation, Bedford, MA 01730 (June 1975) {NTIS ADA039324}.

[9]

Bishop, Matt (2003). Computer Security: Art and Science. Boston: Addison Wesley.

[10]

Harrison, Michael A.; Ruzzo, Walter L.; Ullman, Jeffrey D. (August 1976). "Protection in Operating Systems". Communications of the ACM 19 (8): 461--471. CiteSeerX: 10.1.1.106.7226.

Digital Library

[11]

Ravi S. Sandhu. The Typed Access Matrix Model (1992). Proc. IEEE Symposium on Research in Security and Privacy.

Digital Library

[12]

Ravi S. Sandhu. The schematic protection model: Its definition and analysis for acyclic attenuating schemes (1988), Journal of ACM.

Digital Library

[13]

P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In Proceedings of the 21st National Information Systems Security Conference, pages 303--314, Oct. 1998.

[14]

McAfee. Complete Security: The Case for Combined Behavioral and Signature-Based Protection. Whitepaper. Santa Carla: McAfee Inc., 2005.

[15]

Roiter, Neil. When signature based antivirus isn't enough. 3 May 2007. 2 Febuary 2010.

[16]

Rattner, Daniel. "Risk Assessments." Security Management. Northeastern University, Boston. 15 Mar. 2010. Lecture.

[17]

Rattner, Daniel. "Internal & External Threats." Security Management. Northeastern University, Boston. 8 April. 2010. Lecture.

[18]

Alan Calder, Information Security based on ISO 27001/ISO 27002: A Management Guide - Best Practice. Van Haren Publishing ©2009.

Digital Library

[19]

C. Alberts, A. Dorofee, J. Stevens, and C. Woody. Introduction to the OCTAVE approach. Technical report, Carnegie Mellon - Software Engineering Institute, Pittsburgh, PA 15213--3890, August 2003.

[20]

DCSSI. EBIOS - Section 2 - Approach. General Secretariat of National Defence Central Information Systems Security Division (DCSSI), February 2004.

[21]

G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930, July 2002.

Digital Library

[22]

R. Fredriksen, M. Kristiansen, B. A. Gran, K. Stolen, T. A. Opperud, and T. Dimitrakos. The coras framework for a model-based risk management process. In SAFECOMP '02: Proceedings of the 21st International Conference on Computer Safety, Reliability and Security, pages 94--105, London, UK, 2002. Springer-Verlag. {9} ISO/IEC. ISO/IEC 27005:2007, Information technology - Security techniques - Information security risk management, November 2007.

Digital Library

[23]

Ellsberg Daniel. "Risk, ambiguity, and the Savage axioms," Quarterly Journal of Economics 75 (1961): 643--669.

[24]

Corin R., Etalle S., J. den Hartog, Lenzini G, Staicu I. Logic for auditing accountability in decentralized systems, Formal Aspects in Security and Trust Springer. Berlin 2004; 173: 187--202.

[25]

Azkia H, Cuppens-Boulahia N, Cuppens F., Coatrieux G. Reconciling IHE-ATNA Profile with aposteriori Contextual Access and Usage Control Policy in Healthcare Environment, 6^th IEEE International Conference on Information Assurance and Security. Atlanta, USA 2010, 197--203.

[26]

Gary E. Clayton. Data Loss Prevention and Monitoring in the Workplace: Best Practice Guide. Privacy Compliance Group, Inc. Dallas, USA. 2009.

[27]

Lane, Adrian & Rothman, Mike - "Understanding and Selecting SIEM/Log Management", Version 2.0, 25th Aug. 2010, available online at https://securosis.com/assets/library/reports/Securosis_Understanding_Selecting_SIEM_LM_FINAL.pdf.

[28]

M. Abadi. Logic in access control. In Proc. 8th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 228--233. IEEE Computer Society Press, 2003.

Digital Library

[29]

Vulnerability Analysis of Energy Delivery Control Systems, available at http://energy.gov/sites/prod/files/Vulnerability%20Analysis%20of%20Energy%20Delivery%20Control%20Systems%202011.pdf

[30]

ISACA, Advanced Persistent Threats: How to Manage the Risk to your Business, ISA, ISBN:1604203471 9781604203479, 2013.

Digital Library

[31]

Stepanova T., Zegzhda D. «Efficiency evaluation on the use of protection against botnets neutralization and elimination», An Interdisciplinary Journal «Nonlinear Phenomena in Complex Systems», N. 3, 2014.

[32]

Stepanova T., «Ensuring sustainability of multi-agent protection systems under the impact of distributed security threats», Ph. D. Thesis, SPbSTU, 2012.

[33]

Levine, William S., ed. (1996). The Control Handbook. New York: CRC Press. ISBN 978-0-8493-8570-4.

