Abstract
Cybersecurity has an enormous impact in modern society, since almost everything in our day-to-day activities depends on some information and communication technology that is prone to some form of threat. This paper argues that cybersecurity depends on the combined effect of information security measures together with explicit trust verification that these measures are operational and effective. In this sense, this paper provides a view of information treatments related to trust and information security and discusses how together they can counter advanced persistent threats and exploits that now plague the cyberspace.
Similar content being viewed by others
References
Andy G (2015) New dark-web market is selling zero-day exploits to hackers. http://www.wired.com/2015/04/therealdeal-zero-day-exploits/. Accessed 5 May 2015
Bell DE, LaPadula LJ (1973) Secure computer systems: mathematical foundations. Technical report, DTIC document
Ben-Asher N, Gonzalez C (2015) Effects of cyber security knowledge on attack detection. Comput Hum Behav 48:51–61
Biba KJ (1977) Integrity considerations for secure computer systems. Technical report, DTIC document
Bilge L, Dumitras T (2012) Before we knew it—an empirical study of zero-day attacks in the real world. Symantec Research Labs. https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Brook C (2015) All major browsers fall at Pwn2Own Day 2. https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731. Accessed 8 Apr 2015
Burrows JH (1983) Guideline for computer security certification and accreditation. Technical report, Information Assurance Technology Analysis Center, Falls Church Va
Byres E, Lowe J (2004) The myths and facts behind cyber security risks for industrial control systems. In: Proceedings of the VDE kongress, Berlin, Germany, vol 116, pp 213–218
Committee on National Security Systems Instruction No. 4009: National Information Assurance (IA) Glossary (2010) http://www.ncsc.gov/publications/policy/docs/CNSSI_4009.pdf
Dasgupta P (2000) Trust as a commodity. Trust: Mak Break Coop Rel 4:49–72
Dempsey K, et al. (2011) Information security continuous monitoring (ISCM) for federal systems and organisations. NIST Special Publication, pp 800–137
Department of Communications, Information Technology and the Arts and the Trusted Information Sharing Network: Secure Your Information: Information Security Principles for Enterprise Architecture (2007). http://www.tisn.gov.au/Documents/Secure_Your+Information+-+Information+Security+Principles+for+Enterprise+Architecture+-+Report.pdf. Accessed 6 Apr 2015
Elhage N (2011) Virtunoid: a KVM guest—host privilege escalation exploit. http://media.blackhat.com/bh-us-11/Elhage/BH_US_11_Elhage_Virtunoid_WP.pdf. Accessed 6 Apr 2015
ENISA (2015) European Union Agency for Network and Information Security: National Cyber Security Strategies in the World. https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world. Accessed 10 Mar 2015
Frei S (2013) The known unknowns: empirical analysis of publicly unknown vulnerabilities. NSS Labs Inc., Austin
Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57
Gambetta D (2000) Can we Trust Trust. Trust: Mak Break Coop Relat 2000:213–237
Gandotra E, Bansal D, Sofat S (2014) Computational techniques for predicting cyber threats. In: Proceedings of the international conference on intelligent computing, communication and devices (ICCD), pp 247–253
Geer D (2014) Cybersecurity as realpolitik. https://www.blackhat.com/us-14/video/cybersecurity-as-realpolitik.html. Accessed 10 Apr 2015
Gold S (2014) APTs: not as advanced as you might think. http://www.scmagazineuk.com/apts-not-as-advanced-as-you-might-think/article/345953/. Accessed 14 Apr 2015
Goncharov M (2014) Russian underground revisited. Technical report, Trend Micro
Greenberg A (2012) Shopping for zero-days: a price list for hackers’ secret software exploits. Forbes Mag. http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/
Greenwald G, MacAskill E, Poitras L (2013) Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian News and Media Limited. http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
Harrington SL (2010) Cyber security active defense: playing with fire or sound risk management? Richmond J Law Technol 20(4):1–41
Help Net Security (2015) Attackers Use Deceptive Tactics to Dominate Corporate Networks. http://www.net-security.org/secworld.php?id=18208. Accessed 29 Apr 2015
HP Research (2012) Cybercrime costs rise nearly 40 percent, attack frequency doubles. http://www8.hp.com/us/en/hp-news/press-release.html. Accessed 11 Feb 2015
Lamsal P (2001) Understanding trust and security. Technical report, Department of Computer Science, University of Helsinki, Finland
