More Like this

1. A Candidate for a Strong Separation of Information and Communication

   https://doi.org/10.4230/LIPIcs.ITCS.2018.11  

   Braverman, Mark ; Ganor, Anat ; Kol, Gillat ; Raz, Ran ( January 2018 , Innovations in Theoretical Computer Science Conference (ITCS 2018))
2. How Quickly We Selectively Forget: Experimental Tests of Information Order on Memory and Candidate Evaluation: How Quickly We Selectively Forget

   https://doi.org/10.1111/pops.12499  

   Goggin, Stephen N. ( September 2018 , Political Psychology)
3. Information Flow: A Unified Basis for Vulnerability Mitigation, Malware Defense and Attack Scenario Reconstruction (Keynote Presentation)

   https://doi.org/10.1145/3411502.3418421  

   Sekar, R. ( November 2020 , ACM FEAST)

   null (Ed.)

   Access control and information flow are the two building blocks in the design of secure software. Of the two, access control seems ubiquitous, being widely used in operating systems, databases, firewalls, servers, web applications, and so on. The successes of information flow seem less obvious, and its benefits and potential underappreciated. Yet, when it comes to defending against malicious code, access control based defenses have proved susceptible to evasion, or they end up being so restrictive as to interfere with legitimate use. In this talk, I will argue that defenses based on information flow can be more discerning, as they utilize not only the operations performed but also their context, e.g., whether malicious actors could be exerting control over these operation or their key arguments. I will then describe successful applications of information flow to defend against every stage of a cyber attack campaign, including: (a) exploit mitigation for a wide range of software vulnerabilities, (b) malware containment across diverse OSes, including Linux, BSD, and Windows XP through Windows 10, and (c) attack campaign reconstruction, where we achieve a five to six orders of magnitude data reduction by applying our techniques. 

   more » « less
4. Automation of Vulnerability Information Extraction Using Transformer-Based Language Models

   Chaleshtori, F. H. ; Ray, I ( September 2022 , ESORICS 2022 Workshops, LNCS 13785, pp. 645–665, 2023.)
5. A simulation‐based generalized framework to model vulnerability of interdependent critical infrastructure systems under incomplete information

   https://doi.org/10.1111/mice.12999  

   Ganguly, Prasangsha ; Mukherjee, Sayanti ( April 2023 , Computer-Aided Civil and Infrastructure Engineering)

   This paper proposes a novel simulation‐based hybrid approach coupled with time‐dependent Bayesian network analysis to model multi‐infrastructure vulnerability over time under physical, spatial, and informational uncertainties while considering cascading failures within and across infrastructure networks. Unlike existing studies that unrealistically assume that infrastructure managers have full knowledge of all the infrastructure systems, the proposed approach considers a realistic scenario where complete information about the infrastructure network topology or the supply–demand flow characteristics is not available while estimating multi‐infrastructure vulnerability. A novel heuristic algorithm is proposed to construct a dynamic fault tree to abstract the network topology of any infrastructure. In addition, to account for the unavailability of exact supply–demand flow characteristics, the proposed approach constructs the interdependence links across infrastructure network systems using different simulated parameters considering the physical, logical, and geographical dependencies. Finally, using parameters for geographical proximity, infrastructure managers' risk perception, and the relative importance of one infrastructure on another, the multi‐infrastructure vulnerability over time is estimated. Results from the numerical experiment show that for an opportunistic risk perception, the interdependencies attribute to redundancies, and with an increase in redundancy, the vulnerability decreases. On the other hand, from a conservative risk perspective, the interdependencies attribute to deficiencies/liabilities, and the vulnerability increases with an increase in the number of such interdependencies.

    

   more » « less