A hybrid threat model for smart systems

Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors

A hybrid threat model for smart systems

Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system’s components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system’s components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sector

Management model for measurement infrastructure

The evaluation of metric of performance is useful in the evaluation of protocols, in the improvement of applications, in the content choice, among others. The obtaining of these metrics, it continues being a complex task because most of the time there are not appropriate tools for such. The measurement infrastructures appear as a form of endowing the networks of computers with instruments that facilitate the acquisition of these metrics. This work evaluates a group of measurement infrastructures, where it is possible to observe that the treatment showed to the management of such infrastructures is varied. They do not possess a group of standardized management functions. Based on that, this article presents a proposal of a management model for measurement infrastructures. The proposed model maintains the administrative independence of the present points in the infrastructure, but it allows the interaction among them by means of specific management functionsII Workshop de Ingeniería de Software y Bases de Datos (WISBD)Red de Universidades con Carreras en Informática (RedUNCI

Back to Basics: Beyond Network Hygiene

Abstract: In the past, Computer Network Defense (CND) intended to be minimally intrusive to the other requirements of IT development, business, and operations. This paper outlines how different security paradigms have failed to become effective defense approaches, and what the root cause of the current situation is. Based on these observations, a different point of view is proposed: acknowledging the inherent composite nature of computer systems and software. Considering the problem space from the composite point of view, the paper offers ways to leverage composition for security, and concludes with a list of recommendations

Validating a Novel New Instrument for Measuring Firm Managers' Intellectual Property Management Practices: A study of biotechnology firms

Purpose: The purpose of this research project was to pilot and validate a new instrument to measure firm intellectual property (IP) management practices.Methodology/Approach: A survey instrument was developed in consultation with a Perth-based firm of patent attorneys specialising in IP management services. The survey was piloted by random mail-out to 357 biotechnology firms, 68 of which returned a useable response. IP managers' responses to the following seven dimensions of extent of IP management practice were measured on a 5-point Likert-scale: 1) Record-keeping and management practices (22 items); 2) IP capture and protection mechanisms (10 items); 3) Use of IP management services or traditional patent attorney services (9 items); 4) Defensive measures (12 items); 5) Business Plan and strategic vision (9 items); 6) Knowledge of the IP landscape (9 items); and, 7) Promoting an IP culture (7 items). Factor Analysis and Principle Component Analysis extraction method with Varimax Rotation were used to identify factors measured by our instrument.Findings: Between two and seven factors were extracted for each of the dimensions measuring IP management practices, explaining between 51% (IP Defensive Measures) to 74% (IP management services and traditional patent attorney services) of the cumulative variance on any one factors. Scrutiny of the Component Matrices for a common thread amongst large loadings indicated thirteen actual measures of IP management practices perceived by biotechnology firm IP managers; with high Cronbach's Alpha reliability.Research limitations/implications: Factor analysis of this instrument revealed that IP managers' responses were loading on 13 factors instead of the original 7 anticipated dimensions to the measure. The spread of 78 item was reduced to a more relevant and economical measure with 56 items. As scrutiny of the factor analysis has revealed increasing heterogeneity to IP management practices in the biotechnology industry, it might be interesting to repeat the study for IP managers in another industry. A limitation of the study is its Australian biotechnology context and also that no concession was made in the measure for the effect of firm vertical disintegration.Originality/value: To our knowledge this is a novel project. We have validated and streamlined a new IP management practices instrument with advice from a practicing firm of IP management consultants. The instrument should be useful to high-technology firms as a checklist of IP management practices for innovation management. It should also be a valuable measurement tool for academics, firms and industries wanting to characterise the nature of firm-level IP management practices

The bureaucratization of war: moral challenges exemplified by the covert lethal drone

This article interrogates the bureaucratization of war, incarnate in the covert lethal drone. Bureaucracies are criticized typically for their complexity, inefficiency, and inflexibility. This article is concerned with their moral indifference. It explores killing, which is so highly administered, so morally remote, and of such scale, that we acknowledge a covert lethal program. This is a bureaucratized program of assassination in contravention of critical human rights. In this article, this program is seen to compromise the advance of global justice. Moreover, the bureaucratization of lethal force is seen to dissolve democratic ideals from within. The bureaucracy isolates the citizens from lethal force applied in their name. People are killed, in the name of the State, but without conspicuous justification, or judicial review, and without informed public debate. This article gives an account of the risk associated with the bureaucratization of the State’s lethal power. Exemplified by the covert drone, this is power with formidable reach. It is power as well, which requires great moral sensitivity. Considering the drone program, this article identifies challenges, which will become more prominent and pressing, as technology advances

Teaching an Engineering Systems Doctoral Seminar: Concepts and Structure

This paper describes the current state of the evolving engineering systems doctoral seminar in the Engineering Systems Division (ESD) at MIT. This subject is required for all first year engineering systems doctoral students. It is intended to bring them into the culture of ESD, and to establish a common base on which subsequent subjects can build. It is the first of three required subjects that make up the core of the ESD doctoral program. The seminar is intended to provide students with the foundations and context of engineering systems, largely focused on providing an appreciation for the many facets of socio-technical complexity. We discuss the seminar’s pedagogy, learning objectives, assignments and readings, and provide insights gained from teaching the course

Central banks and the stability of the international monetary regime

No abstract available