More Web Proxy on the site http://driver.im/

research-article

Emergent Properties & Security: The Complexity ofSecurity as a Science

Authors:

Nathaniel Husted,

Steven MyersAuthors Info & Claims

NSPW '14: Proceedings of the 2014 New Security Paradigms Workshop

Pages 1 - 14

https://doi.org/10.1145/2683467.2683468

Published: 15 September 2014 Publication History

Abstract

The notion of emergent properties is becoming common place in the physical and social sciences, with applications in physics, chemistry, biology, medicine, economics, and sociology. Unfortunately, little attention has been given to the discussion of emergence in the realm of computer security, from either the attack or defense perspectives, despite there being examples of such attacks and defenses. We review the concept of emergence, discuss it in the context of computer security, argue that understanding such concepts is essential for securing our current and future systems, give examples of current attacks and defenses that make use of such concepts, and discuss the tools currently available to understand this field. We conclude by arguing that more focus needs to be given to the emergent perspective in information security, especially as we move forward to the Internet of Things and a world full of cyber-physical systems, as we believe many future attacks will make use of such ideas and defenses will require such insights.

References

[1]

UDel Models.http://www.udelmodels.eecis.udel.edu/, July 2010.

[2]

Reka Albert and Albert-Laszlo Barabasi. Statistical mechanics of complex networks. Reviews of modern physics, 74(1):47, 2002.

[3]

Reka Albert, Hawoong Jeong, and Albert-LaszloBarab--asi. Error and attack tolerance of complex networks. nature, 406(6794):378--382, 2000.

[4]

Taimur Aslam, Ivan Krsul, and Eugene H Spafford. Use of a taxonomy of security faults. 1996.

[5]

Yaneer Bar-Yam. A mathematical theory of strong emergence using multiscale variety. Complexity, 9(6):15--24, 2004.

Digital Library

[6]

Albert-Laszlo Barabasi and Reka Albert. Emergence of scaling in random networks. science, 286(5439):509--512, 1999.

[7]

Michael Batty. Cities and complexity: understanding cities with cellular automata, agent-based models, and fractals. The MIT press, 2007.

Digital Library

[8]

Valentino Braitenberg. Vehicles: Experiments in synthetic psychology. MIT press, 1986.

[9]

F. Brauer. Compartmental models in epidemiology. Mathematical epidemiology, pages 19--79, 2008.

[10]

L. Carettoni, C. Merloni, and S. Zanero. Studying bluetooth malware propagation: The bluebag project. IEEE Security and Privacy, 5(2):17--25, 2007.

Digital Library

[11]

K. Channakeshava, D. Chafekar, K. Bisset, VS Kumar, and M. Marathe. EpiNet: a simulation framework to study the spread of malware in wireless networks. In Proceedings of the 2nd International Conference on Simulation Tools and Techniques, pages 1--10. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2009.

Digital Library

[12]

Peter Checkland. Systems thinking, systems practice: includes a 30-year retrospective. 1999.

[13]

Ashley Chonka, Jaipal Singh, and Wanlei Zhou. Chaos theory based detection against network mimicking ddos attacks. Communications Letters, IEEE, 13(9):717--719, 2009.

Digital Library

[14]

Nick Collier. Repast: An extensible framework for agent simulation. The University of Chicago's Social Science Research, 36:2003, 2003.

[15]

John Conway. The game of life. Scientific American, 223(4):4, 1970.

[16]

James P Crutchfield. The calculi of emergence: computation, dynamics and induction. Physica D: Nonlinear Phenomena, 75(1):11--54, 1994.

Digital Library

[17]

Felipe Cucker and Steve Smale. On the mathematics of emergence. Japanese Journal of Mathematics, 2(1):197--227, 2007.

[18]

George Cybenko, Annarita Giani, and Paul Thompson. Cognitive hacking: A battle for the mind. Computer, 35(8):50--56, 2002.

Digital Library

[19]

Leandro Nunes De Castro. Fundamentals of natural computing: basic concepts, algorithms, and applications. CRC Press, 2006.

[20]

T. De Wolf and T. Holvoet. Emergence versusself-organisation: Different concepts but promising when combined. Engineering self-organising systems, pages 77--91, 2005.

