474,352 research outputs found
Integrating Safety, Security and Human Factors Engineering in Rail Infrastructure Design and Evaluation.
With the new emerging dependency towards the rail industry, there have been growing concerns on how to make this critical infrastructure more adaptable in this technological era of cyber attacks. Currently, the rail infrastructure is built around safety and human factors, but one important factor which has less attention is cyber security. In order to satisfy the security needs of rail stakeholders, there is a need to put together knowledge in the form of design framework by combining safety and human factors, with cyber security. The research problem this PhD thesis addresses is how the process-techniques and tool- support available in safety, security and human factors engineering can be integrated to provide design solutions in rail infrastructure.
This PhD thesis claims that proposed design framework is an exemplar by making three significant contributions. Firstly, it identifies the integration of concepts between safety, security and human factors engineering. Secondly, based on integration it pro- vides an integrated design framework where Integrating Requirements and Information Security (IRIS), use-case specifications informed Task Analysis (TA) using Cognitive Task Analysis (CTA) and Hierarchical Task Analysis (HTA), Human Factors Analysis and Clas- sification System (HFACS) frameworks are used to inform Systems-Theoretic Process Analysis (STPA). This integrated design framework is tool-supported using the open- source Computer Aided Integrating Requirements and Information Security (CAIRIS) platform. Thirdly, the proposed design framework in the form of process-techniques and tool-support is implemented by rail infrastructure to determine the safe, secure and us- able design solutions.
This PhD thesis is validated by applying the design framework to three case studies. In the first, preliminary evaluation is carried out by applying it to a case study of ‘Polish Tram Incident’, where inter-dependencies between safety, security, and human factors engineering are present. In the second, the results are used to inform TA using use-case specifications format by prototyping the role of European Railway Traffic Management System (ERTMS) - Signaller, which provides human factors experts a chance to work in collaboration with safety and security design experts. In the final case study, with the support of representative rail stakeholders from Ricardo Rail is used to implement STPA on case study of ’Cambrian Railway Incident’
On the Security of Software Systems and Services
This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed.
Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration.
Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications.
In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor.
Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis
of dynamic security checks for protecting the services against illegal invocations
A quantitative man-machine model for cyber security efficiency analysis
The analysis of security defense processes is of utmost importance in the
management of various cyber-security attacks, which are increasing in scope and
rapidity. Organizations need to optimize their resources based on a sound understanding
of the level of their security defense processes' efficiency and the impact of their
investment.
Modeling and characterization of the dynamics of cyber security management are
essential to risk prediction, damage assessment, and resource allocations. This
dissertation addresses the interactions between human factors and information systems.
On the basis of the spiral life cycle model of software development processes, we
develop a realistic, holistic security attack-defense model - Man-Machine Model (M3),
which combines human factors and information systems' (i.e., machine) states under an
integrated analytical framework. M3 incorporates man and machine components. The
man component is comprised of several variables such as Skill & Knowledge (SKKN)
and Teamwork Quality (TWQ). The machine component is composed of variables such
as traffic volume and the amount of downtime. M3 enables the analysis of intrusion
detection and incident response process efficiency, i.e., security defense team
performance.
With data analysis, we formulate and test four major research hypotheses based
on the data collected during security experiments. Through hypothesis testing, we
evaluate regression models to estimate the security defense team performance (i.e.
efficiency) at different levels of human intelligence (e.g., skill and knowledge) and teamwork (e.g., teamwork quality). We assess the fitness and significance of the
regression models, and verify their assumptions. Based on these results, organizations
can hire those who have an appropriate level of skill and knowledge when it concerns
investments to increase the level of skill and knowledge of security personnel. They also
can attempt to increase the level of skill and knowledge of security personnel
Why do People Adopt, or Reject, Smartphone Security Tools?
