62 research outputs found
Industrial control protocols in the Internet core: Dismantling operational practices
Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., by DRDoS attacks). In this paper, we measure and analyze inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. These traffic observations are correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We uncover mainly unprotected inter-domain ICS traffic and provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks. Additionally, we survey recent security extensions of ICS protocols, of which we find very little deployment. We estimate an upper bound of the deployment status for ICS security protocols in the Internet core
Testing and verification of neural-network-based safety-critical control software: A systematic literature review
Context: Neural Network (NN) algorithms have been successfully adopted in a
number of Safety-Critical Cyber-Physical Systems (SCCPSs). Testing and
Verification (T&V) of NN-based control software in safety-critical domains are
gaining interest and attention from both software engineering and safety
engineering researchers and practitioners. Objective: With the increase in
studies on the T&V of NN-based control software in safety-critical domains, it
is important to systematically review the state-of-the-art T&V methodologies,
to classify approaches and tools that are invented, and to identify challenges
and gaps for future studies. Method: We retrieved 950 papers on the T&V of
NN-based Safety-Critical Control Software (SCCS). To reach our result, we
filtered 83 primary papers published between 2001 and 2018, applied the
thematic analysis approach for analyzing the data extracted from the selected
papers, presented the classification of approaches, and identified challenges.
Conclusion: The approaches were categorized into five high-order themes:
assuring robustness of NNs, assuring safety properties of NN-based control
software, improving the failure resilience of NNs, measuring and ensuring test
completeness, and improving the interpretability of NNs. From the industry
perspective, improving the interpretability of NNs is a crucial need in
safety-critical applications. We also investigated nine safety integrity
properties within four major safety lifecycle phases to investigate the
achievement level of T&V goals in IEC 61508-3. Results show that correctness,
completeness, freedom from intrinsic faults, and fault tolerance have drawn
most attention from the research community. However, little effort has been
invested in achieving repeatability; no reviewed study focused on precisely
defined testing configuration or on defense against common cause failure.Comment: This paper had been submitted to Journal of Information and Software
Technology on April 20, 2019,Revised 5 December 2019, Accepted 6 March 2020,
Available online 7 March 202
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
- …