grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/trust/EMSOFT24/related_work.tex
Arthur Grisel-Davy cc34bfe953 get first paper and add meta-review
2024-05-22 10:36:50 -04:00

46 lines
No EOL
5.3 KiB
TeX
Raw Blame History

\section{Related Work}
\label{sec:related_work}
Cybersecurity requires information from the protected system to evaluate the integrity of a system properly.
Whether the goal is detection or prevention, the security system relies on quality and trustworthy source information to provide the user with helpful results.
Among the classic sources of information, such as log files, source code, or network traffic, side-channel information provides compelling insights into a system's activity.
Historically leveraged for attacks, side channels are directly correlated with the activity of a system and can be considered as a source of information like any other for defense.
Side-channel information is complementary to host or network information and possesses specific characteristics.
Side-channel can take many form but power consumption in particular is often leverages to obtain side-channel information \cite{randolph2020power}.
The independent and hard-to-forge nature of involuntary emissions increases the trustworthiness of the information and makes deployment and retrofitting to various machines possible.
However, the time series data containing the information in its raw form contains unlabeled measurements prone to noise.
Thus, tailored prepossessing of the raw time series is crucial when leveraging side-channel information.
After prepossessing, several methods can extract information from unlabeled time series.
A common usage is anomaly detection.
Anomaly detection systems are often capable of ingesting large datasets of unlabeled data.
The literature in this domain provides examples of applications to smart grid \cite{9062014}, industrial control systems \cite{DUNLAP201612} or \ac{iot} devices \cite{8653533}.
Another approach is the classification or recognition of time series patterns.
The pattern can be known-malicious and associated with malware activity \cite{8854845}.
On the opposite, the pattern can be known-good, and the protection system detects deviations from it \cite{10430037}.
Uncertainty in classification can occur due to noise in side-channel data.
Users must base their trust in the system on the classifications derived from these indirect observations.
\textit{Trust} refers to the level of trust that users perceive in the system or technology with which they are engaging.
A considerable amount of research focuses on the importance of trust in human-computer interactions, particularly in areas such as automation~\cite{akash2020toward, sheng2019case}, robotics~\cite{xu2016maintaining}, aviation~\cite{okamura2018adaptive}, and military~\cite{tomsett2020rapid}.
Efforts have also been made to establish trust frameworks that calibrate trust levels, as user trust can be influenced by elements such as system reliability, openness, error management, and interaction~\cite{basu2016trust, tomsett2020rapid, kok2020trust, mcdermott2019practical, de2023mutually, kohn2021measurement, akash2020toward}.
The findings of these studies indicate that most research on trust relies on subjective measures or user-defined criteria to assess trust specific to their studies~\cite{brzowski2019trust}.
Subjective measures for calculating trust are either self-reporting --- for example, filling out trust questionnaires like the Muir questionnaire~\cite{basu2016trust} --- or implicit measures, for example, observing user behavior, physiological responses, and facial expressions during interactions with the system.
%A study found that real-time trust cannot be reflected by traditional trust questionnaires such as Muir questionnaire~\cite{basu2016trust}.
\ac{sl}~\cite{josang2016subjective} is a mathematical framework for logical reasoning that accommodates uncertainty through subjective opinions.
\ac{sl} integrates probabilistic logic with the \ac{dst} of evidence~\cite{shafer1992dempster}, enabling the representation of uncertainty in real-world scenarios and trust modelling in distributed systems.
It facilitates trustworthiness evaluations via a probabilistic epistemic logic.
\ac{sl} defines multiple operators to combine opinions from diverse sources in various manners.
Subjective Logic has been applied to assess trust in autonomous driving~\cite{du2023scalable}, transportation infrastructure~\cite{cheng2021trust}, autonomous multi-agent systems~\cite{petrovska2020knowledge, cheng2021general} and \ac{iot} ~\cite{akhuseyinoglu2020automated}.
These studies mainly employed \ac{sl} in a binary field to analyze evidence, where the observation is classified as either true or false.
However, they have not addressed situations in which the classification of indirect observations is labelled as uncertain, switching from a binary to a ternary field.
However, \ac{sl} encounters challenges when analyzing opinions in complex network structures as it necessitates simplifying the network graph, leading to information loss~\cite{liu2014assessment}.
\ac{3vsl}~\cite{liu2014assessment} proposes another formalism to compute trust based on an arbitrary opinion graph, which characterizes trust as a three-part event (belief, distrust, uncertain).
\ac{3vsl} evaluates trust within intricate networks, such as social networks~\cite{liu2019trust, cheng2019trust}.
However, certain operators in the \ac{sl} formalism are not defined in \ac{3vsl}.
For instance, the cumulative fusion operator merges opinions on the same proposition across non-overlapping observations.
Reference in a new issue View git blame Copy permalink