Skip to main content
SpringerLink
Log in

Leveraging information security and computational trust for cybersecurity

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Cybersecurity has an enormous impact in modern society, since almost everything in our day-to-day activities depends on some information and communication technology that is prone to some form of threat. This paper argues that cybersecurity depends on the combined effect of information security measures together with explicit trust verification that these measures are operational and effective. In this sense, this paper provides a view of information treatments related to trust and information security and discusses how together they can counter advanced persistent threats and exploits that now plague the cyberspace.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Andy G (2015) New dark-web market is selling zero-day exploits to hackers. http://www.wired.com/2015/04/therealdeal-zero-day-exploits/. Accessed 5 May 2015

  2. Bell DE, LaPadula LJ (1973) Secure computer systems: mathematical foundations. Technical report, DTIC document

  3. Ben-Asher N, Gonzalez C (2015) Effects of cyber security knowledge on attack detection. Comput Hum Behav 48:51–61

    Article  Google Scholar 

  4. Biba KJ (1977) Integrity considerations for secure computer systems. Technical report, DTIC document

  5. Bilge L, Dumitras T (2012) Before we knew it—an empirical study of zero-day attacks in the real world. Symantec Research Labs. https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

  6. Brook C (2015) All major browsers fall at Pwn2Own Day 2. https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731. Accessed 8 Apr 2015

  7. Burrows JH (1983) Guideline for computer security certification and accreditation. Technical report, Information Assurance Technology Analysis Center, Falls Church Va

  8. Byres E, Lowe J (2004) The myths and facts behind cyber security risks for industrial control systems. In: Proceedings of the VDE kongress, Berlin, Germany, vol 116, pp 213–218

  9. Committee on National Security Systems Instruction No. 4009: National Information Assurance (IA) Glossary (2010) http://www.ncsc.gov/publications/policy/docs/CNSSI_4009.pdf

  10. Dasgupta P (2000) Trust as a commodity. Trust: Mak Break Coop Rel 4:49–72

    Google Scholar 

  11. Dempsey K, et al. (2011) Information security continuous monitoring (ISCM) for federal systems and organisations. NIST Special Publication, pp 800–137

  12. Department of Communications, Information Technology and the Arts and the Trusted Information Sharing Network: Secure Your Information: Information Security Principles for Enterprise Architecture (2007). http://www.tisn.gov.au/Documents/Secure_Your+Information+-+Information+Security+Principles+for+Enterprise+Architecture+-+Report.pdf. Accessed 6 Apr 2015

  13. Elhage N (2011) Virtunoid: a KVM guest—host privilege escalation exploit. http://media.blackhat.com/bh-us-11/Elhage/BH_US_11_Elhage_Virtunoid_WP.pdf. Accessed 6 Apr 2015

  14. ENISA (2015) European Union Agency for Network and Information Security: National Cyber Security Strategies in the World. https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world. Accessed 10 Mar 2015

  15. Frei S (2013) The known unknowns: empirical analysis of publicly unknown vulnerabilities. NSS Labs Inc., Austin

    Google Scholar 

  16. Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57

    Article  Google Scholar 

  17. Gambetta D (2000) Can we Trust Trust. Trust: Mak Break Coop Relat 2000:213–237

    Google Scholar 

  18. Gandotra E, Bansal D, Sofat S (2014) Computational techniques for predicting cyber threats. In: Proceedings of the international conference on intelligent computing, communication and devices (ICCD), pp 247–253

  19. Geer D (2014) Cybersecurity as realpolitik. https://www.blackhat.com/us-14/video/cybersecurity-as-realpolitik.html. Accessed 10 Apr 2015

  20. Gold S (2014) APTs: not as advanced as you might think. http://www.scmagazineuk.com/apts-not-as-advanced-as-you-might-think/article/345953/. Accessed 14 Apr 2015

  21. Goncharov M (2014) Russian underground revisited. Technical report, Trend Micro

  22. Greenberg A (2012) Shopping for zero-days: a price list for hackers’ secret software exploits. Forbes Mag. http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

  23. Greenwald G, MacAskill E, Poitras L (2013) Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian News and Media Limited. http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

  24. Harrington SL (2010) Cyber security active defense: playing with fire or sound risk management? Richmond J Law Technol 20(4):1–41

    MathSciNet  Google Scholar 

  25. Help Net Security (2015) Attackers Use Deceptive Tactics to Dominate Corporate Networks. http://www.net-security.org/secworld.php?id=18208. Accessed 29 Apr 2015

  26. HP Research (2012) Cybercrime costs rise nearly 40 percent, attack frequency doubles. http://www8.hp.com/us/en/hp-news/press-release.html. Accessed 11 Feb 2015

  27. Lamsal P (2001) Understanding trust and security. Technical report, Department of Computer Science, University of Helsinki, Finland

  28. Memex (domain-specific search) (2014) Information Innovation Offic,e Darpa. http://www.darpa.mil/newsevents/releases/2014/02/09.aspx. Accessed 11 Feb 2015

  29. Menn J (2015) Politics intrude as cybersecurity firms hunt foreign spies. http://mobile.reuters.com/article/idUSKBN0M809N20150312?irpc=932 Accessed 2 Apr 2015

