-
Observations From an Online Security Competition and Its Implications on Crowdsourced Security
Authors:
Alejandro Cuevas,
Emma Hogan,
Hanan Hibshi,
Nicolas Christin
Abstract:
The crowd sourced security industry, particularly bug bounty programs, has grown dramatically over the past years and has become the main source of software security reviews for many companies. However, the academic literature has largely omitted security teams, particularly in crowd work contexts. As such, we know very little about how distributed security teams organize, collaborate, and what te…
▽ More
The crowd sourced security industry, particularly bug bounty programs, has grown dramatically over the past years and has become the main source of software security reviews for many companies. However, the academic literature has largely omitted security teams, particularly in crowd work contexts. As such, we know very little about how distributed security teams organize, collaborate, and what technology needs they have. We fill this gap by conducting focus groups with the top five teams (out of 18,201 participating teams) of a computer security Capture-the-Flag (CTF) competition. We find that these teams adopted a set of strategies centered on specialties, which allowed them to reduce issues relating to dispersion, double work, and lack of previous collaboration. Observing the current issues of a model centered on individual workers in security crowd work platforms, our study cases that scaling security work to teams is feasible and beneficial. Finally, we identify various areas which warrant future work, such as issues of social identity in high-skilled crowd work environments.
△ Less
Submitted 26 April, 2022;
originally announced April 2022.
-
A Network-of-Networks Model for Electrical Infrastructure Networks
Authors:
Mahantesh Halappanavar,
Eduardo Cotilla-Sanchez,
Emilie Hogan,
Daniel Duncan,
Zhenyu,
Huang,
Paul D. H. Hines
Abstract:
Modeling power transmission networks is an important area of research with applications such as vulnerability analysis, study of cascading failures, and location of measurement devices. Graph-theoretic approaches have been widely used to solve these problems, but are subject to several limitations. One of the limitations is the ability to model a heterogeneous system in a consistent manner using t…
▽ More
Modeling power transmission networks is an important area of research with applications such as vulnerability analysis, study of cascading failures, and location of measurement devices. Graph-theoretic approaches have been widely used to solve these problems, but are subject to several limitations. One of the limitations is the ability to model a heterogeneous system in a consistent manner using the standard graph-theoretic formulation. In this paper, we propose a {\em network-of-networks} approach for modeling power transmission networks in order to explicitly incorporate heterogeneity in the model. This model distinguishes between different components of the network that operate at different voltage ratings, and also captures the intra and inter-network connectivity patterns. By building the graph in this fashion we present a novel, and fundamentally different, perspective of power transmission networks. Consequently, this novel approach will have a significant impact on the graph-theoretic modeling of power grids that we believe will lead to a better understanding of transmission networks.
△ Less
Submitted 26 November, 2015;
originally announced December 2015.
-
Towards a Networks-of-Networks Framework for Cyber Security
Authors:
Mahantesh Halappanavar,
Sutanay Choudhury,
Emilie Hogan,
Peter Hui,
John R. Johnson,
Indrajit Ray,
Lawrence Holder
Abstract:
Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in thi…
▽ More
Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this position paper we build towards a three-layered NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We present in-depth discussion for four major graph- theoretic applications to demonstrate how the three-layered NoN model can be leveraged for continuous system monitoring and mission assurance.
△ Less
Submitted 24 April, 2013;
originally announced April 2013.
-
A New Algorithm for Proving Global Asymptotic Stability of Rational Difference Equations
Authors:
Emilie Hogan,
Doron Zeilberger
Abstract:
Global asymptotic stability of rational difference equations is an area of research that has been well studied. In contrast to the many current methods for proving global asymptotic stability, we propose an algorithmic approach. The algorithm we summarize here employs the idea of contractions. Given a particular rational difference equation, defined by a function $Q$ which maps the $k+1$ dimension…
▽ More
Global asymptotic stability of rational difference equations is an area of research that has been well studied. In contrast to the many current methods for proving global asymptotic stability, we propose an algorithmic approach. The algorithm we summarize here employs the idea of contractions. Given a particular rational difference equation, defined by a function $Q$ which maps the $k+1$ dimensional real numbers to itself, we attempt to find an integer, $K$, for which $Q^K$ shrinks distances to the difference equation's equilibrium point. We state some general results that our algorithm has been able to prove, and also mention the implementation of our algorithm using Maple.
△ Less
Submitted 5 June, 2011;
originally announced June 2011.