The National Vulnerability Database (NVD) maintained by the US National Institute of Standards and Technology provides valuable information about vulnerabilities in popular software, as well as any patches available to address these vulnerabilities. Most enterprise security managers today simply patch the most dangerous vulnerabilities-an adversary can thus easily compromise an enterprise by using less important vulnerabilities to penetrate an enterprise. In this article, we capture the vulnerabilities in an enterprise as a Vulnerability Dependency Graph (VDG) and show that attacks graphs can be expressed in them. We first ask the question: What set of vulnerabilities should an attacker exploit in order to maximize his expected impact? We show that this problem can be solved as an integer linear program. The defender would obviously like to minimize the impact of the worst-case attack mounted by the attacker-but the defender also has an obligation to ensure a high productivity within his enterprise. We propose an algorithm that finds a Paretooptimal solution for the defender that allows him to simultaneously maximize productivity and minimize the cost of patching products on the enterprise network. We have implemented this framework and show that runtimes of our computations are all within acceptable time bounds even for large VDGs containing 30K edges and that the balance between productivity and impact of attacks is also acceptable.
In this paper we review and analyze redundancy-based faulttolerant techniques for the IoT as a paradigm to support two of the main goals of computer security: availability and integrity. We organized the presentation in terms of the three main tasks performed by the nodes of an IoT network: sensing, routing, and control. We first discuss how the implementation of fault-tolerance in the three areas is primary for the correct operation of an entire system. We provide an overview of the different approaches that have been used to address failures in sensing and routing. Control devices typically implement state machines that take decisions based on the measurement of sensors and may also ask actuators to execute actions. Traditionally state-machine replication for fault-tolerance is realized through consensus protocols. Most protocols were developed in the 80's and 90's. We will review the properties of such protocols in detail and discuss their limitations for the IoT. Since 2008, consensus algorithms took a new direction with the introduction of the concept of blockchain. Standard blockchain based protocols cannot be applied without modifications to support fault-tolerance in the IoT. We will review some recent results in this new class of algorithms, and show how they can provide the flexibility required to support fault-tolerance in control devices, and thus overcome some of the limitations of the traditional consensus protocols.
Process mining (PM) is a well-known research area that includes techniques, methodologies, and tools for analyzing processes in a variety of application domains. In the case of healthcare, processes are characterized by high variability in terms of activities, duration, and involved resources (e.g., physicians, nurses, administrators, machineries, etc.). Besides, the multitude of diseases that the patients housed in healthcare facilities suffer from makes medical contexts highly heterogeneous. As a result, understanding and analyzing healthcare processes are certainly not trivial tasks, and administrators and doctors look for tools and methods that can concretely support them in improving the healthcare services they are involved in. In this context, PM has been increasingly used for a wide range of applications as reported in some recent reviews. However, these reviews mainly focus on discussion on applications related to the clinical pathways, while a systematic review of all possible applications is absent. In this article, we selected 172 papers published in the last 10 years, that present applications of PM in the healthcare domain. The objective of this study is to help and guide researchers interested in the medical field to understand the main PM applications in the healthcare, but also to suggest new ways to develop promising and not yet fully investigated applications. Moreover, our study could be of interest for practitioners who are considering applications of PM, who can identify and choose PM algorithms, techniques, tools, methodologies, and approaches, toward what have been the experiences of success.
In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and energy cost. In this article, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. In particular, given a set of security resources R and a set of attacks to be faced A , our method chooses the subset of R that best addresses the attacks in A , and the set of locations where to place them, that ensure the security coverage of all IoT devices at minimum cost and energy consumption. We model our problem according to game theory and provide a Pareto-optimal solution in which the cost of the security infrastructure, its energy consumption, and the probability of a successful attack are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for different network topologies. Furthermore, we also provide a method for handling the computation of the resource allocation plan for large-scale networks scenarios, where the optimization problem may require an unreasonable amount of time to be solved. We show how our proposed method drastically reduces the computing time, while providing a reasonable approximation of the optimal solution.
We present a formal method for computing the best security provisioning for Internet of Things (IoT) scenarios characterized by a high degree of mobility. The security infrastructure is intended as a security resource allocation plan, computed as the solution of an optimization problem that minimizes the risk of having IoT devices not monitored by any resource. We employ the shortfall as a risk measure, a concept mostly used in the economics, and adapt it to our scenario. We show how to compute and evaluate an allocation plan, and how such security solutions address the continuous topology changes that affect an IoT environment
Abstract. We present a method for computing the best provisioning of security resources for Internet of Things (IoT) scenarios characterized by a high degree of mobility. The security infrastructure is specified by a security resource allocation plan computed as the solution of an optimization problem that minimizes the risk of having IoT devices not monitored by any resource. Due the mobile nature of IoT devices, a probabilistic framework for modeling such scenarios is adopted. We adapt the concept of shortfall from economics as a risk measure and show how to compute and evaluate the quality of an allocation plan. The proposed approach fits well with applications such as vehicular networks, mobile ad-hoc networks, smart cities, or any IoT environment characterized by mobile devices that needs a monitoring infrastructure.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.