Imperial College London

Professor Emil Lupu

Faculty of EngineeringDepartment of Computing

Professor of Computer Systems
 
 
 
//

Contact

 

e.c.lupu Website

 
 
//

Location

 

564Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Publication Type
Year
to

223 results found

Vieira Steiner R, Lupu E, 2019, Towards more practical software-based attestation, Computer Networks, Vol: 149, Pages: 43-55, ISSN: 1389-1286

© 2018 Elsevier B.V. Software-based attestation promises to enable the integrity verification of untrusted devices without requiring any particular hardware. However, existing proposals rely on strong assumptions that hinder their deployment and might even weaken their security. One of such assumptions is that using the maximum known network round-trip time to define the attestation timeout allows all honest devices to reply in time. While this is normally true in controlled environments, it is generally false in real deployments and especially so in a scenario like the Internet of Things where numerous devices communicate over an intrinsically unreliable wireless medium. Moreover, a larger timeout demands more computations, consuming extra time and energy and restraining the untrusted device from performing its main tasks. In this paper, we review this fundamental and yet overlooked assumption and propose a novel stochastic approach that significantly improves the overall attestation performance. Our experimental evaluation with IoT devices communicating over real-world uncontrolled Wi-Fi networks demonstrates the practicality and superior performance of our approach that in comparison with the current state of the art solution reduces the total attestation time and energy consumption around seven times for honest devices and two times for malicious ones, while improving the detection rate of honest devices (8% higher TPR) without compromising security (0% FPR).

JOURNAL ARTICLE

Muñoz-González L, Lupu EC, 2019, The security of machine learning systems, Intelligent Systems Reference Library, Pages: 47-79

© Springer Nature Switzerland AG 2019. Machine learning lies at the core of many modern applications, extracting valuable information from data acquired from numerous sources. It has produced a disruptive change in society, providing new functionality, improved quality of life for users, e.g., through personalization, optimized use of resources, and the automation of many processes. However, machine learning systems can themselves be the targets of attackers, who might gain a significant advantage by exploiting the vulnerabilities of learning algorithms. Such attacks have already been reported in the wild in different application domains. This chapter describes the mechanisms that allow attackers to compromise machine learning systems by injecting malicious data or exploiting the algorithms’ weaknesses and blind spots. Furthermore, mechanisms that can help mitigate the effect of such attacks are also explained, along with the challenges of designing more secure machine learning systems.

BOOK CHAPTER

Munoz Gonzalez L, Lupu E, 2019, The Security of Machine Learning Systems, AI in Cybersecurity, Editors: Sikos

BOOK CHAPTER

Spanaki K, Gürgüç Z, Mulligan C, Lupu Eet al., 2018, Organizational cloud security and control: a proactive approach, Information Technology and People, ISSN: 0959-3845

© 2018, Emerald Publishing Limited. Purpose: The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship. Design/methodology/approach: A case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security. Findings: The findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field. Research limitations/implications: One of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes. Originality/value: This study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud e

JOURNAL ARTICLE

Karafili E, Lupu EC, Arunkumar S, Bertino Eet al., 2018, Argumentation-based policy analysis for drone systems, Pages: 1-6

© 2017 IEEE. The use of drone systems is increasing especially in dangerous environments where manned operations are too risky. Different entities are involved in drone systems' missions and they come along with their vast varieties of specifications. The behaviour of the system is described by its set of policies that should satisfy the requirements and specifications of the different entities and the system itself. Deciding the policies that describe the actions to be taken is not trivial, as the different requirements and specifications can lead to conflicting actions. We introduce an argumentation-based policy analysis that captures conflicts for which properties have been specified. Our solution allows different rules to take priority in different contexts. We propose a decision making process that solves the detected conflicts by using a dynamic conflict resolution based on the priorities between rules. We apply our solution to two case studies where drone systems are used for military and disaster rescue operations.

