References of "Mauw, Sjouke 50002343"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailThe Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement
Horne, Ross James UL; Mauw, Sjouke UL; Tiu, Alwen

in Proc.\ 5th International Workshop on Graphical Models for Security (GraMSec'18) (2018)

Detailed reference viewed: 108 (10 UL)
See detailProceedings of the Fourth International Workshop on Graphical Models for Security (GraMSec 2017)
Liu, Peng; Mauw, Sjouke UL; Stolen, Ketil

Book published by Springer (2018)

This book constitutes revised selected papers from the 4th International Workshop on Graphical Models for Security, GraMSec 2017, held in Santa Barbara, CA, USA, in August 2017. The 5 full and 4 short ... [more ▼]

This book constitutes revised selected papers from the 4th International Workshop on Graphical Models for Security, GraMSec 2017, held in Santa Barbara, CA, USA, in August 2017. The 5 full and 4 short papers presented in this volume were carefully reviewed and selected from 19 submissions. The book also contains one invited paper from the WISER project. The contributions deal with the latest research and developments on graphical models for security. [less ▲]

Detailed reference viewed: 40 (1 UL)
Full Text
Peer Reviewed
See detailRefinement-Aware Generation of Attack Trees
Gadyatskaya, Olga UL; Ravi, Jhawar; Mauw, Sjouke UL et al

in Livraga, Giovanni; Mitchell, Chris J. (Eds.) Security and Trust Management - 13th International Workshop (2017, September)

Detailed reference viewed: 175 (4 UL)
Full Text
Peer Reviewed
See detailA security perspective on publication metrics
Jonker, Hugo; Mauw, Sjouke UL

in Stajano, F. (Ed.) Proc. 25th Security Protocols Workshop (2017)

Detailed reference viewed: 106 (4 UL)
Full Text
Peer Reviewed
See detailSemantics for specialising attack trees based on linear logic
Horne, Ross James UL; Mauw, Sjouke UL; Tiu, Alwen

in Fundamenta Informaticae (2017), 153(1-2), 57-86

Attack trees profile the sub-goals of the proponent of an attack. Attack trees have a variety of semantics depending on the kind of question posed about the attack, where questions are captured by an ... [more ▼]

Attack trees profile the sub-goals of the proponent of an attack. Attack trees have a variety of semantics depending on the kind of question posed about the attack, where questions are captured by an attribute domain. We observe that one of the most general semantics for attack trees, the multiset semantics, coincides with a semantics expressed using linear logic propositions. The semantics can be used to compare attack trees to determine whether one attack tree is a specialisation of another attack tree. Building on these observations, we propose two new semantics for an extension of attack trees named causal attack trees. Such attack trees are extended with an operator capturing the causal order of sub-goals in an attack. These two semantics extend the multiset semantics to sets of series-parallel graphs closed under certain graph homomorphisms, where each semantics respects a class of attribute domains. We define a sound logical system with respect to each of these semantics, by using a recently introduced extension of linear logic, called MAV , featuring a non-commutative operator. The non-commutative operator models causal dependencies in causal attack trees. Similarly to linear logic for attack trees, implication defines a decidable preorder for specialising causal attack trees that soundly respects a class of attribute domains. [less ▲]

Detailed reference viewed: 223 (4 UL)
Full Text
Peer Reviewed
See detailModel-driven situational awareness for moving target defense
Jhawar, Ravi UL; Mauw, Sjouke UL

in Scanlon, Marc; Le-Khac, Nhien-An (Eds.) Proc. 16th European Conference on Cyber Warfare and Security (2017)

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's ... [more ▼]

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's workload since she must continually re-assess, re-engineer and re-launch her attacks. Existing research has provided a number of MTD techniques but approaches for gaining situational awareness and deciding when/how to apply these techniques are not well studied. In this paper, we present a conceptual framework that closely integrates a set of models with the system and obtains up-to-date situational awareness following the OODA loop methodology. To realize the framework, as the first step, we propose a modelling approach that provides insights about the dynamics between potential attacks and defenses, impact of attacks and adaptations on the system, and the state of the system. Based on these models, we demonstrate techniques to quantitatively assess the effectiveness of MTD and show how to formulate decision-making problems. [less ▲]

