1,172 research outputs found
Wide-Area Situation Awareness based on a Secure Interconnection between Cyber-Physical Control Systems
Posteriormente, examinamos e identificamos los requisitos especiales que limitan el diseño y la operación de una arquitectura de interoperabilidad segura para los SSC (particularmente los SCCF) del smart grid. Nos enfocamos en modelar requisitos no funcionales que dan forma a esta infraestructura, siguiendo la metodología NFR para extraer requisitos esenciales, técnicas para la satisfacción de los requisitos y métricas para nuestro modelo arquitectural.
Estudiamos los servicios necesarios para la interoperabilidad segura de los SSC del SG revisando en profundidad los mecanismos de seguridad, desde los servicios básicos hasta los procedimientos avanzados capaces de hacer frente a las amenazas sofisticadas contra los sistemas de control, como son los sistemas de detección, protección y respuesta ante intrusiones. Nuestro análisis se divide en diferentes áreas: prevención, consciencia y reacción, y restauración; las cuales general un modelo de seguridad robusto para la protección de los sistemas críticos.
Proporcionamos el diseño para un modelo arquitectural para la interoperabilidad segura y la interconexión de los SCCF del smart grid. Este escenario contempla la interconectividad de una federación de proveedores de energía del SG, que interactúan a través de la plataforma de interoperabilidad segura para gestionar y controlar sus infraestructuras de forma cooperativa. La plataforma tiene en cuenta las características inherentes y los nuevos servicios y tecnologías que acompañan al movimiento de la Industria 4.0. Por último, presentamos una prueba de concepto de nuestro modelo arquitectural, el cual ayuda a validar el diseño propuesto a través de experimentaciones. Creamos un conjunto de casos de validación que prueban algunas de las funcionalidades principales ofrecidas por la arquitectura diseñada para la interoperabilidad segura, proporcionando información sobre su rendimiento y capacidades.Las infraestructuras críticas (IICC) modernas son vastos sistemas altamente complejos, que precisan del uso de las tecnologías de la información para gestionar, controlar y monitorizar el funcionamiento de estas infraestructuras. Debido a sus funciones esenciales, la protección y seguridad de las infraestructuras críticas y, por tanto, de sus sistemas de control, se ha convertido en una tarea prioritaria para las diversas instituciones gubernamentales y académicas a nivel mundial. La interoperabilidad de las IICC, en especial de sus sistemas de control (SSC), se convierte en una característica clave para que estos sistemas sean capaces de coordinarse y realizar tareas de control y seguridad de forma cooperativa.
El objetivo de esta tesis se centra, por tanto, en proporcionar herramientas para la interoperabilidad segura de los diferentes SSC, especialmente los sistemas de control ciber-físicos (SCCF), de forma que se potencie la intercomunicación y coordinación entre ellos para crear un entorno en el que las diversas infraestructuras puedan realizar tareas de control y seguridad cooperativas, creando una plataforma de interoperabilidad segura capaz de dar servicio a diversas IICC, en un entorno de consciencia situacional (del inglés situational awareness) de alto espectro o área (wide-area).
Para ello, en primer lugar, revisamos las amenazas de carácter más sofisticado que amenazan la operación de los sistemas críticos, particularmente enfocándonos en los ciberataques camuflados (del inglés stealth) que amenazan los sistemas de control de infraestructuras críticas como el smart grid. Enfocamos nuestra investigación al análisis y comprensión de este nuevo tipo de ataques que aparece contra los sistemas críticos, y a las posibles contramedidas y herramientas para mitigar los efectos de estos ataques
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
A taxonomy of malicious traffic for intrusion detection systems
With the increasing number of network threats it is essential to have a knowledge of existing and new network threats to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets
Cyber Deception Reactive: TCP Stealth Redirection to On-Demand Honeypots
Cybersecurity is developing rapidly, and new methods of defence against
attackers are appearing, such as Cyber Deception (CYDEC). CYDEC consists of
deceiving the enemy who performs actions without realising that he/she is being
deceived. This article proposes designing, implementing, and evaluating a
deception mechanism based on the stealthy redirection of TCP communications to
an on-demand honey server with the same characteristics as the victim asset,
i.e., it is a clone. Such a mechanism ensures that the defender fools the
attacker, thanks to stealth redirection. In this situation, the attacker will
focus on attacking the honey server while enabling the recollection of relevant
information to generate threat intelligence. The experiments in different
scenarios show how the proposed solution can effectively redirect an attacker
to a copied asset on demand, thus protecting the real asset. Finally, the
results obtained by evaluating the latency times ensure that the redirection is
undetectable by humans and very difficult to detect by a machine
Cybersecurity Law: Legal Jurisdiction and Authority
Cybersecurity threats affect all aspects of society; critical infrastructures
(such as networks, corporate systems, water supply systems, and intelligent
transportation systems) are especially prone to attacks and can have tangible
negative consequences on society. However, these critical cyber systems are
generally governed by multiple jurisdictions, for instance the Metro in the
Washington, D.C. area is managed by the states of Virginia and Maryland, as
well as the District of Columbia (DC) through Washington Metropolitan Area
Transit Authority (WMATA). Additionally, the water treatment infrastructure
managed by DC Water consists of waste water input from Fairfax and Arlington
counties, and the district (i.e. DC). Additionally, cyber attacks usually
launch from unknown sources, through unknown switches and servers, and end up
at the destination without much knowledge on their source or path. Certain
infrastructures are shared amongst multiple countries, another idiosyncrasy
that exacerbates the issue of governance. This law paper however, is not
concerned with the general governance of these infrastructures, rather with the
ambiguity in the relevant laws or doctrines about which authority would prevail
in the context of a cyber threat or a cyber-attack, with a focus on federal vs.
state issues, international law involvement, federal preemption, technical
aspects that could affect lawmaking, and conflicting responsibilities in cases
of cyber crime. A legal analysis of previous cases is presented, as well as an
extended discussion addressing different sides of the argument.Comment: This report is developed for partial fulfillment of the requirements
for the degree of Juris Masters of Law at GMU's Antonin Scalia Law Schoo
- …