CONFERENCE PAPER

Karafili E, Pipes S, Lupu EC, 2018, Verification techniques for policy based systems, Pages: 1-6

© 2017 IEEE. Verification techniques are applied to policy based systems to ensure design correctness and to aid in the discovery of errors at an early stage of the development life cycle. A primary goal of policy verification is to evaluate the policy's validity. Other analyses on policy based systems include the identification of conflicting policies and policy efficiency evaluation and improvement. In this work, we present a discussion and classification of recent research on verification techniques for policy based systems. We analyse several techniques and identify popular supporting verification tools. An evaluation of the benefits and drawbacks of the existing policy analyses is made. Some of the common identified problems were the significant need of computational power, the limitation of the techniques to particular policy model, which restrict their extension to other policy models and the lack of efficient conflicts resolution methods. We use the evaluation results for discussing the further challenges and future research directions that will be faced by policy verification techniques. In particular, we discuss specific requirements concerning verification techniques for coalition policies systems and autonomous decision making.

CONFERENCE PAPER

Felmlee D, Lupu E, McMillan C, Karafili E, Bertino Eet al., 2018, Decision-making in policy governed human-Autonomous systems teams, Pages: 1-6

© 2017 IEEE. Policies govern choices in the behavior of systems. They are applied to human behavior as well as to the behavior of autonomous systems but are defined differently in each case. Generally humans have the ability to interpret the intent behind the policies, to bring about their desired effects, even occasionally violating them when the need arises. In contrast, policies for automated systems fully define the prescribed behavior without ambiguity, conflicts or omissions. The increasing use of AI techniques and machine learning in autonomous systems such as drones promises to blur these boundaries and allows us to conceive in a similar way more flexible policies for the spectrum of human-Autonomous systems collaborations. In coalition environments this spectrum extends across the boundaries of authority in pursuit of a common coalition goal and covers collaborations between human and autonomous systems alike. In social sciences, social exchange theory has been applied successfully to explain human behavior in a variety of contexts. It provides a framework linking the expected rewards, costs, satisfaction and commitment to explain and anticipate the choices that individuals make when confronted with various options. We discuss here how it can be used within coalition environments to explain joint decision making and to help formulate policies re-framing the concepts where appropriate. Social exchange theory is particularly attractive within this context as it provides a theory with 'measurable' components that can be readily integrated in machine reasoning processes.

CONFERENCE PAPER

Arunkumar S, Pipes S, Makaya C, Bertino E, Karafili E, Lupu E, Williams Cet al., 2018, Next generation firewalls for dynamic coalitions, Pages: 1-6

© 2017 IEEE. Firewalls represent a critical security building block for networks as they monitor and control incoming and outgoing network traffic based on the enforcement of predetermined security rules, referred to as firewall rules. Firewalls are constantly being improved to enhance network security. From being a simple filtering device, firewall has been evolved to operate in conjunction in intrusion detection and prevention systems. This paper reviews the existing firewall policies and assesses their application in highly dynamic networks such as coalitions networks. The paper also describe the need for the next-generation firewall policies and how the generative policy model can be leveraged.

CONFERENCE PAPER

Calo S, Verma D, Chakraborty S, Bertino E, Lupu E, Cirincione Get al., 2018, Self-generation of access control policies, Pages: 39-47

© 2018 Association for Computing Machinery. Access control for information has primarily focused on access statically granted to subjects by administrators usually in the context of a specific system. Even if mechanisms are available for access revocation, revocations must still be executed manually by an administrator. However, as physical devices become increasingly embedded and interconnected, access control needs to become an integral part of the resources being protected and be generated dynamically by the resources depending on the context in which they are being used. In this paper, we discuss a set of scenarios for access control needed in current and future systems and use that to argue that an approach for resources to generate and manage their access control policies dynamically on their own is needed. We discuss some approaches for generating such access control policies that may address the requirements of the scenarios.

