Fundamental Challenges in Cybersecurity and a Philosophy of Vulnerability-Guided Hardening

• URL: http://arxiv.org/abs/2402.01944v5
• Date: Tue, 3 Sep 2024 13:24:27 GMT
• Title: Fundamental Challenges in Cybersecurity and a Philosophy of Vulnerability-Guided Hardening
• Authors: Marcel Böhme,
• Abstract summary: Even the most critical software systems turn out to be vulnerable to attacks. Even provable security, meant to provide an indubitable guarantee of security, does not stop attackers from finding security flaws.
• Score: 14.801387585462106
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and defense forever on repeat. Even provable security, meant to provide an indubitable guarantee of security, does not stop attackers from finding security flaws. As we reflect on our achievements, we are left wondering: Can security be solved once and for all? In this paper, we take a philosophical perspective and develop the first theory of cybersecurity that explains what precisely and *fundamentally* prevents us from making reliable statements about the security of a software system. We substantiate each argument by demonstrating how the corresponding challenge is routinely exploited to attack a system despite credible assurances about the absence of security flaws. To make meaningful progress in the presence of these challenges, we introduce a philosophy of cybersecurity.

Related papers

• Beyond Algorithmic Proofs: Towards Implementation-Level Provable Security [1.338174941551702]
  We present Implementation-Level Provable Security, a new paradigm that defines security in terms of structurally verifiable resilience against real-world attack surfaces during deployment.<n>We present SEER (Secure and Efficient Encryption-based Erasure via Ransomware), a file destruction system that repurposes and reinforces the encryption core of Babuk ransomware.
  arXiv  Detail & Related papers  (2025-08-02T01:58:06Z)
• Security-First AI: Foundations for Robust and Trustworthy Systems [0.0]
  This manuscript posits that AI security must be prioritized as a foundational layer. We argue for a security-first approach to enable trustworthy and resilient AI systems.
  arXiv  Detail & Related papers  (2025-04-17T22:53:01Z)
• Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
  This survey examines the trustworthiness of GUI agents in five critical dimensions. We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making. As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
  arXiv  Detail & Related papers  (2025-03-30T13:26:00Z)
• Tit-for-Tat: Safeguarding Large Vision-Language Models Against Jailbreak Attacks via Adversarial Defense [90.71884758066042]
  Large vision-language models (LVLMs) introduce a unique vulnerability: susceptibility to malicious attacks via visual inputs. We propose ESIII (Embedding Security Instructions Into Images), a novel methodology for transforming the visual space from a source of vulnerability into an active defense mechanism.
  arXiv  Detail & Related papers  (2025-03-14T17:39:45Z)
• Exploring Vulnerabilities and Protections in Large Language Models: A Survey [1.6179784294541053]
  This survey examines the security challenges of Large Language Models (LLMs) It focuses on two main areas: Prompt Hacking and Adversarial Attacks. By detailing these security issues, the survey contributes to the broader discussion on creating resilient AI systems.
  arXiv  Detail & Related papers  (2024-06-01T00:11:09Z)
• Confronting the Reproducibility Crisis: A Case Study of Challenges in Cybersecurity AI [0.0]
  A key area in AI-based cybersecurity focuses on defending deep neural networks against malicious perturbations. We attempt to validate results from prior work on certified robustness using the VeriGauge toolkit. Our findings underscore the urgent need for standardized methodologies, containerization, and comprehensive documentation.
  arXiv  Detail & Related papers  (2024-05-29T04:37:19Z)
• Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
  Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
  arXiv  Detail & Related papers  (2024-05-21T13:34:23Z)
• Secure Software Development: Issues and Challenges [0.0]
  The digitization of our lives proves to solve our human problems as well as improve quality of life. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle.
  arXiv  Detail & Related papers  (2023-11-18T09:44:48Z)
• Physical Adversarial Attack meets Computer Vision: A Decade Survey [55.38113802311365]
  This paper presents a comprehensive overview of physical adversarial attacks. We take the first step to systematically evaluate the performance of physical adversarial attacks. Our proposed evaluation metric, hiPAA, comprises six perspectives.
  arXiv  Detail & Related papers  (2022-09-30T01:59:53Z)
• Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022 [55.573187938617636]
  The workshop will focus on the application of AI to problems in cyber security. Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
  arXiv  Detail & Related papers  (2022-02-28T18:27:41Z)
• Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
  We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
  arXiv  Detail & Related papers  (2021-11-23T23:42:16Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.