Articles tagged with Cybersecurity
A team of US computer scientists are working on an analyzer that can hunt down algorithmic attacks, a new form of vulnerability that is nearly impossible to find with today's technology. The software will perform a mathematical simulation of the software to predict what will happen in the event of an attack.
Researchers have developed a new method to protect computer chips using advanced 3D optical imaging and photon encryption, making them virtually uncounterfeitable. The system replaces traditional electronic part numbers with compressed QR codes that can be scaled down to the size of microns.
The Journal of Cybersecurity is an open-access title that aims to tackle cybersecurity challenges through interdisciplinary approaches. It will publish high-impact research from various disciplines, including anthropology, computer science, economics, and psychology.
Research suggests that how people visualize hackers affects their cybersecurity decisions. Those who picture a teenage hacker make better decisions, while those who visualize a foreign hacker focus on more lucrative targets. This study aims to influence the development of cybersecurity by understanding social behaviors and rationales b...
The Fraunhofer Institute's IT Security Laboratory provides a secured test environment to assess the security of industrial automation systems and develop new defense strategies. Real-time requirements in production facilities necessitate unique IT security measures.
The University of Texas at San Antonio (UTSA) is developing online cybersecurity training for communities, addressing the lack of strategies to respond to cyber attacks. The training will include case studies, best practices, and templates to help municipal officials develop a cybersecurity strategy.
The University of Houston has been awarded a $1.5 million grant from the National Science Foundation to train students in cybersecurity. The program aims to attract talented graduate students and build a community of well-qualified scholars in this area.
A study by University of Maryland cybersecurity experts found that only 13% of websites patched their software correctly and implemented additional security measures to secure systems. The team's analysis revealed a significant drop in revocation rates during weekends, highlighting the human factor's role in computer security.
The UT Dallas Cybersecurity program has received a $3.9 million award from the National Science Foundation to provide scholarships and support education in computer science related to cybersecurity. The program aims to fulfill the US government's needs for cybersecurity employees, with nearly 30 students expected to be supported.
Researchers at Dartmouth College have developed a new approach to computer security using a wearable device called ZEBRA, which authenticates users continuously and automatically logs them out when they leave. The technology has shown high accuracy rates in verifying the correct user and identifying adversaries.
The Transition to Practice program assists in bridging the gap between laboratory and practical cybersecurity technologies. The program uses testing and evaluation methods, such as dynamic testing of executable files, red-teaming, and implementation cost analysis, to help move research discoveries into practical use.
Researchers developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The ASM framework enables custom security control modules to protect phones and enhance consumer privacy.
The US is facing a severe shortage of cybersecurity professionals, with demand far outpacing supply, particularly in the federal government. The RAND Corporation study calls for reforms, including waiving civil service rules and increasing funding for education programs to address the issue.
The Columbia Engineering team found a critical security problem in Google Play, where developers store their secret keys in their apps, making them vulnerable to malicious attacks. The discovery was made using a new tool called PlayDrone, which downloaded over 1.1 million Android apps and identified thousands of secret keys.
A new defense framework will be developed by UT Dallas professor Dr. Zhiqiang Lin to detect, diagnose and repair kernel malware attacks and enforce a prevention mechanism. The framework aims to detect malicious code sequences in the core of computer operating systems and prevent kernel malware infections.
The UTSA Center for Infrastructure Assurance and Security, along with partners, will develop a new training course and update five existing courses to enhance state preparedness for cyber attacks. The consortium aims to improve coordination among states in preventing, detecting, and responding to cyber threats.
A new security system called LatentGesture continuously monitors how a user taps and swipes their mobile device, recognizing differences from the owner's tendencies. The system achieved nearly 98% accuracy on smartphones and 97% accuracy on tablets, making it an effective tool for enhancing mobile device security.
Students at both universities will learn to break into and protect hardware, software, and data through hands-on experiments. The program aims to educate future users, developers, and controllers of computer systems on how to defend against cyber attacks.
A team of researchers conducted the first-ever clinical study on computer security, exploring the impact of technological and human factors on malware attacks. The four-month study involved 50 subjects and found that technically sophisticated users were more at risk, contradicting the notion that they should have a 'Internet license'.
Researchers at the University of Bristol have made a significant breakthrough in cryptography, developing a new protocol that enables fast and secure Multi-Party Computation. This allows for complex computations on secret data without revealing inputs, with potential applications in finance, pharmaceuticals, and other industries.
Computer scientists programmed ACT-R, a cognitive simulation, to play Concentration, improving computer security and understanding human thought processes. Human participants played 20 times each to compare with the AI model's performance.
Computer scientists from Saarbrücken have developed a new method to scan and monitor Android apps for security-critical functions, allowing users to revoke or grant privileges. The method, known as SRT Appguard, provides real-time policy enforcement for third-party applications and protects user privacy.
The National Science Foundation awards a $2.3 million scholarship program at Kansas State University to train students in cybersecurity, as the nation faces growing cyber threats. The program aims to develop experts capable of handling cybersecurity challenges and safeguard critical infrastructure.
Researchers at Kansas State University are working on developing a flexible but standardized and secure communication network for medical devices. The team aims to enable devices to monitor and reason about patient health, reducing security problems as devices become more complex.
The Idaho National Laboratory has demonstrated a suite of cybersecurity tools that provides situational awareness of networks and control systems. The Sophia software tool passively observes network communications, providing real-time and historical records of those communications.
The 'Control-Alt-Hack' game allows teenage and young-adult players to defend against digital threats in a social and entertaining way. The game incorporates real-world scenarios and skills, dispelling stereotypes about computer science professionals.
An interdisciplinary research team from UMass Amherst and Harvard warns that federal regulators need to improve how they track security and privacy problems in medical devices. Despite a high prevalence of recalls related to software, the current classification methods are not well suited to emerging types of device malfunctions.
Researchers at the University of Arizona are developing a visualization system to detect suspicious network activity in real-time, using a geographic map metaphor to facilitate human analysis. The system aims to provide quick high-level information to non-experts and comprehensive data to experts, while also offering customization opti...
Researchers at Kansas State University are developing a self-adapting computer network that can detect and defend itself against cyber attacks. The 'moving-target defense' system randomly changes its configuration to make it difficult for hackers to identify vulnerabilities.
Researchers at NIST developed a new protocol for communicating with biometric sensors over wired and wireless networks using web services. This protocol, WS-BD, simplifies setting up and maintaining secure biometric systems by enabling interoperability among devices.
The US Department of Homeland Security's DNSSEC project authenticates data existence, ownership, and integrity, protecting against hackers' threats. By deploying DNSSEC in key zones, DHS builds a safer cyberspace with complete end-to-end chain protection.
Sandia National Laboratories is launching a Cyber Engineering Research Institute to coordinate with industry and universities, aiming to increase cybersecurity research. Experts discuss the need for shared threat information and innovative solutions, including prize competitions to stimulate radical security innovations.
Researchers from Ruhr-University Bochum found a serious attack against XML Encryption, which is used by companies like IBM and Microsoft to protect data. The attack exploits a weakness in the CBC mode for chaining ciphertext blocks, rendering XML Encryption insecure.
The NSF grant will enhance existing cybersecurity curricula and expand the laboratory for hands-on instruction. The initiative aims to address a growing need for 10,000-30,000 cybersecurity professionals in the US.
Dr. Susanne Wetzel's NSF-funded research aims to develop protocols for secure, private, and fair collaboration without trusted third-party intervention. The project seeks to resolve the issue of policy reconciliation, allowing parties to collaborate while preserving their privacy.
Kansas State University's Center for Information and Systems Assurance has been recognized as a National Center of Academic Excellence in Information Assurance Research. The designation recognizes the university's expertise in cybersecurity and secure software system construction, with research focusing on improving software quality th...
A new research paper concludes that deterrence can no longer be the primary national cybersecurity strategy due to the unique characteristics of cyberspace. Experts propose a three-tiered approach to guide US strategy in responding to cyber threats, emphasizing war-fighting and offense-defense frameworks to contain damage and reduce harm.