Digital Library

[21]

Edsger W. Dijkstra. Self-stabilizing systems in spite of distributed control. Commun. ACM, 17(11):643--644, 1974.

Digital Library

[22]

Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. Technical report, DTIC Document, 2004.

[23]

Marco Dorigo and Mauro Birattari. Ant colony optimization. In Encyclopedia of Machine Learning, pages 36--39. Springer, 2010.

[24]

Joshua M Epstein. Growing artificial societies: social science from the bottom up. Brookings Institution Press, 1996.

Digital Library

[25]

Joshua M Epstein. Agent-based computational models and generative social science. Generative Social Science: Studies in Agent-Based Computational Modeling, pages 4--46, 1999.

[26]

Joshua M Epstein. Generative social science: Studies in agent-based computational modeling. Princeton University Press, 2006.

Digital Library

[27]

S. Forrest, S. Hofmeyr, and B. Edwards. The complex science of cyber defense. HBR Blog Network, Jun 2013.

[28]

S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff. A sense of self for unix processes. sp, page 0120, 1996.

Digital Library

[29]

Stephanie Forrest and Steven Hofmeyr. Engineering an immune system. GRAFT-GEORGETOWN-, 4:369--369, 2001.

[30]

Jochen Fromm. Ten questions about emergence. arXiv preprint nlin/0509049, 2005.

[31]

Jochen Fromm. Types and forms of emergence. arXiv preprint nlin/0506028, 2005.

[32]

Jochen Fromm. On engineering and emergence. arXiv preprint nlin/0601002, 2006.

[33]

R. G. Gallager, P. A. Humblet, and P. M. Spira. A distributed algorithm for minimum-weight spanning trees. ACM Trans. Program. Lang. Syst., 5(1):66--77, January 1983.

Digital Library

[34]

Nigel Gilbert. Agent-based models. Number 7. Sage Publications, Incorporated, 2007.

[35]

David E Goldberg. Genetic algorithms in search, optimization and machine learning. 1989.

Digital Library

[36]

BT Grenfell, A Kleczkowski, SP Ellner, and BM Bolker. Measles as a case study in nonlinear forecasting and chaos. Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences, 348(1688):515--530, 1994.

[37]

Maurice Herlihy and Nir Shavit. The topological structure of asynchronous computability. J. ACM, 46(6):858--923, November 1999.

Digital Library

[38]

Wen-Hsien Ho. Takagi-sugeno fuzzy model of nonlinear hiv dynamics: Chebyshev-series approach integrated with genetic algorithm. International Journal of Innovative Computing Information and Control, 8(2):1439--1451, 2012.

[39]

C. Hooker. Introduction to philosophy of complex systems: A. Philosophy of Complex Systems, 10:3, 2011.

[40]

Kurt Hornik, Maxwell Stinchcombe, and Halbert White. Multilayer feedforward networks are universal approximators. Neural networks, 2(5):359--366, 1989.

Digital Library

[41]

John D Howard and Thomas A Longstaff. A common language for computer security incidents. Sandia National Laboratories, 1998.

[42]

Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani. WiFi networks and malware epidemiology. Proceedings of the National Academy of Sciences, 106(5):1318--1323, 2009.

[43]

N. Husted. ANALYSIS TECHNIQUES FOR EXPLORING EMERGENT VULNERABILITIES AND ATTACKS ON MOBILE DEVICES.

[44]

Nathaniel Husted and Steven Myers. Mobile location tracking in metro areas: malnets and others. In Proceedings of the 17th ACM conference on Computer and communications security, pages 85--96. ACM, 2010.

Digital Library

[45]

Nathaniel Husted and Steven Myers. Why mobile-to-mobile wireless malware won't cause a storm. In Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats, pages 7--7. USENIX Association, 2011.

Digital Library

[46]

M. Hypponen. Malware goes mobile. Scientific American, 295(5):70--77, 2006.

[47]

N.F. Johnson. Simply Complexity: A clear guide to complexity theory. Oneworld, 2010.

[48]

Henrik Jonsson. Risk and vulnerability analysis of complex systems: A basis for proactive emergency management. Fire Safety Engineering and Systems Safety, 2007.