CONFERENCE PAPER

Rashid A, Danezis G, Chivers H, Lupu E, Martin A, Lewis M, Peersman Cet al., 2018, Scoping the Cyber Security Body of Knowledge, IEEE SECURITY & PRIVACY, Vol: 16, Pages: 96-102, ISSN: 1540-7993

JOURNAL ARTICLE

Taylor P, Allpress S, Carr M, Lupu E, Norton J, Smith L, Blackstock J, Boyes H, Hudson-Smith A, Brass I, Chizari H, Cooper R, Coultron P, Craggs B, Davies N, De Roure D, Elsden M, Huth M, Lindley J, Maple C, Mittelstadt B, Nicolescu R, Nurse J, Procter R, Radanliev P, Rashid A, Sgandurra D, Skatova A, Taddeo M, Tanczer L, Vieira-Steiner R, Watson JDM, Wachter S, Wakenshaw S, Carvalho G, Thompson RJ, Westbury PSet al., 2018, Internet of Things: Realising the Potential of a Trusted Smart World, Internet of Things: Realising the Potential of a Trusted Smart World, London, Publisher: Royal Academy of Engineering: London

This report examines the policy challenges for the Internet of Things (IoT), and raises a broad range of issues that need to be considered if policy is to be effective and the potential economic value of IoT is harnessed. It builds on the Blackett review, The Internet of Things: making the most of the second digital revolution, adding detailed knowledge based on research from the PETRAS Cybersecurity of the Internet of Things Research Hub and input from Fellows of the Royal Academy of Engineering. The report targets government policymakers, regulators, standards bodies and national funding bodies, and will also be of interest to suppliers and adopters of IoT products and services.

REPORT

Illiano VP, Paudice A, Munoz-Gonzalez L, Lupu ECet al., 2018, Determining Resilience Gains From Anomaly Detection for Event Integrity in Wireless Sensor Networks, ACM TRANSACTIONS ON SENSOR NETWORKS, Vol: 14, ISSN: 1550-4859

JOURNAL ARTICLE

Muñoz-González L, Lupu EC, 2018, The secret of machine learning, ITNOW, Vol: 60, Pages: 38-39, ISSN: 1746-5702

JOURNAL ARTICLE

Steiner RV, Barrère MN, Lupu E, 2018, WSNs under attack! How bad is it? Evaluating connectivity impact using centrality measures

© 2018 Institution of Engineering and Technology. All rights reserved. We propose a model to represent the health of WSNs that allows us to evaluate a network’s ability to execute its functions. Central to this model is how we quantify the importance of each network node. As we focus on the availability of the network data, we investigate how well different centrality measures identify the significance of each node for the network connectivity. In this process, we propose a new metric named current-flow sink betweenness. Through a number of experiments, we demonstrate that while no metric is invariably better in identifying sensors’ connectivity relevance, the proposed current-flow sink betweenness outperforms existing metrics in the vast majority of cases.

CONFERENCE PAPER

Karafili E, Wang L, Kakas AC, Lupu Eet al., 2018, Helping forensic analysts to attribute cyber-attacks: An argumentation-based reasoner, Pages: 510-518, ISSN: 0302-9743

© Springer Nature Switzerland AG 2018. Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.

CONFERENCE PAPER

Chizari H, Lupu E, Thomas P, 2018, Randomness of physiological signals in generation cryptographic key for secure communication between implantable medical devices inside the body and the outside world

© 2018 Institution of Engineering and Technology. All rights reserved. A physiological signal must have a certain level of randomness inside it to be a good source of randomness for generating cryptographic key. Dependency to the history is one of the measures to examine the strength of a randomness source. In dependency to the history, the adversary has infinite access to the history of generated random bits from the source and wants to predict the next random number based on that. Although many physiological signals have been proposed in literature as good source of randomness, no dependency to history analysis has been carried out to examine this fact. In this paper, using a large dataset of physiological signals collected from PhysioNet, the dependency to history of Interpuls Interval (IPI), QRS Complex, and EEG signals (including Alpha, Beta, Delta, Gamma and Theta waves) were examined. The results showed that despite the general assumption that the physiological signals are random, all of them are weak sources of randomness with high dependency to their history. Among them, Alpha wave of EEG signal shows a much better randomness and is a good candidate for post-processing and randomness extraction algorithm.

CONFERENCE PAPER

Karafili E, Spanaki K, Lupu EC, 2018, An argumentation reasoning approach for data processinge, COMPUTERS IN INDUSTRY, Vol: 94, Pages: 52-61, ISSN: 0166-3615

JOURNAL ARTICLE

Turner HCM, Chizari H, Lupu E, 2018, Step intervals and arterial pressure in PVS schemes

© 2018 Institution of Engineering and Technology. All rights reserved. We build upon the idea of Physiological Value Based Security schemes as a means of securing body sensor networks (BSN). Such schemes provide a secure means for sensors in a BSN to communicate with one another, as long as they can measure the same underlying physiological signal. This avoids the use of pre-distributed keys and allows re-keying to be done easily. Such techniques require identifying signals and encoding methods that can be used in the scheme. Hence we first evaluate step interval as our physiological signal, using existing modular encoding method and our proposed learned partitioning function as the encoding methods. We show that both of these are usable with the scheme and identify a suitable parametrisation. We then go on to evaluate arterial blood pressure using our proposed learned mean FFT coefficients method. We demonstrate that with the correct parameters this could also be used in the scheme. This further improves the usability of PVS schemes, by identify two more signals that could be used, as well as two encoding methods that may also be useful for other signals.

CONFERENCE PAPER

Paudice A, Muñoz-González L, Gyorgy A, Lupu ECet al., 2018, Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection.

WORKING PAPER

Chizari H, Lupu E, 2018, Extracting Randomness From The Trend of IPI for Cryptographic Operators in Implantable Medical Devices., CoRR, Vol: abs/1806.10984

JOURNAL ARTICLE

Paudice A, Muñoz-González L, Lupu EC, 2018, Label Sanitization against Label Flipping Poisoning Attacks.

CONFERENCE PAPER

Muñoz-González L, Biggio B, Demontis A, Paudice A, Wongrassamee V, Lupu EC, Roli Fet al., 2017, Towards poisoning of deep learning algorithms with back-gradient optimization, Pages: 27-38

© 2017 Association for Computing Machinery. A number of online services nowadays rely upon machine learning to extract valuable information from data collected in the wild. This exposes learning algorithms to the threat of data poisoning, i.e., a coordinate attack in which a fraction of the training data is controlled by the attacker and manipulated to subvert the learning process. To date, these attacks have been devised only against a limited class of binary learning algorithms, due to the inherent complexity of the gradient-based procedure used to optimize the poisoning points (a.k.a. adversarial training examples). In this work, we first extend the definition of poisoning attacks to multiclass problems. We then propose a novel poisoning algorithm based on the idea of back-gradient optimization, i.e., to compute the gradient of interest through automatic differentiation, while also reversing the learning procedure to drastically reduce the attack complexity. Compared to current poisoning strategies, our approach is able to target a wider class of learning algorithms, trained with gradient-based procedures, including neural networks and deep learning architectures. We empirically evaluate its effectiveness on several application examples, including spam filtering, malware detection, and handwritten digit recognition. We finally show that, similarly to adversarial test examples, adversarial training examples can also be transferred across different learning algorithms.

CONFERENCE PAPER

Munoz-Gonzalez L, Sgandurra D, Paudice A, Lupu ECet al., 2017, Efficient Attack Graph Analysis through Approximate Inference, ACM TRANSACTIONS ON PRIVACY AND SECURITY, Vol: 20, ISSN: 2471-2566

JOURNAL ARTICLE

Illiano VP, Steiner RV, Lupu EC, 2017, Unity is strength! combining attestation and measurements inspection to handle malicious data injections in WSNs, Pages: 134-144

© 2017 Copyright held by the owner/author(s). Attestation and measurements inspection are different but complementary approaches towards the same goal: ascertaining the integrity of sensor nodes in wireless sensor networks. In this paper we compare the benefits and drawbacks of both techniques and seek to determine how to best combine them. However, our study shows that no single solution exists, as each choice introduces changes in the measurements collection process, affects the attestation protocol, and gives a diferent balance between the high detection rate of attestation and the low power overhead of measurements inspection. Therefore, we propose three strategies that combine measurements inspection and attestation in different ways, and a way to choose between them based on the requirements of different applications. We analyse their performance both analytically and in a simulator. The results show that the combined strategies can achieve a detection rate close to attestation, in the range 96-99%, whilst keeping a power overhead close to measurements inspection, in the range 1-10%.

CONFERENCE PAPER

Cullen A, Williams B, Bertino E, Arunkumar S, Karafili E, Lupu Eet al., 2017, Mission support for drones: A policy based approach, Pages: 7-12

© 2017 Copyright is held by the owner/author(s). We examine the impact of increasing autonomy on the use of airborne drones in joint operations by collaborative parties. As the degree of automation employed increases towards the level implied by the term 'autonomous', it becomes apparent that existing control mechanisms are insufficiently flexible. Using an architecture introduced by Bertino et al. in [1] and Verma et al. in [2], we consider the use of dynamic policy modification as a means to adjust to rapidly evolving scenarios. We show mechanisms which allow this approach to improve the effectiveness of operations without compromise to security or safety.

CONFERENCE PAPER

Karafili E, Lupu EC, 2017, Enabling data sharing in contextual environments: Policy representation and analysis, Pages: 231-238

© 2017 Association for Computing Machinery. Internet of Things environments enable us to capture more and more data about the physical environment we live in and about ourselves. The data enable us to optimise resources, personalise services and offer unprecedented insights into our lives. However, to achieve these insights data need to be shared (and sometimes sold) between organisations imposing rights and obligations upon the sharing parties and in accordance with multiple layers of sometimes conflicting legislation at international, national and organisational levels. In this work, we show how such rules can be captured in a formal representation called "Data Sharing Agreements". We introduce the use of abductive reasoning and argumentation based techniques to work with context dependent rules, detect inconsistencies between them, and resolve the inconsistencies by assigning priorities to the rules. We show how through the use of argumentation based techniques use-cases taken from real life application are handled flexibly addressing trade-offs between confidentiality, privacy, availability and safety.

CONFERENCE PAPER

Illiano VP, Munoz-Gonzalez L, Lupu EC, 2017, Don't fool Me!: Detection, Characterisation and Diagnosis of Spoofed and Masked Events in Wireless Sensor Networks, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, Vol: 14, Pages: 279-293, ISSN: 1545-5971

JOURNAL ARTICLE

Muñoz-González L, Lupu EC, 2017, Bayesian Attack Graphs for Security Risk Assessment, Pages: 64-77, ISSN: 1613-0073

Attack graphs offer a powerful framework for security risk assessment. They provide a compact representation of the attack paths that an attacker can follow to compromise network resources from the analysis of the network topology and vulnerabilities. The uncertainty about the attacker’s behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic security risk assessment. Thus, whilst static analysis of attack graphs considers the security posture at rest, dynamic analysis accounts for evidence of compromise at run-time, helping system administrators to react against potential threats. In this paper, we introduce a Bayesian attack graph model that allows to estimate the probabilities of an attacker compromising different resources of the network. We show how exact and approximate inference techniques can be efficiently applied on Bayesian attack graph models with thousands of nodes.

CONFERENCE PAPER

Barrere M, Lupu EC, 2017, Naggen: a Network Attack Graph GENeration Tool, 2017 IEEE Conference on Communications and Network Security (CNS), Publisher: IEEE, Pages: 378-379, ISSN: 2474-025X

CONFERENCE PAPER

Barrere M, Steiner RV, Mohsen R, Lupu ECet al., 2017, Tracking the Bad Guys: An Efficient Forensic Methodology To Trace Multi-step Attacks Using Core Attack Graphs, 13th International Conference on Network and Service Management (CNSM), Publisher: IEEE, ISSN: 2165-9605

CONFERENCE PAPER

This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.

Request URL: http://wlsprd.imperial.ac.uk:80/respub/WEB-INF/jsp/search-html.jsp Request URI: /respub/WEB-INF/jsp/search-html.jsp Query String: respub-action=search.html&id=00155030&limit=30&person=true