When investing in cyber security resources, information security managers have to follow effective decisionmaking\ud
strategies. We refer to this as the cyber security investment challenge.In this paper, we consider\ud
three possible decision support methodologies for security managers to tackle this challenge. We consider\ud
methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts\ud
by building a framework where we can investigate the effectiveness of a cyber security control regarding\ud
the protection of different assets seen as targets in presence of commodity threats. As game theory captures\ud
the interaction between the endogenous organisation’s and attackers’ decisions, we consider a 2-person\ud
control game between the security manager who has to choose among different implementation levels of a\ud
cyber security control, and a commodity attacker who chooses among different targets to attack. The pure\ud
game theoretical methodology consists of a large game including all controls and all threats. In the hybrid\ud
methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are\ud
combined with a Knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation\ud
technique consists of a multi-objective multiple choice Knapsack based strategy. To compare these\ud
approaches we built a decision support tool and a case study regarding current government guidelines. The\ud
endeavour of this work is to highlight the weaknesses and strengths of different investment methodologies\ud
for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security\ud
investment. Going a step further in validating our work, we have shown that our decision support tool provides\ud
the same advice with the one advocated by the UK government with regard to the requirements for\ud
basic technical protection from cyber attacks in SMEs
We present a framework for specification and security analysis of communication protocols for mobile wireless networks. This setting introduces new challenges which are not being addressed by classical protocol analysis techniques. The main complication stems from the fact that the actions of intermediate nodes and their connectivity can no longer be abstracted into a single unstructured adversarial environment as they form an inherent part of the system's security. In order to model this scenario faithfully, we present a broadcast calculus which makes a clear distinction between the protocol processes and the network's connectivity graph, which may change independently from protocol actions. We identify a property characterising an important aspect of security in this setting and express it using behavioural equivalences of the calculus. We complement this approach with a control flow analysis which enables us to automatically check this property on a given network and attacker specification.
The subject of this paper is flow-and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises efficiency and simplicity and is based on a simple language of set constraints. We obtain an O(v 4 ) bound on the time needed to solve a set of constraints from this language, where v is the number of constraint variables. This gives, for the first time, some insight into the hardness of performing field-sensitive pointer analysis of C. Furthermore, we experimentally evaluate the time versus precision trade-off for our method by comparing against the field-insensitive equivalent. Our benchmark suite consists of 11 common C programs ranging in size from 15,000 to 200,000 lines of code. Our results indicate the field-sensitive analysis is more expensive to compute, but yields significantly better precision. In addition, our technique has been integrated into the latest release (version 4.1) of the GNU Compiler GCC. Finally, we identify several previously unknown issues with an alternative and less precise approach to modelling struct variables, known as field-based analysis.
We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on non-interference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absence of any illegal information flow. We present a model in which the notion of non-interference is approximated in the sense that it allows for some exactly quantified leakage of information. This is characterised via a notion of process similarity which replaces the indistinguishability of processes by a quantitative measure of their behavioural difference. Such a quantity is related to the number of statistical tests needed to distinguish two behaviours. We also present two semantics-based analyses of approximate non-interference and we show that one is a correct abstraction of the other.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.