[49]

G.J. Klir. Facets of systems science, volume 15. Springer, 2001.

[50]

Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. ACM Trans. Program. Lang. Syst., 4(3):382--401, July 1982.

Digital Library

[51]

Joseph Raymond Laracy. A systems-theoretic security model for large scale, complex systems applied to the US air transportation system. PhD thesis, Massachusetts Institute of Technology, 2007.

[52]

Nancy Leveson. Engineering a safer world: Systems thinking applied to safety. Mit Press, 2011.

[53]

Aaron Lynch. Thought contagion: How belief spreads through society. Basic Books, 2008.

[54]

Eden Medina. Cybernetic Revolutionaries. MIT Press, 2011.

[55]

Robert Meushaw and Carl Landwehr. Nsa initiatives in cybersecurity sciencej. http://www.nsa.gov/research/tnw/tnw194/articles/pdfs/TNW194_ article4.pdf .

[56]

Jelena Mirkovic and Peter Reiher. A taxonomy of ddos attack and ddos defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39--53, 2004.

Digital Library

[57]

P Oscar and VP Roychowdbury. Leveraging social networks to fight spam. IEEE Computer, 38(4):61--68, 2005.

Digital Library

[58]

Romualdo Pastor-Satorras and Alessandro Vespignani. Epidemic spreading in scale-free networks. Physical review letters, 86(14):3200, 2001.

[59]

Elisabeth Pate-Cornell. On "black swans" and "perfect storms": Risk analysis and management when statistics are not enough. Risk analysis, 32(11):1823--1833, 2012.

[60]

M. Pease, R. Shostak, and L. Lamport. Reaching agreement in the presence of faults. J. ACM, 27(2):228--234, April 1980.

Digital Library

[61]

Aiko Pras, Anna Sperotto, Giovane Moura, Idilio Drago, Rafael Barbosa, Ramin Sadre, Ricardo Schmidt, and Rick Hofstede. Attacks by "anonymous" wikileaks proponents not anonymous. 2010.

[62]

Mikhail Prokopenko, Fabio Boschetti, and Alex J Ryan. An information-theoretic primer on complexity, self-organization, and emergence. Complexity, 15(1):11--28, 2009.

Digital Library

[63]

Kenneth J Rothman, Sander Greenland, and Timothy L Lash. Modern epidemiology. Lippincott Williams & Wilkins, 2008.

[64]

John Rushby. On emergent misbehavior. http://www.csl.sri.com/users/rushby/slides/emergentm12.pdf, 2012.

[65]

Robert J Shiller. Irrational exuberance. Random House LLC, 2005.

[66]

Adam Shostack. Threat Modeling: Designing for Security. John Wiley & Sons, 2014.

Digital Library

[67]

Didier Sornette. Dragon-kings, black swans and the prediction of crises. arXiv preprint arXiv:0907.4290, 2009.

[68]

Didier Sornette and Guy Ouillon. Dragon-kings: Mechanisms, statistical methods and empirical evidence. The European Physical Journal Special Topics, 205(1):1--26, 2012.

[69]

John D Sterman. System dynamics modeling: Tools for learning in a complex world. California management review, 43(4), 2001.

[70]

P Stewart. Jacobellis v ohio. US Rep, 378:184, 1964.

[71]

J. Su, K.K.W. Chan, A.G. Miklas, K. Po, A. Akhavan, S. Saroiu, E. de Lara, and A. Goel. A preliminary investigation of worm infections in a bluetooth environment. In Proceedings of the 4th ACM workshop on Recurring malcode, page 16. ACM, 2006.

Digital Library

[72]

Nassim Nicholas Taleb. Black swans and the domains of statistics. The American Statistician, 61(3):198{200, 2007.

[73]

Nassim Nicholas Taleb. The black swan: The impact of the highly improbable. Random House Trade Paperbacks, 2010.

[74]

Seth Tisue and Uri Wilensky. Netlogo: A simple environment for modeling complexity. In International Conference on Complex Systems, pages 16--21, 2004.

[75]

Brian Uzzi. The sources and consequences of embeddedness for the economic performance of organizations: The network e ect. American sociological review, pages 674--698, 1996.

