| 1. |
- El Hachem, J., et al.
(författare)
-
Securing system-of-systems through a game theory approach
- 2021
-
Ingår i: Proceedings of the ACM Symposium on Applied Computing. - New York, NY, USA : Association for Computing Machinery. - 9781450381048 ; , s. 1443-1446
-
Konferensbidrag (refereegranskat)abstract
- Enabling System-of-Systems (SoS) security is an important activity when engineering SoS solutions like autonomous vehicles, provided that they are also highly safety-critical. An early analysis of such solutions caters for proper security architecture decisions, preventing potential high impact attacks and ensuring people's safety. However, SoS characteristics such as emergent behavior, makes security decision-making at the architectural level a challenging task. To tackle this challenge, it is essential to first address known vulnerabilities related to each CS, that an adversary may exploit to realize his attacks within the unknown SoS environment. In this paper we investigate how to use Game Theory (GT) approaches to guide the architect in choosing an appropriate security solution. We formulate a game with three players and their corresponding strategies and payoffs. The proposal is illustrated on an autonomous quarry example showing its usefulness in supporting a security architect to choose the the most suitable security strategy.
|
|
| 2. |
- Toorani, Mohsen, et al.
(författare)
-
A Decentralized Dynamic PKI based on Blockchain
- 2021
-
Ingår i: Proceedings of the 36th ACM/SIGAPP Symposium On Applied Computing (SAC'21). - New York, NY, USA : ACM. - 9781450381048
-
Konferensbidrag (refereegranskat)abstract
- The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses.
|
|
