Attack simulation based software protection assessment method

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies

Attack simulation based software protection assessment method

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Modelling and simulation of a biometric identity-based cryptography

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

Modelling interdependencies between the electricity and information infrastructures

The aim of this paper is to provide qualitative models characterizing interdependencies related failures of two critical infrastructures: the electricity infrastructure and the associated information infrastructure. The interdependencies of these two infrastructures are increasing due to a growing connection of the power grid networks to the global information infrastructure, as a consequence of market deregulation and opening. These interdependencies increase the risk of failures. We focus on cascading, escalating and common-cause failures, which correspond to the main causes of failures due to interdependencies. We address failures in the electricity infrastructure, in combination with accidental failures in the information infrastructure, then we show briefly how malicious attacks in the information infrastructure can be addressed

Cyber-Physical Power System (CPPS): A Review on Modelling, Simulation, and Analysis with Cyber Security Applications

Cyber-Physical System (CPS) is a new kind of digital technology that increases its attention across academia, government, and industry sectors and covers a wide range of applications like agriculture, energy, medical, transportation, etc. The traditional power systems with physical equipment as a core element are more integrated with information and communication technology, which evolves into the Cyber-Physical Power System (CPPS). The CPPS consists of a physical system tightly integrated with cyber systems (control, computing, and communication functions) and allows the two-way flows of electricity and information for enabling smart grid technologies. Even though the digital technologies monitoring and controlling the electric power grid more efficiently and reliably, the power grid is vulnerable to cybersecurity risk and involves the complex interdependency between cyber and physical systems. Analyzing and resolving the problems in CPPS needs the modelling methods and systematic investigation of a complex interaction between cyber and physical systems. The conventional way of modelling, simulation, and analysis involves the separation of physical domain and cyber domain, which is not suitable for the modern CPPS. Therefore, an integrated framework needed to analyze the practical scenario of the unification of physical and cyber systems. A comprehensive review of different modelling, simulation, and analysis methods and different types of cyber-attacks, cybersecurity measures for modern CPPS is explored in this paper. A review of different types of cyber-attack detection and mitigation control schemes for the practical power system is presented in this paper. The status of the research in CPPS around the world and a new path for recommendations and research directions for the researchers working in the CPPS are finally presented.publishedVersio