[76]

Koen H van Dam, Igor Nikolic, and Zofia Lukszo. Agent-based modelling of socio-technical systems, volume 9. Springer, 2012.

Digital Library

[77]

Nart Villeneuve, Jessa dela Torre, and David Sancho. Asprox reborn. http://www.trendmicro.com/media/wp/asprox-reborn-whitepaper-en.pdf .

[78]

Qian Wang, Zesheng Chen, Chao Chen, and Niki Pissinou. On the robustness of the botnet topology formed by worm infection, 2010.

[79]

C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. sp, page 0133, 1999.

[80]

Duncan J Watts and Steven H Strogatz. Collective dynamics of small-world networks. nature, 393(6684):440--442, 1998.

[81]

Stephen Wolfram. Statistical mechanics of cellular automata. Reviews of modern physics, 55(3):601, 1983.

[82]

Guanhua Yan, Hector D Flores, Leticia Cuellar, Nicolas Hengartner, Stephan Eidenbenz, and Vincent Vu. Bluetooth worm propagation: mobility pattern matters! In Proceedings of the 2nd ACM symposium on Information, computer and communications security, pages 32--44. ACM, 2007.

Digital Library

[83]

William Young and Nancy Leveson. Systems thinking for safety and security. In Proceedings of the 29th Annual Computer Security Applications Conference, pages 1--8. ACM, 2013.

Digital Library

[84]

William Young and Nancy G Leveson. An integrated approach to safety and security based on systems theory. Communications of the ACM, 57(2):31--35, 2014.

Digital Library

[85]

Raed Abu Zitar and Adel Hamdan. Genetic optimized artificial immune system in spam detection: a review and a model. Artificial Intelligence Review, 40(3):305--377, 2013.

Digital Library

[86]

C.C. Zou, W. Gong, and D. Towsley. Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security, pages 138--147. ACM, 2002.

Digital Library

Cited By

Freire de Castro Silva SFornazin Mdos Santos R(2020)Analysis and Modeling of Emergent Systems in the Health Information System DomainProceedings of the XVI Brazilian Symposium on Information Systems10.1145/3411564.3411587(1-8)Online publication date: 3-Nov-2020
https://dl.acm.org/doi/10.1145/3411564.3411587
Pieters WHadžiosmanović DDechesne FBeznosov KSomayaji ALongstaff TVan Oorschot P(2014)Cyber Security as Social ExperimentProceedings of the 2014 New Security Paradigms Workshop10.1145/2683467.2683469(15-24)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2683467.2683469

Index Terms

Emergent Properties & Security: The Complexity ofSecurity as a Science
1. Computing methodologies
  1. Modeling and simulation
    1. Simulation theory
      1. Systems theory
2. Mathematics of computing
  1. Information theory

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
From information security to cyber security

The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. ...
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers

We compare alternative information security policies-facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

NSPW '14: Proceedings of the 2014 New Security Paradigms Workshop

September 2014

148 pages

ISBN:9781450330626

DOI:10.1145/2683467

General Chairs:
Konstantin Beznosov
University of British Columbia, Canada
,
Anil Somayaji
Carleton University, Canada
,
Program Chairs:
Tom Longstaff
Johns Hopkins University, USA
,
Paul Van Oorschot
Carleton University, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 September 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

NSPW '14

Sponsor:

ACSA

NSPW '14: New Security Paradigms Workshop

September 15 - 18, 2014

British Columbia, Victoria, Canada

Acceptance Rates

NSPW '14 Paper Acceptance Rate 11 of 32 submissions, 34%;

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
396
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Freire de Castro Silva SFornazin Mdos Santos R(2020)Analysis and Modeling of Emergent Systems in the Health Information System DomainProceedings of the XVI Brazilian Symposium on Information Systems10.1145/3411564.3411587(1-8)Online publication date: 3-Nov-2020
https://dl.acm.org/doi/10.1145/3411564.3411587
Pieters WHadžiosmanović DDechesne FBeznosov KSomayaji ALongstaff TVan Oorschot P(2014)Cyber Security as Social ExperimentProceedings of the 2014 New Security Paradigms Workshop10.1145/2683467.2683469(15-24)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2683467.2683469

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents