The Journal of Supercomputing

, Volume 72, Issue 10, pp 3729–3763 | Cite as

Leveraging information security and computational trust for cybersecurity

  • Robson de Oliveira Albuquerque
  • Luis Javier García Villalba
  • Ana Lucila Sandoval Orozco
  • Rafael Timóteo de Sousa Júnior
  • Tai-Hoon Kim


Cybersecurity has an enormous impact in modern society, since almost everything in our day-to-day activities depends on some information and communication technology that is prone to some form of threat. This paper argues that cybersecurity depends on the combined effect of information security measures together with explicit trust verification that these measures are operational and effective. In this sense, this paper provides a view of information treatments related to trust and information security and discusses how together they can counter advanced persistent threats and exploits that now plague the cyberspace.


Advanced persistent treats (APT) Computational trust Cybersecurity Exploits Information security 



Robson de Oliveira Albuquerque, Luis Javier García Villalba and Ana Lucila Sandoval Orozco acknowledge to “Programa de Financiación de Grupos de Investigación UCM validados de la Universidad Complutense de Madrid—Banco Santander”. Part of the computations of this work was performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN. Robson de Oliveira Albuquerque and Rafael Timóteo de Sousa Júnior acknowledge the Laboratory for Decision Technologies at the University of Brasilia (LATITUDE/UnB) for its support to this work. Rafael Timóteo de Sousa Júnior would like to thank the support provided by the PNPD/CAPES—Programa Nacional de Pós-Doutorado/CAPES in Brazil.