  30. Miller G (2015) CIA plans major reorganization and a focus on digital espionage. http://www.washingtonpost.com/world/national-security/cia-plans-major-reorganization-and-a-focus-on-digital-espionage/2015/03/06/87e94a1e-c2aa-11e4-9ec2-b418f57a4a99_story.html. Accessed 11 Mar 2015

  31. de Oliveira Albuquerque R, García Villalba LJ, Kim TH (2014) GTrust: group extension for trust models in distributed systems. Int J Distrib Sensor Netw 2014:872842. doi:10.1155/2014/872842

  32. de Oliveira Albuquerque R, García Villalba LJ, Sandoval Orozco AL, Mesquita Buiati F, Kim TH (2014) A layered trust information security architecture. Sensors 14(12):22,754–22,772

    Article  Google Scholar 

  33. de Oliveira Albuquerque R, Villalba LJG, Ribeiro Torres O, Gomes de Deus FE (2011) Virtualization with automated services catalog for providing integrated information technology infrastructure. In: Proceedings of the 8th international conference autonomic and trusted computing (ATC), Banff, Canada, pp 75–91

  34. Peltier TR (2013) Information security fundamentals. CRC Press, Boca Raton

    Book  Google Scholar 

  35. Schneider FB et al (1999) Trust in cyberspace. In: Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board, Commission on Physical Sciences, Mathematics, and Applications, National Research Council. National Academies Press

  36. Seaborn M, Dullien T (2015) Exploiting the DRAM rowhammer bug to gain kernel privileges. http://googleprojectzero.blogspot.com.br/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 12 May 2015

  37. Shah S, Mehtre BM (2013) A modern approach to cyber security analysis using vulnerability assessment and penetration testing. Int J Electron Commun Comput Eng 4(6):47–52

    Google Scholar 

  38. Stephen M (1994) Formalising trust as a computational concept. Ph.D. thesis, University of Stirling, Scotland, UK

  39. Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECS-IJENS 11(5):23–29

    Google Scholar 

  40. Symantec Labs (2014) 2014 internet security threat report. Technical report, Symantec

  41. Szappanos G (2015) Exploit this: evaluating the exploit skills of malware groups. Technical report, SophosLabs

  42. Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Proceedings of the 49th IEEE conference on decision and control (CDC), pp 5991–5998

  43. The National Institute of Science and Technology (NIST) (2013) Developing a framework to improve critical infrastructure cybersecurity. http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf. Accessed 27 Mar 2015

  44. Tiedata (2014) What are web based exploits?. http://www.tiedata.com/webexploits.asp. Accessed 6 Mar 2015

  45. Trusted Computing Group (2014) How to use the TPM: a guide to hardware-based endpoint security. http://www.trustedcomputinggroup.org/files/resource_files/8D42F8D4-1D09-3519-AD1FFF243B223D73/How_to_Use_TPM_Whitepaper_20090302_Final_3_.pdf. Accessed 27 Apr 2015

  46. Van Os R (2014) Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master’s thesis, Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Sweden

  47. Wadlow T (2014) Who must you trust? Queue 12(5):30–43

    Google Scholar 

  48. Wang D, Muller T, Irissappane AA, Zhang J, Liu Y (2015) Using information theory to improve the robustness of trust systems. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 791–799

  49. Whitman M, Mattord H (2013) Management of information security, 4th edn. Cengage Learning, Boston

    Google Scholar 

  50. Wojtczuk R (2014) Poacher turned gamekeeper: lessons learned from eight years of breaking hypervisors. Black Hat USA. https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf. Accessed 11 Mar 2015

Download references

Acknowledgments

Robson de Oliveira Albuquerque, Luis Javier García Villalba and Ana Lucila Sandoval Orozco acknowledge to “Programa de Financiación de Grupos de Investigación UCM validados de la Universidad Complutense de Madrid—Banco Santander”. Part of the computations of this work was performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN. Robson de Oliveira Albuquerque and Rafael Timóteo de Sousa Júnior acknowledge the Laboratory for Decision Technologies at the University of Brasilia (LATITUDE/UnB) for its support to this work. Rafael Timóteo de Sousa Júnior would like to thank the support provided by the PNPD/CAPES—Programa Nacional de Pós-Doutorado/CAPES in Brazil.

Author information

Authors and Affiliations

  1. Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Information Technology and Computer Science, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040, Madrid, Spain

    Robson de Oliveira Albuquerque, Luis Javier García Villalba & Ana Lucila Sandoval Orozco

  2. Electrical Engineering Department, University of Brasilia, Campus Universitário Darcy Ribeiro, Asa Norte, Brasilia, DF, 70910-900, Brazil

    Robson de Oliveira Albuquerque & Rafael Timóteo de Sousa Júnior

  3. Department of Convergence Security, Sungshin W. University, Dongseon-dong-3-ga, Seongbuk-gu, Seoul, Korea

    Tai-Hoon Kim

Authors
  1. Robson de Oliveira Albuquerque
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luis Javier García Villalba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ana Lucila Sandoval Orozco
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafael Timóteo de Sousa Júnior
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tai-Hoon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tai-Hoon Kim.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

de Oliveira Albuquerque, R., García Villalba, L.J., Sandoval Orozco, A.L. et al. Leveraging information security and computational trust for cybersecurity. J Supercomput 72, 3729–3763 (2016). https://doi.org/10.1007/s11227-015-1543-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1543-4

Keywords

Search

Navigation