-
Fuzzy Fault Trees Formalized
Authors:
Thi Kim Nhung Dang,
Milan Lopuhaä-Zwakenberg,
Mariëlle Stoelinga
Abstract:
Fault tree analysis is a vital method of assessing safety risks. It helps to identify potential causes of accidents, assess their likelihood and severity, and suggest preventive measures. Quantitative analysis of fault trees is often done via the dependability metrics that compute the system's failure behaviour over time. However, the lack of precise data is a major obstacle to quantitative analys…
▽ More
Fault tree analysis is a vital method of assessing safety risks. It helps to identify potential causes of accidents, assess their likelihood and severity, and suggest preventive measures. Quantitative analysis of fault trees is often done via the dependability metrics that compute the system's failure behaviour over time. However, the lack of precise data is a major obstacle to quantitative analysis, and so to reliability analysis. Fuzzy logic is a popular framework for dealing with ambiguous values and has applications in many domains. A number of fuzzy approaches have been proposed to fault tree analysis, but -- to the best of our knowledge -- none of them provide rigorous definitions or algorithms for computing fuzzy unreliability values. In this paper, we define a rigorous framework for fuzzy unreliability values. In addition, we provide a bottom-up algorithm to efficiently calculate fuzzy reliability for a system. The algorithm incorporates the concept of $α$-cuts method. That is, performing binary algebraic operations on intervals on horizontally discretised $α$-cut representations of fuzzy numbers. The method preserves the nonlinearity of fuzzy unreliability. Finally, we illustrate the results obtained from two case studies.
△ Less
Submitted 13 March, 2024;
originally announced March 2024.
-
Fuzzy quantitative attack tree analysis
Authors:
Thi Kim Nhung Dang,
Milan Lopuhaä-Zwakenberg,
Mariëlle Stoelinga
Abstract:
Attack trees are important for security, as they help to identify weaknesses and vulnerabilities in a system. Quantitative attack tree analysis supports a number security metrics, which formulate important KPIs such as the shortest, most likely and cheapest attacks.
A key bottleneck in quantitative analysis is that the values are usually not known exactly, due to insufficient data and/or lack of…
▽ More
Attack trees are important for security, as they help to identify weaknesses and vulnerabilities in a system. Quantitative attack tree analysis supports a number security metrics, which formulate important KPIs such as the shortest, most likely and cheapest attacks.
A key bottleneck in quantitative analysis is that the values are usually not known exactly, due to insufficient data and/or lack of knowledge. Fuzzy logic is a prominent framework to handle such uncertain values, with applications in numerous domains. While several studies proposed fuzzy approaches to attack tree analysis, none of them provided a firm definition of fuzzy metric values or generic algorithms for computation of fuzzy metrics.
In this work, we define a generic formulation for fuzzy metric values that applies to most quantitative metrics. The resulting metric value is a fuzzy number obtained by following Zadeh's extension principle, obtained when we equip the basis attack steps, i.e., the leaves of the attack trees, with fuzzy numbers. In addition, we prove a modular decomposition theorem that yields a bottom-up algorithm to efficiently calculate the top fuzzy metric value.
△ Less
Submitted 22 January, 2024;
originally announced January 2024.
-
Look back, look around: a systematic analysis of effective predictors for new outlinks in focused Web crawling
Authors:
Thi Kim Nhung Dang,
Doina Bucur,
Berk Atil,
Guillaume Pitel,
Frank Ruis,
Hamidreza Kadkhodaei,
Nelly Litvak
Abstract:
Small and medium enterprises rely on detailed Web analytics to be informed about their market and competition. Focused crawlers meet this demand by crawling and indexing specific parts of the Web. Critically, a focused crawler must quickly find new pages that have not yet been indexed. Since a new page can be discovered only by following a new outlink, predicting new outlinks is very relevant in p…
▽ More
Small and medium enterprises rely on detailed Web analytics to be informed about their market and competition. Focused crawlers meet this demand by crawling and indexing specific parts of the Web. Critically, a focused crawler must quickly find new pages that have not yet been indexed. Since a new page can be discovered only by following a new outlink, predicting new outlinks is very relevant in practice. In the literature, many feature designs have been proposed for predicting changes in the Web. In this work we provide a structured analysis of this problem, using new outlinks as our running prediction target. Specifically, we unify earlier feature designs in a taxonomic arrangement of features along two dimensions: static versus dynamic features, and features of a page versus features of the network around it. Within this taxonomy, complemented by our new (mainly, dynamic network) features, we identify best predictors for new outlinks. Our main conclusion is that most informative features are the recent history of new outlinks on a page itself, and of its content-related pages. Hence, we propose a new 'look back, look around' (LBLA) model, that uses only these features. With the obtained predictions, we design a number of scoring functions to guide a focused crawler to pages with most new outlinks, and compare their performance. The LBLA approach proved extremely effective, outperforming other models including those that use a most complete set of features. One of the learners we use, is the recent NGBoost method that assumes a Poisson distribution for the number of new outlinks on a page, and learns its parameters. This connects the two so far unrelated avenues in the literature: predictions based on features of a page, and those based on probabilistic modelling. All experiments were carried out on an original dataset, made available by a commercial focused crawler.
△ Less
Submitted 15 November, 2022; v1 submitted 9 November, 2021;
originally announced November 2021.