[34]

Karl J. Åström and Richard M. Murray (2008). Feedback Systems: An Introduction for Scientists and Engineers. (PDF). Princeton University Press. ISBN 0-691-13576-2.

Digital Library

[35]

Christopher Kilian (2005). Modern Control Technology. Thompson Delmar Learning. ISBN 1-4018-5806-6.

Digital Library

[36]

J. D. Hedengren; R. Asgharzadeh Shishavan, K. M. Powell, T. F. Edgar (2014). "Nonlinear modeling, estimation and predictive control in AP Monitor". Computers & Chemical Engineering 70 (5): 133--148.

[37]

Chen, S. and Billings, S. A., Representations of nonlinear system: the NARMAX model, Int. J. Control, Vol. 48, pp. 1013--1032, 1989.

[38]

R. Haber. Nonlinear Dynamics of Production Systems. Von G. Radons, R. Neugebauer. Chemie Ingenieur Technik. Volume 76, Issue 12, pages 1846--1847, December, 2004.

[39]

Leotaritis I., Billings, S. A. Input-Output Parametric Models for Non-linear Systems-Part I: Deterministic Non-linear Systems. International Journal of Control, 41, 303--328.

Cited By

Filip FLeiviskä K(2023)Infrastructure and Complex Systems AutomationSpringer Handbook of Automation10.1007/978-3-030-96729-1_27(617-640)Online publication date: 17-Jun-2023
https://doi.org/10.1007/978-3-030-96729-1_27
Tsygankov NPetrunina AMoskalev AValkova Y(2020)Business incubator assessment modelIOP Conference Series: Materials Science and Engineering10.1088/1757-899X/986/1/012016986:1(012016)Online publication date: 1-Dec-2020
https://doi.org/10.1088/1757-899X/986/1/012016
Volkova VChernyi Y(2019)Application of Systems Theory Laws for Investigating Information Security ProblemsAutomatic Control and Computer Sciences10.3103/S014641161808042452:8(1164-1170)Online publication date: 7-Mar-2019
https://doi.org/10.3103/S0146411618080424

Index Terms

Large-scale systems security evolution: control theory approach
1. Information systems

Recommendations

Evolved open-endedness, not open-ended evolution

Open-endedness is often considered a prerequisite property of the whole evolutionary system and its dynamical behaviors. In the actual history of evolution on Earth, however, there are many examples showing that open-endedness is rather a consequence of ...
SKIP-securing the Internet
WET-ICE '96: Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)

Currently, two different approaches are being pursued for securing the Internet with respect to commercial use on a broad scale. The properties of these two approaches-application-coupled security vs. network-coupled security-are discussed and compared. ...
A framework for automating security analysis of the internet of things

The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

September 2015

350 pages

ISBN:9781450334532

DOI:10.1145/2799979

Conference Chairs:
Oleg Makarevich
Southern Federal University, Russia
,
Ron Poet
University of Glasgow, UK
,
Atilla Elçi
Aksaray University, Turkey
,
Manoj Singh Gaur
Malaviya National Institute of Technology, India
,
Mehmet Orgun
Macquarie University, Australia
,
Program Chairs:
Ludmila Babenko
Southern Federal University, Russia
,
Sadek Ferdous
University of Glasgow, UK
,
Anthony T. S. Ho
University of Surrey, UK
,
Vijay Laxmi
Malaviya National Institute of Technology, India
,
Josef Pieprzyk
Queensland University of Technology, Australia

Copyright © 2015 ACM.

© 2015 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministry of Education and Science of the Russian Federation

Conference

SIN '15

SIN '15: The 8th International Conference on Security of Information and Networks

September 8 - 10, 2015

Sochi, Russia

Acceptance Rates

SIN '15 Paper Acceptance Rate 34 of 92 submissions, 37%;

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
117
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Filip FLeiviskä K(2023)Infrastructure and Complex Systems AutomationSpringer Handbook of Automation10.1007/978-3-030-96729-1_27(617-640)Online publication date: 17-Jun-2023
https://doi.org/10.1007/978-3-030-96729-1_27
Tsygankov NPetrunina AMoskalev AValkova Y(2020)Business incubator assessment modelIOP Conference Series: Materials Science and Engineering10.1088/1757-899X/986/1/012016986:1(012016)Online publication date: 1-Dec-2020
https://doi.org/10.1088/1757-899X/986/1/012016
Volkova VChernyi Y(2019)Application of Systems Theory Laws for Investigating Information Security ProblemsAutomatic Control and Computer Sciences10.3103/S014641161808042452:8(1164-1170)Online publication date: 7-Mar-2019
https://doi.org/10.3103/S0146411618080424

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents