Nuggets tagged attack - [remove filter]
Jan. 6, 2016 (1 year, 5 months ago)
This paper presents an attack graph tool that can be used to estimate the cyber security of enterprise architectures. The principal current approach for this purpose uses attack graphs; applying formal reasoning and graphical modelling to present possible attack paths corresponding to a certain architecture. According to a recent survey there are more than 30 different types of attack graph approaches but there are still many important aspects that current approaches do not manage. P2CySeMoL includes theory on how attacks and defences relate quantitatively; users model their assets and how these are connected in order to enable calculations. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.
June 26, 2014 (3 years ago)
Much commercial cryptography uses the mathematical functions of discrete logarithms (example?). The security of these algorithms rests on the assumption that the mathematical functions are impossible to solve. Recently, this assumption has come under strain. First a researcher solved the first of three parts of the ‘puzzle’ that could lead to the solution of discrete logarithms. The next two phases have also been attacked and simplified for certain special case of discrete logarithm. Existing applications are still considered strong however the researchers used this progress to attack a family of discrete logarithm algorithms proposed for the next generation of internet encryption. The simplifications they could derive meant that the decryption problem could be processed in just 2 hours, effectively rendering the new algorithm broken. The clear lesson is banking on the long term security of specific algorithms is increasingly uncertain.