A large variety of security tools exist for Smartphones, to help their owners to secure the
phones and prevent unauthorised others from accessing their data and services. These range
from screen locks to antivirus software to password managers. Yet many Smartphone owners
do not use these tools despite their being free and easy to use. We were interested in exploring
this apparent anomaly. A number of researchers have applied existing models of behaviour
from other disciplines to try to understand these kinds of behaviours in a security context, and
a great deal of research has examined adoption of screen locking mechanisms. We review the
proposed models and consider how they might fail to describe adoption behaviours. We then
present the Integrated Model of Behaviour Prediction (IMBP), a richer model than the ones
tested thus far. We consider the kinds of factors that could be incorporated into this model in
order to understand Smartphone owner adoption, or rejection, of security tools. The model
seems promising, based on existing literature, and we plan to test its efficacy in future studies
Specification of vertical semantic consistency rules of UML class diagram refinement using logical approach
Unified Modelling Language (UML) is the most popular modelling language use for
software design in software development industries with a class diagram being the
most frequently use diagram. Despite the popularity of UML, it is being affected by
inconsistency problems of its diagrams at the same or different abstraction levels.
Inconsistency in UML is mostly caused by existence of various views on the same
system and sometimes leads to potentially conflicting system specifications. In
general, syntactic consistency can be automatically checked and therefore is
supported by current UML Computer-aided Software Engineering (CASE) tools.
Semantic consistency problems, unlike syntactic consistency problems, there exists
no specific method for specifying semantic consistency rules and constraints.
Therefore, this research has specified twenty-four abstraction rules of class‟s relation
semantic among any three related classes of a refined class diagram to semantically
equivalent relations of two of the classes using a logical approach. This research has
also formalized three vertical semantic consistency rules of a class diagram
refinement identified by previous researchers using a logical approach and a set of
formalized abstraction rules. The results were successfully evaluated using hotel
management system and passenger list system case studies and were found to be
reliable and efficient
Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph
Police SWAT teams and Military Special Forces face mounting pressure and
challenges from adversaries that can only be resolved by way of ever more
sophisticated inputs into tactical operations. Lethal Autonomy provides
constrained military/security forces with a viable option, but only if
implementation has got proper empirically supported foundations. Autonomous
weapon systems can be designed and developed to conduct ground, air and naval
operations. This monograph offers some insights into the challenges of
developing legal, reliable and ethical forms of autonomous weapons, that
address the gap between Police or Law Enforcement and Military operations that
is growing exponentially small. National adversaries are today in many
instances hybrid threats, that manifest criminal and military traits, these
often require deployment of hybrid-capability autonomous weapons imbued with
the capability to taken on both Military and/or Security objectives. The
Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of
Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that
required military response and police investigations against a fighting cell of
the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade
Recommended from our members
A conceptual model for EAI adoption in an e-government environment
The non-integrated nature of Local Government Authority (LGA) Information Systems (IS) is
strongly associated with the inconsistency and duplication of data, reduction in data integrity and
quality, and high operational and maintenance cost. The reason is that legacy IS within the LGAs
are usually tailored to support particular business processes and functions and are as a
consequence usually difficult to integrate. This gives rise to a strong need for an integrated
architecture that facilitates reuse of existing applications and flexibly implementing business
processes across the functional boundaries within the LGAs. This paper examines a potentially
important area of IS integration in the United Kingdom (UK) LGAs through Enterprise
Application Integration (EAI) technology. A review of the literature indicates that EAI has been a
focal technology for several organisations in solving their integration problems. However, is new
in the LGAs; thus research literature around it is limited. Yet the effect of IS integration using
EAI technology remains under explored, as little research has been conducted to comprehend the
LGAs perception of integration that influences their decisions and actions. The author
demonstrates that it is of high importance to investigate this area within LGAs and result in
research that contributes towards successful EAI adoption. Therefore, resulting in the
development of a conceptual model that may be used to assist the government decision-making
process for EAI adoption in an electronic Government (e-Government) environment
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
- …