Stefan RassJohannes Kepler University of Linz | JKU · LIT Secure and Correct Systems Lab
Stefan Rass
Prof. Dipl.Ing. Dipl.Ing. Dr.
About
238
Publications
64,194
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,500
Citations
Publications
Publications (238)
Fooling adversaries with traps such as honeytokens can slow down cyber attacks and create strong indicators of compromise. Unfortunately, cyber deception techniques are often poorly specified. Also, realistically measuring their effectiveness requires a well-exposed software system together with a production-ready implementation of these techniques...
Cyber deception techniques that are tightly intertwined with applications pose significant technical challenges in production systems. Security measures are usually the responsibility of a system operator, but they are typically limited to accessing built software artifacts, not their source code. This limitation makes it particularly challenging t...
We survey a collection of proofs towards equality, inequality or independence of the relation of P to NP. Since the problem has attracted much attention from experts, amateurs and in-betweens, this work is intended as a pointer into directions to enable a “self-assessment” of ideas laid out by people interested in the problem. To this end, we ident...
We introduce the concept of an ε-semimetric that satisfies the same axioms as a topological metric, except for an arbitrarily small allowance to violate the triangle inequality. Under this modification, we demonstrate the possibility of taking arbitrary points in space, assigning arbitrary desired distances between them (independent of their geomet...
We study the significance of the common trusted relay assumption in quantum networks. While most practical implementations of quantum networks rely on trusted devices, the question of security without this assumption has been rarely addressed. Device independent security attempts to minimize the assumptions made on the quantum hardware, entanglemen...
Sometimes entities have to prove to others that they are still alive at a certain point in time, but with the added requirements of anonymity and plausible deniability; examples for this are whistleblowers or persons in dangerous situations. We propose a system to achieve this via hash chains and publishing liveness signals on Tor onion services. E...
We introduce RobotPerf, a vendor-agnostic bench-marking suite designed to evaluate robotics computing performance across a diverse range of hardware platforms using ROS 2 as its common baseline. The suite encompasses ROS 2 packages covering the full robotics pipeline and integrates two distinct benchmarking approaches: black-box testing, which meas...
We describe a mechanism to create fair and explainable incentives for software developers to reward contributions to security of a product. We use cooperative game theory to model the actions of the developer team inside a risk management workflow, considering the team to actively work against known threats, and thereby receive micro-payments based...
We consider the problem of sampling elements with some desired property from a large set, without testing the property of interest, but with the (probabilistic) assurance to have at least one match among the random sample. Like in ranked set sampling, we consider an infinite population under study, whose properties of interest are too expensive and...
Penetration testing, a crucial industrial practice for ensuring system security, has traditionally resisted automation due to the extensive expertise required by human professionals. Large Language Models (LLMs) have shown significant advancements in various domains, and their emergent abilities suggest their potential to revolutionize industries....
This paper addresses the prevalent lack of tools to facilitate and empower Game Theory and Artificial Intelligence (AI) research in cybersecurity. The primary contribution is the introduction of ExploitFlow (EF), an AI and Game Theory-driven modular library designed for cyber security exploitation. EF aims to automate attacks, combining exploits fr...
Security games often assume a fixed pattern in which players become active, like leader-follower alternation in Stackelberg games or simultaneous moves in Nash games. Stackelberg games are of particular popularity as models for security since they well describe adversaries that adapt to the defender’s actions. Games in extensive or normal form here...
We show how to implement a deniable encryption method from secret sharing. Unlike the related concept of honey encryption, which employs a preprocessing step in symmetric encryption to re-shape the distribution of a plaintext towards making the real plaintext indistinguishable from a ciphertext for a fake message, we can avoid both, computational i...
This article is an overview of recent progress on a theory of games, whose payoffs are probability distributions rather than real numbers, and which have their equilibria defined and computed over a (suitably restricted yet dense) set of distributions. While the classical method of defining game models with real-valued utility functions has proven...
Given a set of points in the Euclidean space $\mathbb{R}^\ell$ with $\ell>1$, the pairwise distances between the points are determined by their spatial location and the metric $d$ that we endow $\mathbb{R}^\ell$ with. Hence, the distance $d(\mathbf x,\mathbf y)=\delta$ between two points is fixed by the choice of $\mathbf x$ and $\mathbf y$ and $d$...
A QKD network provides an additional security layer for IT-secure cryptographic key distribution that is added to existing conventional networks. Thus, QKD network components must be resilient to security challenges from conventional network environments. This paper provided a novel solution for designing a Key Management System resistant to DoS at...
Because quantum key distribution is a technology for establishing keys for symmetric encryption (preferably one-time pads, but more practically keys for AES or other conventional symmetric cryptography), end-to-end confidentiality or authentication requires a deeper look into network structure and comes with additional assumptions.
Establishing secure cryptographic keys through an untrusted network is a fundamental cryptographic task. While the use of public key infrastructure based on computational intractability assumptions prevail, these solutions remain theoretically breakable. They are under constant threat as computational power continues to increase, new algorithms are...
The basis of all modern networks is device which is able to manage and control network traffic. The fundamental network device is a router that connects at least two networks and has traffic directing functions. From a logical point of view, a router is the intersection of links forming a network. Its task is to accept incoming packets, analyze des...
Modern telecommunications networks are based on packet-switching traffic processing and the methodology by which packets can be delivered using an arbitrary route. However, for some applications, merely finding the route to destination is insufficient. Applications can place multiple parameters in their requests, starting from the time it takes the...
The conceptual composition of a QKD link into quantum and physical channels corresponds to similar connections in the physical world and does not preclude the dual use of fibres as both a classic and quantum channel (in fact, the SECOQC network was built on existing fibre-optic cables). Viewed from a logical perspective, the network consists of mor...
Decisions are often based on imprecise, uncertain or vague information. Likewise, the consequences of an action are often equally unpredictable, thus putting the decision maker into a twofold jeopardy. Assuming that the effects of an action can be modeled by a random variable, then the decision problem boils down to comparing different effects (ran...
Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often va...
The development of electronic and optical components has led to greater interest in the application of QKD solutions in everyday life. In this section, we briefly describe the currently attractive trends and approaches for future research in the field of QKD technologies.
Quality of Service (QoS) architecture models the structure and methods of applying QoS mechanisms to satisfy QoS objectives. It is often referred to the QoS model because it uniquely defines which QoS mechanisms (such as those listed in Sect. 2.3) are used and how they are implemented. QoS architecture also defines network traffic processing polici...
Generally, the need for and the type of signaling, or more strictly speaking, the QoS signaling protocol depends on the applied QoS architecture. Here, we distinguish between the signal and the signaling protocol, which in the literature elsewhere are commonly applied as synonyms.
The Internet of Vehicles (IoV), whereby interconnected vehicles that communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. To protect these entities and learn about adversaries, data on attackers can be realistically gathered using decoy systems...
The Internet of Vehicles (IoV), whereby interconnected vehicles communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. Data on vehicular attackers can be realistically gathered through cyber threat intelligence using systems like honeypots. Admit...
We study the question of how well machine learning (ML) models trained on a certain data set provide privacy for the training data or, equivalently, whether it is possible to reverse-engineer the training data from a given ML model. While this is easy to answer negatively in the most general case, it is interesting to note that the protection exten...
Many practical situations require some modeling of uncertainty, and often, this means speaking about events whose likelihood to occur is conveniently expressible by probability parameters, say, a scalar 0 ≤ p ≤ 1 . The semantics of such values can be arbitrarily complex, ranging from simple probabilities, up to conditional likelihoods, or factors o...
The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. Th...
We consider a family of distributions on which natural tail orders can be constructed upon a representation of a distribution by a (single) hyper-real number. Past research revealed that the ordering can herein strongly depend on the particular model of the hyperreals, specifically the underlying ultrafilter. Hence, our distribution family is const...
In this paper we address game theory problems arising in the context of network security. In traditional game theory problems, given a defender and an attacker, one searches for mixed strategies which minimize a linear payoff functional. In the problems addressed in this paper an additional quadratic term is added to the minimization problem. Such...
We present a method for the joint analysis of textual and numerical IT-system data usable to predict possibly critical system states. Towards a comparative discussion culminating in a justified model and method choice, we apply logistic regression, random forest and neural networks to the prediction of critical system states. Our models consume a s...
We study the question of how well machine learning (ML) models trained on a certain data set provide privacy for the training data, or equivalently, whether it is possible to reverse-engineer the training data from a given ML model. While this is easy to answer negatively in the most general case, it is interesting to note that the protection exten...
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challengi...
With the growing popularity of robots, the development of robot applications is subject to an ever increasing number of additional requirements from e.g., safety, legal and ethical sides. The certification of an application for compliance to such requirements is an essential step in the development of a robot program. However, at this point in time...
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and a posteriori hardening is at least challenging,...
This book constitutes the refereed proceedings of the 12th International Conference on Decision and Game Theory for Security, GameSec 2021,held in October 2021. Due to COVID-19 pandemic the conference was held virtually.
The 20 full papers presented were carefully reviewed and selected from 37 submissions. The papers focus on Theoretical Foundation...
Measuring risk in multiple dimensions is vital for a comprehensive understanding and for risk analysis. Therefore, we here propose to use multiple impact categories. This yield generalized multi-categorical risk measures, depending on how the likelihood of occurrence is measured. For the one-dimensional case, risk is measured through a vector, whil...
Security is rarely single-dimensional and is in most practical instances a tradeoff between dependent, and occasionally conflicting goals. The simplest method of multi-criteria optimization and games with vector-valued payoffs, is transforming such games into ones with scalar payoffs, and looking for Pareto-optimal behavior. This usually requires a...
Cities and their agglomerations are home to a large number of critical infrastructures that provide essential services in a geographically-narrow space. Because the critical infrastructures in a city are physically and logically dependent on each another, an incident in one infrastructure can have impacts on the entire city and its population. Thus...
The reuse of technologies and inherent complexity of most robotic systems is increasingly leading to robots with wide attack surfaces and a variety of potential vulnerabilities. Given their growing presence in public environments, security research is increasingly becoming more important than in any other area, specially due to the safety implicati...
The degree of sophistication of modern cyber-attacks has increased in recent years, and in the future these attacks will more and more target cyber-physical systems (CPS). Unfortunately, today’s security solutions that are used for enterprise information technology (IT) infrastructures are not sufficient to protect CPS, which have largely different...
With its growing use in industry, ROS is rapidly becoming a standard in robotics. While developments in ROS 2 show promise, the slow adoption cycles in industry will push widespread ROS 2 industrial adoption years from now. ROS will prevail in the meantime which raises the question: can ROS be used securely for industrial use cases even though its...
Due to its importance for decision-making processes, data quality plays a crucial role in modern data management. However, assessing data quality still involves a number of manual steps. Moreover, these tasks are characterized by subjective decisions performed by domain experts. The goal of this research is to reduce the time spent on these activit...
The convergence of quantum cryptography with applications used in everyday life is a topic drawing attention from the industrial and academic worlds. The development of quantum electronics has led to the practical achievement of quantum devices that are already available on the market and waiting for their first 96:2 M. Mehic et al. application on...
The only reliable remedy against anxiety is information, and reliable information and news are of crucial value in times of crises, such as COVID-19. Contemporary social media offers almost everyone a platform to publish one’s own thoughts, opinions, political statements and others, some of which may gain significant interest of others and thereby...
Critical Infrastructures (CIs) now include complex cyber-physical systems, with communication networks enabling interactions between the cyber and physical systems. Although the digitalization of such critical infrastructures is intended to increase performance and safety, it also subjects them to new forms of attack. Contemporary attacks that comb...
Cryptographic functions for constrained processing environments can be devised using lightweight cryptography. For use in safety relevant automotive applications where transient faults can occur at runtime the calculation of a cipher text requires verification. We propose an algorithm to generate a group parity based concurrent error detection for...
The term “game” has substantially different meanings within the security area, depending on whether we speak about cryptographic security in particular, or system security in a more general setting that includes quantitative security with help of game theory. Game theory and cryptography are, however, of mutual value for each other, since game theo...
Patrolling and surveillance games both deal with a chasing-evading situation of an adversary trying to escape detection by either a mobile defender (patrolling) or a fixed defender (surveillance). Both kinds of games are played on graphs as abstract models of an infrastructure, and we review a variety of closed-form solutions for optimal patrolling...
This chapter embeds game theoretic techniques and models inside the ISO31000 risk management process, as a generic template for the general duty of risk control. We observe similarities between risk management processes and extensive form games, accompanied by the possibility of using game-theoretic algorithms and methods in various steps of a risk...
This chapter introduces the most important classes of games underlying practical security models. These include Stackelberg games, Nash games, signaling games, and games with distribution-valued payoffs. The latter build upon empirical methods and data science to construct games from data, but also reveals theoretic connections to multi-criteria op...
This chapter refines the introduction of security in critical infrastructures by going into deeper details about how threats and countermeasures differ and are specific for the physical domain, the cyber domain and intermediate areas. Gaining an understanding of these differences is crucial for the design of effective countermeasures against the di...
This chapter revisits the concept of a utility function, first introduced in Chap. 3, from an axiomatic viewpoint. We review the fundamental principles of decision making as axioms that induce the existence of (continuous) utility functions. Since empirical research of decision situations in real life has shown considerable deviations between mathe...
Since both, decision- and game theory vitally employ optimization at their core, this chapter will provide the basic ideas, concepts and modeling aspects of optimization. It is intended to provide the mathematical basics for the further chapters. The presentation is to the point of a simple, compact and self-contained description of: (i) what is de...
In this chapter, we adopt a holistic cross-layer viewpoint towards a hierarchical structure of ICS and the attack models. The physical layer is comprised of devices, controllers and the plant whereas the cyber layer consists of routers, protocols, and security agents and manager. The physical layer controllers are often designed to be robust, adapt...
In this chapter, we consider games for the computation of optimal strategies of how, how often, and when to inspect along a production line, or general industrial process. We review basic concepts of statistical tests, conducted whenever the defender chooses its action to “inspect”, and to understand cheating strategies for the adversary trying to...
Cyber insurance provides users a valuable additional layer of protection to transfer cyber data risks to third-parties. An incentive-compatible cyber insurance policy can reduce the number of successful cyber-attacks by incentivizing the adoption of preventative measures in return for more coverage and the implementation of best practices by pricin...
This chapter discusses the use of data and data science to choose values for model parameters, and suggests a few methods and literature pointers to techniques that can be helpful to instantiate models. Furthermore, we review a set of selected software tools that help with the setup and equilibrium analysis of practical game theoretic models. We re...
In this article, we want to present the concept for a risk management approach to assess the condition of critical infrastructure networks within metropolitan areas, their interdependencies among each other and the potential cascading effects. In contrast to existing solutions, this concept aims at providing a holistic view on the variety of interc...
In this paper we address a game theory problem arising in the context of network security. In traditional game theory problems, given a defender and an attacker, one searches for mixed strategies which minimize a linear payoff functional. In the problem addressed in this paper an additional quadratic term is added to the minimization problem. Such...
Random numbers are an important ingredient in cryptographic applications, whose importance is often underestimated. For example, various protocols hinge on the requirement of using numbers only once and never again (most prominently, the one-time pad), or rest on a certain minimal entropy of a random quantity. Quantum random number generators can h...
Nowadays, critical infrastructures operate a large number of highly interdependent, cyber-physical systems. Thus, incidents can have far-reaching cascading effects throughout the entire infrastructure, which need to be identified and estimated to realize a proper risk management. In this paper, we present a formal model to describe the propagation...
This book provides an overview of state-of-the-art implementations of quantum random number generators (QRNGs), and especially examines their relation to classical statistical randomness models and numerical techniques for computing random numbers. The reader – who ideally has a background in classical statistics, computer science, or cryptography...
This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an adva...
In recent years, noticeable progress has been made in the development of quantum equipment, reflected through the number of successful demonstrations of Quantum Key Distribution (QKD) technology. Although they showcase the great achievements of QKD, many practical difficulties still need to be resolved. Inspired by the significant similarity betwee...
Researchers and practitioners from various fields strive to achieve and maintain high standards of information quality for their projects or organizational units. Since information (data) is widely seen as a valuable asset, the literature consists of a number of frameworks and guidelines for assessing its quality. Implementing such methods can prov...