Detailed reference viewed: 81 (2 UL)
Full Text
Peer Reviewed
See detailReverse Bayesian poisoning: How to use spam filters to manipulate online elections
Jonker, Hugo; Mauw, Sjouke UL; Schmitz, Tom UL

in Krimmer, L. (Ed.) Proc. 2nd International Joint Conference on Electronic Voting (2017)

E-voting literature has long recognised the threat of denial-of-service attacks: as attacks that (partially) disrupt the services needed to run the voting system. Such attacks violate availability ... [more ▼]

E-voting literature has long recognised the threat of denial-of-service attacks: as attacks that (partially) disrupt the services needed to run the voting system. Such attacks violate availability. Thankfully, they are typically easily detected. We identify and investigate a denial-of-service attack on a voter's spam filters, which is not so easily detected: reverse Bayesian poisoning, an attack that lets the attacker silently suppress mails from the voting system. Reverse Bayesian poisoning can disenfranchise voters in voting systems which rely on emails for essential communication (such as voter invitation or credential distribution). The attacker stealthily trains the voter's spam filter by sending spam mails crafted to include keywords from genuine mails from the voting system. To test the potential effect of reverse Bayesian poisoning, we took keywords from the Helios voting system's email templates and poisoned the Bogofilter spam filter using these keywords. Then we tested how genuine Helios mails are classified. Our experiments show that reverse Bayesian poisoning can easily suppress genuine emails from the Helios voting system. [less ▲]

Detailed reference viewed: 135 (1 UL)
Full Text
Peer Reviewed
See detailOptimality Results on the Security of Lookup-Based Protocols
Mauw, Sjouke UL; Toro Pozo, Jorge Luis UL; Trujillo Rasua, Rolando UL

in Hancke, Gerard P.; Markantonakis, Konstantinos (Eds.) Radio Frequency Identification and IoT Security - 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 - December 2, 2016, Revised Selected Papers (2016, December)

Distance-bounding protocols use the round-trip time of a challenge-response cycle to provide an upper-bound on the distance between prover and verifier. In order to obtain an accurate upper-bound, the ... [more ▼]

Distance-bounding protocols use the round-trip time of a challenge-response cycle to provide an upper-bound on the distance between prover and verifier. In order to obtain an accurate upper-bound, the computation time at the prover’s side should be as short as possible, which can be achieved by precomputing the responses and storing them in a lookup table. However, such lookup-based distance bounding protocols suffer from a trade-off between the achieved security level and the size of the lookup table. In this paper, we study this security-memory trade-off problem for a large class of lookup-based distance bounding protocols; called layered protocols. Relying on an automata-based security model, we provide mathematical definitions for different design decisions used in previous lookup-based protocols, and perform general security analyses for each of them. We also formalize an interpretation of optimal trade-off and find a non-trivial protocol transformation approach towards optimality. That is to say, our transformation applied to any layered protocol results in either an improved or an equal protocol with respect to the optimality criterion. This transformation allows us to provide a subclass of lookup-based protocol that cannot be improved further, which means that it contains an optimal layered protocol. [less ▲]

Detailed reference viewed: 88 (5 UL)
Full Text
See detailA class of precomputation-based distance-bounding protocols
Mauw, Sjouke UL; Toro Pozo, Jorge Luis UL; Trujillo Rasua, Rolando UL

Presentation (2016, March 16)

Distance-bounding protocols serve to thwart various types of proximity-based attacks, such as relay attacks. A particular class of distance-bounding protocols measures round trip times of a series of one ... [more ▼]

Distance-bounding protocols serve to thwart various types of proximity-based attacks, such as relay attacks. A particular class of distance-bounding protocols measures round trip times of a series of one-bit challenge-response cycles, during which the proving party must have minimal computational overhead. This can be achieved by precomputing the responses to the various possible challenges. We formalize this class of precomputation-based distance-bounding protocols. By designing an abstract model for these protocols, we can study their generic properties, such as security lower bounds in relation to space complexity. Further, we present a novel family of protocols in this class that resists well to mafia fraud attacks. [less ▲]

Detailed reference viewed: 158 (13 UL)
Full Text
Peer Reviewed
See detailBridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees
Gadyatskaya, Olga UL; Harpes, Carlo; Mauw, Sjouke UL et al

in Proc. of GraMSec (2016)

Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC ... [more ▼]

Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology. [less ▲]

