Jason Jaskolka

Dylan Léveillé, Jason Jaskolka

Selecting the combination of security controls that will most effectively protect a system's assets is a difficult task. If the wrong controls are selected, the system may be left vulnerable to cyber-attacks that can impact the confidentiality, integrity, and availability of critical data and services. In practical settings, as standardized control catalogues can be quite large, it is not possible to select and implement every control possible. Instead, considerations, such as budget, effectiveness, and dependencies among various controls, must be considered to choose a combination of security controls that best achieve a set of system security objectives. In this paper, we present a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. Using a software tool, we apply the approach on a fictional Canadian military system with Canada's standardized control catalogue, ITSG-33. Through this case study, we demonstrate the approach's scalability to assist in selecting an effective set of security controls for large systems. The results illustrate how a security analyst can use the proposed approach and supporting tool to guide and support decision-making in the control selection activity when developing secure systems of all sizes.

Ali Sadeghi Jahromi, Jason Jaskolka

Iran conducted two nationwide Internet shutdowns in January and March 2026, the latter ongoing at the time of writing and the longest documented Iranian disruption. Using a three-plane methodology combining passive Censys scan data, active TCP reachability probing from five vantage points, and BGP analysis across 33 RIPE RIS snapshots from 2019 to 2026, we show that the 2022 and 2026 shutdowns are enforced via forwarding-plane null-routing at a centralized border while BGP announcements remain stable, and that Iran shifted from partial BGP withdrawal in 2019 to pure null-routing by 2022. This control- and forwarding-plane decoupling prevents BGP-based outage monitors from detecting shutdowns. Active probing of 4,571 BGP-visible Iranian prefixes shows that 96.5 to 97.4% are null-routed across all vantage points, indicating a centrally coordinated mechanism. Passive scan analysis reveals a 3.7 times increase in visible hosts between shutdown events due to measurement artifacts rather than recovery, along with two structural exemptions: academic networks rise from 1.4 to 66.6% of visible hosts during partial recovery, and ArvanCloud CDN retains 99.7% visibility while other major operators drop by at least 77%.

Jason Jaskolka

Implicit interactions refer to those interactions among the components of a system that may be unintended and/or unforeseen by the system designers. As such, they represent cybersecurity vulnerabilities that can be exploited to mount cyber-attacks causing serious and destabilizing system effects. In this paper, we study implicit interactions in distributed systems specified using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C$^2$KA). To identify and defend against a range of possible attack scenarios, we develop a new measure of exploitability for implicit interactions to aid in evaluating the threat posed by the existence of such vulnerabilities in system designs for launching cyber-attacks. The presented approach is based on the modeling and analysis of the influence and response of the system agents and their C$^2$KA specifications. We also demonstrate the applicability of the proposed approach using a prototype tool that supports the automated analysis. The rigorous, practical techniques presented here enable cybersecurity vulnerabilities in the designs of distributed systems to be more easily identified, assessed, and then mitigated, offering significant improvements to overall system resilience, dependability, and security.

Jason Jaskolka, Ridha Khedri

An integral part of safeguarding systems of communicating agents from covert channel communication is having the ability to identify when a covert channel may exist in a given system and which agents are more prone to covert channels than others. In this paper, we propose a formulation of one of the necessary conditions for the existence of covert channels: the potential for communication condition. Then, we discuss when the potential for communication is preserved after the modification of system agents in a potential communication path. Our approach is based on the mathematical framework of Communicating Concurrent Kleene Algebra (C2KA). While existing approaches only consider the potential for communication via shared environments, the approach proposed in this paper also considers the potential for communication via external stimuli.