-
XACs-DyPol: Towards an XACML-based Access Control Model for Dynamic Security Policy
Authors:
Tran Khanh Dang,
Xuan Son Ha,
Luong Khiem Tran
Abstract:
Authorization and access control play an essential role in protecting sensitive information from malicious users. The system is based on security policies to determine if an access request is allowed. However, of late, the growing popularity of big data has created a new challenge which the security policy management is facing with such as dynamic and update policies in run time. Applications of d…
▽ More
Authorization and access control play an essential role in protecting sensitive information from malicious users. The system is based on security policies to determine if an access request is allowed. However, of late, the growing popularity of big data has created a new challenge which the security policy management is facing with such as dynamic and update policies in run time. Applications of dynamic policies have brought many benefits to modern domains. To the best of our knowledge, there are no previous studies focusing on solving authorization problems in the dynamic policy environments. In this article, we focus on analyzing and classifying when an update policy occurs, and provide a pragmatic solution for such dynamic policies. The contribution of this work is twofold: a novel solution for managing the policy changes even when the access request has been granted, and an XACML-based implementation to empirically evaluate the proposed solution. The experimental results show the comparison between the newly introduced XACs-DyPol framework with Balana (an open source framework supporting XACML 3.0). The datasets are XACML 3.0-based policies, including three samples of real-world policy sets. According to the comparison results, our XACs-DyPol framework performs better than Balana in terms of all updates in dynamic security policy cases. Specially, our proposed solution outperforms by an order of magnitude when the policy structure includes complex policy sets, policies, and rules or some complicated comparison expression which contains higher than function and less than function.
△ Less
Submitted 10 April, 2020;
originally announced May 2020.
-
Secure Biometric-based Remote Authentication Protocol using Chebyshev Polynomials and Fuzzy Extractor
Authors:
Thi Ai Thao Nguyen,
Tran Khanh Dang,
Quynh Chi Truong,
Dinh Thanh Nguyen
Abstract:
In this paper, we have proposed a multi factor biometric-based remote authentication protocol. Our proposal overcomes the vulnerabilities of some previous works. At the same time, the protocol also obtains a low false accept rate (FAR) and false reject rate (FRR).
In this paper, we have proposed a multi factor biometric-based remote authentication protocol. Our proposal overcomes the vulnerabilities of some previous works. At the same time, the protocol also obtains a low false accept rate (FAR) and false reject rate (FRR).
△ Less
Submitted 9 April, 2019;
originally announced April 2019.
-
A Visual Model for Web Applications Security Monitoring
Authors:
Tran Tri Dang,
Tran Khanh Dang
Abstract:
This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a human-assisted monitoring system is an indispensable complement, following the "Defense in depth" strategy. To support human operators working more effectively…
▽ More
This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a human-assisted monitoring system is an indispensable complement, following the "Defense in depth" strategy. To support human operators working more effectively and efficiently, information visualization techniques are utilized in this model. A prototype implementation of this model is created and is used to test against a popular open source web application. Testing results prove the model's usefulness, at least in understanding the web application security structure.
△ Less
Submitted 5 April, 2019;
originally announced April 2019.
-
A New Biometric Template Protection using Random Orthonormal Projection and Fuzzy Commitment
Authors:
Thi Ai Thao Nguyen,
Tran Khanh Dang,
Dinh Thanh Nguyen
Abstract:
Biometric template protection is one of most essential parts in putting a biometric-based authentication system into practice. There have been many researches proposing different solutions to secure biometric templates of users. They can be categorized into two approaches: feature transformation and biometric cryptosystem. However, no one single template protection approach can satisfy all the req…
▽ More
Biometric template protection is one of most essential parts in putting a biometric-based authentication system into practice. There have been many researches proposing different solutions to secure biometric templates of users. They can be categorized into two approaches: feature transformation and biometric cryptosystem. However, no one single template protection approach can satisfy all the requirements of a secure biometric-based authentication system. In this work, we will propose a novel hybrid biometric template protection which takes benefits of both approaches while preventing their limitations. The experiments demonstrate that the performance of the system can be maintained with the support of a new random orthonormal project technique, which reduces the computational complexity while preserving the accuracy. Meanwhile, the security of biometric templates is guaranteed by employing fuzzy commitment protocol.
△ Less
Submitted 30 March, 2019;
originally announced April 2019.
-
The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach
Authors:
Tran Khanh Dang,
Khanh T. K. Tran
Abstract:
Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous…
▽ More
Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.
△ Less
Submitted 24 March, 2019;
originally announced March 2019.
-
Security Visualization for peer-to-peer resource sharing applications
Authors:
Dand Tran Tri,
Tran Khanh Dang
Abstract:
Security of an information system is only as strong as its weakest element. Popular elements of such system include hardware, software, network and people. Current approaches to computer security problems usually exclude people in their studies even though it is an integral part of these systems. To fill that gap, this paper discusses crucial people-related problems in computer security and prop…
▽ More
Security of an information system is only as strong as its weakest element. Popular elements of such system include hardware, software, network and people. Current approaches to computer security problems usually exclude people in their studies even though it is an integral part of these systems. To fill that gap, this paper discusses crucial people-related problems in computer security and proposes a method of improving security in such systems by integrating people tightly into the whole system. The integration is implemented via visualization to provide visual feedbacks and capture people's awareness of their actions and consequent results. By doing it, we can improve system usability, shorten user's learning curve, and hence enable user uses computer systems more securely.
△ Less
Submitted 11 December, 2009;
originally announced December 2009.