Memex (domain-specific search) (2014) Information Innovation Offic,e Darpa. http://www.darpa.mil/newsevents/releases/2014/02/09.aspx. Accessed 11 Feb 2015
Menn J (2015) Politics intrude as cybersecurity firms hunt foreign spies. http://mobile.reuters.com/article/idUSKBN0M809N20150312?irpc=932 Accessed 2 Apr 2015
Miller G (2015) CIA plans major reorganization and a focus on digital espionage. http://www.washingtonpost.com/world/national-security/cia-plans-major-reorganization-and-a-focus-on-digital-espionage/2015/03/06/87e94a1e-c2aa-11e4-9ec2-b418f57a4a99_story.html. Accessed 11 Mar 2015
de Oliveira Albuquerque R, García Villalba LJ, Kim TH (2014) GTrust: group extension for trust models in distributed systems. Int J Distrib Sensor Netw 2014:872842. doi:10.1155/2014/872842
de Oliveira Albuquerque R, García Villalba LJ, Sandoval Orozco AL, Mesquita Buiati F, Kim TH (2014) A layered trust information security architecture. Sensors 14(12):22,754–22,772
de Oliveira Albuquerque R, Villalba LJG, Ribeiro Torres O, Gomes de Deus FE (2011) Virtualization with automated services catalog for providing integrated information technology infrastructure. In: Proceedings of the 8th international conference autonomic and trusted computing (ATC), Banff, Canada, pp 75–91
Peltier TR (2013) Information security fundamentals. CRC Press, Boca Raton
Schneider FB et al (1999) Trust in cyberspace. In: Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board, Commission on Physical Sciences, Mathematics, and Applications, National Research Council. National Academies Press
Seaborn M, Dullien T (2015) Exploiting the DRAM rowhammer bug to gain kernel privileges. http://googleprojectzero.blogspot.com.br/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 12 May 2015
Shah S, Mehtre BM (2013) A modern approach to cyber security analysis using vulnerability assessment and penetration testing. Int J Electron Commun Comput Eng 4(6):47–52
Stephen M (1994) Formalising trust as a computational concept. Ph.D. thesis, University of Stirling, Scotland, UK
Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECS-IJENS 11(5):23–29
Symantec Labs (2014) 2014 internet security threat report. Technical report, Symantec
Szappanos G (2015) Exploit this: evaluating the exploit skills of malware groups. Technical report, SophosLabs
Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Proceedings of the 49th IEEE conference on decision and control (CDC), pp 5991–5998
The National Institute of Science and Technology (NIST) (2013) Developing a framework to improve critical infrastructure cybersecurity. http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf. Accessed 27 Mar 2015
Tiedata (2014) What are web based exploits?. http://www.tiedata.com/webexploits.asp. Accessed 6 Mar 2015
Trusted Computing Group (2014) How to use the TPM: a guide to hardware-based endpoint security. http://www.trustedcomputinggroup.org/files/resource_files/8D42F8D4-1D09-3519-AD1FFF243B223D73/How_to_Use_TPM_Whitepaper_20090302_Final_3_.pdf. Accessed 27 Apr 2015
Van Os R (2014) Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master’s thesis, Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Sweden
Wadlow T (2014) Who must you trust? Queue 12(5):30–43
Wang D, Muller T, Irissappane AA, Zhang J, Liu Y (2015) Using information theory to improve the robustness of trust systems. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 791–799
Whitman M, Mattord H (2013) Management of information security, 4th edn. Cengage Learning, Boston
Wojtczuk R (2014) Poacher turned gamekeeper: lessons learned from eight years of breaking hypervisors. Black Hat USA. https://www.blackhat.com/docs/eu-14/materials/eu-14-Wojtczuk-Lessons-Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf. Accessed 11 Mar 2015
Acknowledgments
Robson de Oliveira Albuquerque, Luis Javier García Villalba and Ana Lucila Sandoval Orozco acknowledge to “Programa de Financiación de Grupos de Investigación UCM validados de la Universidad Complutense de Madrid—Banco Santander”. Part of the computations of this work was performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN. Robson de Oliveira Albuquerque and Rafael Timóteo de Sousa Júnior acknowledge the Laboratory for Decision Technologies at the University of Brasilia (LATITUDE/UnB) for its support to this work. Rafael Timóteo de Sousa Júnior would like to thank the support provided by the PNPD/CAPES—Programa Nacional de Pós-Doutorado/CAPES in Brazil.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
de Oliveira Albuquerque, R., García Villalba, L.J., Sandoval Orozco, A.L. et al. Leveraging information security and computational trust for cybersecurity. J Supercomput 72, 3729–3763 (2016). https://doi.org/10.1007/s11227-015-1543-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-015-1543-4