  1. 1.
    Andy G (2015) New dark-web market is selling zero-day exploits to hackers. Accessed 5 May 2015
  2. 2.
    Bell DE, LaPadula LJ (1973) Secure computer systems: mathematical foundations. Technical report, DTIC documentGoogle Scholar
  3. 3.
    Ben-Asher N, Gonzalez C (2015) Effects of cyber security knowledge on attack detection. Comput Hum Behav 48:51–61CrossRefGoogle Scholar
  4. 4.
    Biba KJ (1977) Integrity considerations for secure computer systems. Technical report, DTIC documentGoogle Scholar
  5. 5.
    Bilge L, Dumitras T (2012) Before we knew it—an empirical study of zero-day attacks in the real world. Symantec Research Labs.
  6. 6.
    Brook C (2015) All major browsers fall at Pwn2Own Day 2. Accessed 8 Apr 2015
  7. 7.
    Burrows JH (1983) Guideline for computer security certification and accreditation. Technical report, Information Assurance Technology Analysis Center, Falls Church VaGoogle Scholar
  8. 8.
    Byres E, Lowe J (2004) The myths and facts behind cyber security risks for industrial control systems. In: Proceedings of the VDE kongress, Berlin, Germany, vol 116, pp 213–218Google Scholar
  9. 9.
    Committee on National Security Systems Instruction No. 4009: National Information Assurance (IA) Glossary (2010)
  10. 10.
    Dasgupta P (2000) Trust as a commodity. Trust: Mak Break Coop Rel 4:49–72Google Scholar
  11. 11.
    Dempsey K, et al. (2011) Information security continuous monitoring (ISCM) for federal systems and organisations. NIST Special Publication, pp 800–137Google Scholar
  12. 12.
    Department of Communications, Information Technology and the Arts and the Trusted Information Sharing Network: Secure Your Information: Information Security Principles for Enterprise Architecture (2007). Accessed 6 Apr 2015
  13. 13.
    Elhage N (2011) Virtunoid: a KVM guest—host privilege escalation exploit. Accessed 6 Apr 2015
  14. 14.
    ENISA (2015) European Union Agency for Network and Information Security: National Cyber Security Strategies in the World. Accessed 10 Mar 2015
  15. 15.
    Frei S (2013) The known unknowns: empirical analysis of publicly unknown vulnerabilities. NSS Labs Inc., AustinGoogle Scholar
  16. 16.
    Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57CrossRefGoogle Scholar
  17. 17.
    Gambetta D (2000) Can we Trust Trust. Trust: Mak Break Coop Relat 2000:213–237Google Scholar
  18. 18.
    Gandotra E, Bansal D, Sofat S (2014) Computational techniques for predicting cyber threats. In: Proceedings of the international conference on intelligent computing, communication and devices (ICCD), pp 247–253Google Scholar
  19. 19.
    Geer D (2014) Cybersecurity as realpolitik. Accessed 10 Apr 2015
  20. 20.
    Gold S (2014) APTs: not as advanced as you might think. Accessed 14 Apr 2015
  21. 21.
    Goncharov M (2014) Russian underground revisited. Technical report, Trend MicroGoogle Scholar
  22. 22.
    Greenberg A (2012) Shopping for zero-days: a price list for hackers’ secret software exploits. Forbes Mag.
  23. 23.
    Greenwald G, MacAskill E, Poitras L (2013) Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian News and Media Limited.
  24. 24.
    Harrington SL (2010) Cyber security active defense: playing with fire or sound risk management? Richmond J Law Technol 20(4):1–41MathSciNetGoogle Scholar
  25. 25.
    Help Net Security (2015) Attackers Use Deceptive Tactics to Dominate Corporate Networks. Accessed 29 Apr 2015
  26. 26.
    HP Research (2012) Cybercrime costs rise nearly 40 percent, attack frequency doubles. Accessed 11 Feb 2015
  27. 27.
    Lamsal P (2001) Understanding trust and security. Technical report, Department of Computer Science, University of Helsinki, FinlandGoogle Scholar
  28. 28.
    Memex (domain-specific search) (2014) Information Innovation Offic,e Darpa. Accessed 11 Feb 2015
  29. 29.
    Menn J (2015) Politics intrude as cybersecurity firms hunt foreign spies. Accessed 2 Apr 2015
  30. 30.
  31. 31.
    de Oliveira Albuquerque R, García Villalba LJ, Kim TH (2014) GTrust: group extension for trust models in distributed systems. Int J Distrib Sensor Netw 2014:872842. doi: 10.1155/2014/872842
  32. 32.
    de Oliveira Albuquerque R, García Villalba LJ, Sandoval Orozco AL, Mesquita Buiati F, Kim TH (2014) A layered trust information security architecture. Sensors 14(12):22,754–22,772CrossRefGoogle Scholar
  33. 33.
    de Oliveira Albuquerque R, Villalba LJG, Ribeiro Torres O, Gomes de Deus FE (2011) Virtualization with automated services catalog for providing integrated information technology infrastructure. In: Proceedings of the 8th international conference autonomic and trusted computing (ATC), Banff, Canada, pp 75–91Google Scholar
  34. 34.
    Peltier TR (2013) Information security fundamentals. CRC Press, Boca RatonCrossRefGoogle Scholar
  35. 35.
    Schneider FB et al (1999) Trust in cyberspace. In: Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board, Commission on Physical Sciences, Mathematics, and Applications, National Research Council. National Academies PressGoogle Scholar
  36. 36.
    Seaborn M, Dullien T (2015) Exploiting the DRAM rowhammer bug to gain kernel privileges. Accessed 12 May 2015
  37. 37.
    Shah S, Mehtre BM (2013) A modern approach to cyber security analysis using vulnerability assessment and penetration testing. Int J Electron Commun Comput Eng 4(6):47–52Google Scholar
  38. 38.
    Stephen M (1994) Formalising trust as a computational concept. Ph.D. thesis, University of Stirling, Scotland, UKGoogle Scholar
  39. 39.
    Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECS-IJENS 11(5):23–29Google Scholar
  40. 40.
    Symantec Labs (2014) 2014 internet security threat report. Technical report, SymantecGoogle Scholar
  41. 41.
    Szappanos G (2015) Exploit this: evaluating the exploit skills of malware groups. Technical report, SophosLabsGoogle Scholar
  42. 42.
    Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Proceedings of the 49th IEEE conference on decision and control (CDC), pp 5991–5998Google Scholar
  43. 43.
    The National Institute of Science and Technology (NIST) (2013) Developing a framework to improve critical infrastructure cybersecurity. Accessed 27 Mar 2015
  44. 44.
    Tiedata (2014) What are web based exploits?. Accessed 6 Mar 2015
  45. 45.
    Trusted Computing Group (2014) How to use the TPM: a guide to hardware-based endpoint security. Accessed 27 Apr 2015
  46. 46.
    Van Os R (2014) Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master’s thesis, Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, SwedenGoogle Scholar
  47. 47.
    Wadlow T (2014) Who must you trust? Queue 12(5):30–43Google Scholar
  48. 48.
    Wang D, Muller T, Irissappane AA, Zhang J, Liu Y (2015) Using information theory to improve the robustness of trust systems. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 791–799Google Scholar
  49. 49.
    Whitman M, Mattord H (2013) Management of information security, 4th edn. Cengage Learning, BostonGoogle Scholar
  50. 50.
    Wojtczuk R (2014) Poacher turned gamekeeper: lessons learned from eight years of breaking hypervisors. Black Hat USA. Accessed 11 Mar 2015

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Robson de Oliveira Albuquerque
    • 1
    • 2
  • Luis Javier García Villalba
    • 1
  • Ana Lucila Sandoval Orozco
    • 1
  • Rafael Timóteo de Sousa Júnior
    • 2
  • Tai-Hoon Kim
    • 3
  1. 1.Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Information Technology and Computer Science, Office 431Universidad Complutense de Madrid (UCM)MadridSpain
  2. 2.Electrical Engineering DepartmentUniversity of BrasiliaBrasiliaBrazil
  3. 3.Department of Convergence SecuritySungshin W. UniversitySeoulKorea

Personalised recommendations