K-State professor Simon Ou has received a National Science Foundation CAREER Award to develop automated reasoning for cybersecurity. His project aims to improve enterprise network security and critical infrastructure protection by providing a theoretical framework for reasoning under uncertainty.
Researchers reveal that honeypot traps are susceptible to detection by advanced Botnet malware, allowing attackers to disable or ignore them. This vulnerability highlights the need for secure honeypot deployment and research into covert honeypot building techniques.
UC researchers argue that citizen awareness and participation are essential for a robust cybersecurity strategy. They recommend a three-pronged approach: coordination between government agencies and business interests, engagement with the public about their role in cybersecurity, and education on safe computer practices.
The NIST Small Business Information Security: The Fundamentals guide provides 10 necessary steps for small business security, including installing firewalls and backing up business data. By following these steps, small businesses can reduce their vulnerability to cyber threats and protect sensitive information.
A new passive protocol called IPACF blocks threats to gatekeeping computers and Authentication Servers, allowing legitimate users access private resources. The filter takes just 6 nanoseconds to reject non-legitimate information packets associated with DoS attacks.
A new approach based on mathematical theory of elliptic curves has emerged as a leading candidate for more efficient cryptography. Elliptic curve cryptography provides the same level of security as 1024-bit keys for RSA with smaller key sizes, making it computationally more efficient.
A new risk management tool, Protection Poker, can help identify security vulnerabilities during the planning process by having developers share their ideas and perspectives. This process allows for early identification of potential problems, preventing them from being included in software projects.
Stevens Institute of Technology has been awarded a $850,672 National Science Foundation grant to support students pursuing degree programs in cybersecurity. The scholarship program will provide 11 two-year scholarships covering tuition and a stipend, requiring students to work for the government for at least two years after graduation.
The Self Cleansing Intrusion Tolerance (SCIT) technology developed by George Mason University researchers limits the damage caused by unknown cyber-attacks by restricting exposure time. By periodically cleansing servers, SCIT reduces the risk of data theft and provides an additional layer of defense against intrusions.
A team of Dartmouth researchers is launching the Dartmouth Internet Security Testbed (DIST) to examine live network activity and develop methods for detecting malicious activity. The project will provide valuable insights into securing wireless networks, improving network security technology and practices for all internet users.
Susanne Wetzel and Rebecca Wright are recognized for their work on a new undergraduate degree program in cybersecurity at Stevens Institute of Technology. The program is designed to provide students with security expertise within a broad education, preparing them for careers in information assurance and computer security.
A new 'active cookie' helps protect against online scams by redirecting users to secure sites, preventing attacks like pharming and man-in-the-middle. The technology is especially useful for financial service providers and individuals concerned about Wi-Fi hijacking.
The new lab will provide practical training in security and information assurance, preparing students to meet the challenges in protecting the nation's information infrastructure. The lab will increase the number of IT professionals educated and trained in theoretical and practical aspects of information assurance and security.
The TRUST consortium, funded by NSF's Science and Technology Centers program, aims to create new technologies that make computer software and networks inherently secure. Researchers will focus on protecting against attacks, ensuring data integrity, and developing tools for building trustworthy systems.
The Team for Research in Ubiquitous Secure Technology (TRUST) center aims to develop new technologies to design, build, and operate trustworthy information systems. The researchers will focus on developing secure embedded systems, integrating trusted components, and creating information management software tools.
The XCCDF specification document provides a flexible, vendor-neutral format for measuring conformance to security benchmarks and generating records of benchmark tests. NIST is developing computer security checklists for widely used government agencies with the help of organizations like NSA and DHS.
The new standard provides detailed guidance on categorizing systems and assessing potential impact of security breaches. It will help agencies make informed decisions and implement cost-effective security measures, complemented by a companion standard specifying minimum federal system requirements.
The STAT intrusion detection system utilizes real-time packet analysis to identify patterns of attacks, aggregating individual alerts to provide an overall pattern of intrusion. The system's modular design enables centralized monitoring and control, allowing for flexible configuration and response to locally detected intrusions.