Detailed reference viewed: 157 (10 UL)
Full Text
Peer Reviewed
See detailAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Barthe, Gilles; Markatos, Evangelos (Eds.) Security and Trust Management - STM 2016 (2016)

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question ... [more ▼]

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds. [less ▲]

Detailed reference viewed: 251 (20 UL)
Full Text
Peer Reviewed
See detailA Class of Precomputation-based Distance-bounding Protocols
Mauw, Sjouke UL; Toro Pozo, Jorge Luis UL; Trujillo Rasua, Rolando UL

in Proceedings of the 1st IEEE European Symposium on Security and Privacy (2016)

Distance-bounding protocols serve to thwart various types of proximity-based attacks, such as relay attacks. A particular class of distance-bounding protocols measures round trip times of a series of one ... [more ▼]

Distance-bounding protocols serve to thwart various types of proximity-based attacks, such as relay attacks. A particular class of distance-bounding protocols measures round trip times of a series of one-bit challenge-response cycles, during which the proving party must have minimal computational overhead. This can be achieved by precomputing the responses to the various possible challenges. In this paper we study this class of precomputation-based distance-bounding protocols. By designing an abstract model for these protocols, we can study their generic properties, such as security lower bounds in relation to space complexity. Further, we develop a novel family of protocols in this class that resists well to mafia fraud attacks. [less ▲]

Detailed reference viewed: 135 (10 UL)
See detailProceedings of the 10th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2016)
Habib, Sheikh Mahbub; Vassileva, Julita; Mauw, Sjouke UL et al

Book published by Springer (2016)

Detailed reference viewed: 40 (1 UL)
Full Text
Peer Reviewed
See detailA Stochastic Framework for Quantitative Analysis of Attack-Defense Trees
Jhawar, Ravi UL; Lounis, Karim UL; Mauw, Sjouke UL

in 12th International Workshop on Security and Trust Management (2016)

Detailed reference viewed: 210 (5 UL)
Full Text
Peer Reviewed
See detailCounteracting active attacks in social network graphs
Mauw, Sjouke UL; Trujillo Rasua, Rolando UL; Xuan, Bochuan

in Proceedings of Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference (DBSec 2016) (2016)

Detailed reference viewed: 107 (1 UL)
Full Text
Peer Reviewed
See detailAttack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0
Gadyatskaya, Olga UL; Jhawar, Ravi UL; Kordy, Piotr UL et al

in Quantitative Evaluation of Systems - 13th International Conference (2016)

Detailed reference viewed: 190 (8 UL)
Full Text
Peer Reviewed
See detailSecurity analysis of socio-technical physical systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Computers electrical engineering (2015)

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too ... [more ▼]

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach. [less ▲]

Detailed reference viewed: 228 (16 UL)
Full Text
Peer Reviewed
See detailLocation-private interstellar communication (Transcript of Discussion)
Mauw, Sjouke UL

in Proc.\ 23rd Security Protocols Workshop (2015)

Detailed reference viewed: 78 (2 UL)
Full Text
Peer Reviewed
See detailAttack Trees with Sequential Conjunction
Jhawar, Ravi UL; Kordy, Barbara; Mauw, Sjouke UL et al

in Proceedings of the 30th IFIP TC 11 International Conference ICT Systems Security and Privacy Protection (SEC 2015) (2015)

Detailed reference viewed: 150 (7 UL)
Full Text
Peer Reviewed
See detailFP-Block: Usable Web Privacy by Controlling Browser Fingerprinting
Ferreira Torres, Christof UL; Jonker, Hugo; Mauw, Sjouke UL

in Pernul, Günther; Y A Ryan, Peter; Weippl, Edgar (Eds.) Computer Security -- ESORICS 2015 (2015)

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a ... [more ▼]

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, cross-domain tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter fingerprint-based tracking treat cross-domain tracking and regular tracking the same. This often results in hampering or disabling desired functionality, such as embedded videos. By distinguishing between regular and cross-domain tracking, more desired functionality can be preserved. We have developed a prototype tool, FP-Block, that counters cross-domain fingerprint-based tracking while still allowing regular tracking. FP-Block ensures that any embedded party will see a different, unrelatable fingerprint for each site on which it is embedded. Thus, the user’s fingerprint can no longer be tracked across the web, while desired functionality is better preserved compared to existing methods. [less ▲]

Detailed reference viewed: 353 (5 UL)