7,662 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Predicting Network Attacks Using Ontology-Driven Inference
Graph knowledge models and ontologies are very powerful modeling and re
asoning tools. We propose an effective approach to model network attacks and
attack prediction which plays important roles in security management. The goals
of this study are: First we model network attacks, their prerequisites and
consequences using knowledge representation methods in order to provide
description logic reasoning and inference over attack domain concepts. And
secondly, we propose an ontology-based system which predicts potential attacks
using inference and observing information which provided by sensory inputs. We
generate our ontology and evaluate corresponding methods using CAPEC, CWE, and
CVE hierarchical datasets. Results from experiments show significant capability
improvements comparing to traditional hierarchical and relational models.
Proposed method also reduces false alarms and improves intrusion detection
effectiveness.Comment: 9 page
Redefining Creep: A Comprehensive Analysis of Aviation Accident Survivability
Given the sheer amount of flights that occur on a daily basis around the world, aviation accidents are going to occur. The principles ensuring that an accident is as safe as possible are considered aircraft survivability or crashworthiness which is analyzed using the acronym CREEP; Container, Restraint, Environment, Energy Absorption, and Post-Crash Factors. CREEP is used by investigators to analyze survivability after a crash, but has significant short falls. By only focusing on a crash, CREEP misses several survivability concepts applicable to aviation such as aircraft equipped with ejection seats, inflight environmental factors, and high energy projectile strikes. To develop a more robust and comprehensive definition of CREEP, a mixed methods approach was conducted through a literature review, case study research, and conducting interviews. The literature review was done to establish a baseline for CREEP and demonstrate its focus on a crash. Case studies were evaluated and interviews were conducted to evaluate escape systems and other deficiencies identified with CREEP. Several case studies involved fatal injuries although no aircraft crash occurred. Interviews were conducted with escape system subject matter experts to identify the survivability of escape systems such as parachutes and ejection seats. Through case study and interview research, a new definition of CREEP was established; Container, Restraint, Environment, Energy absorption/Escape, and Post-event factors. By using the new definition of CREEP, investigators donât have to just focus on accidents that involve a crash. The new acronym is more comprehensive and covers a much wider range of aviation systems
Advanced power sources for space missions
Approaches to satisfying the power requirements of space-based Strategic Defense Initiative (SDI) missions are studied. The power requirements for non-SDI military space missions and for civil space missions of the National Aeronautics and Space Administration (NASA) are also considered. The more demanding SDI power requirements appear to encompass many, if not all, of the power requirements for those missions. Study results indicate that practical fulfillment of SDI requirements will necessitate substantial advances in the state of the art of power technology. SDI goals include the capability to operate space-based beam weapons, sometimes referred to as directed-energy weapons. Such weapons pose unprecedented power requirements, both during preparation for battle and during battle conditions. The power regimes for these two sets of applications are referred to as alert mode and burst mode, respectively. Alert-mode power requirements are presently stated to range from about 100 kW to a few megawatts for cumulative durations of about a year or more. Burst-mode power requirements are roughly estimated to range from tens to hundreds of megawatts for durations of a few hundred to a few thousand seconds. There are two likely energy sources, chemical and nuclear, for powering SDI directed-energy weapons during the alert and burst modes. The choice between chemical and nuclear space power systems depends in large part on the total duration during which power must be provided. Complete study findings, conclusions, and eight recommendations are reported
System Qualities Ontology, Tradespace and Affordability (SQOTA) Project Phase 5
Motivation and Context: One of the key elements of the SERC's research strategy is transforming the practice of systems engineering and associated management practices- "SE and Management Transformation (SEMT)." The Grand Challenge goal for SEMT is to transform the DoD community 's current systems engineering and management methods, processes, and tools (MPTs) and practices away from sequential, single stovepipe system, hardware-first ,document-driven, point- solution, acquisition-oriented approaches; and toward concurrent, portfolio and enterprise-oriented, hardware-software-human engineered, model-driven, set-based, full life cycle approaches.This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08-D-0171 and HQ0034-13-D-0004 (TO 0060).This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08-D-0171 and HQ0034-13-D-0004 (TO 0060)
Towards a Structural Equation Model of Open Source Blockchain Software Health
The widespread use of GitHub among software developers as a communal platform
for coordinating software development has led to an abundant supply of publicly
accessible data. Ever since the inception of Bitcoin, blockchain teams have
incorporated the concept of open source code as a fundamental principle, thus
making the majority of blockchain-based projects' code and version control data
available for analysis. We define health in open source software projects to be
a combination of the concepts of sustainability, robustness, and niche
occupation. Sustainability is further divided into interest and engagement.
This work uses exploratory factor analysis to identify latent constructs that
are representative of general public interest or popularity in software, and
software robustness within open source blockchain projects. We find that
interest is a combination of stars, forks, and text mentions in the GitHub
repository, while a second factor for robustness is composed of a criticality
score, time since last updated, numerical rank, and geographic distribution.
Cross validation of the dataset is carried out with good support for the model.
A structural model of software health is proposed such that general interest
positively influences developer engagement, which, in turn, positively predicts
software robustness. The implications of structural equation modelling in the
context of software engineering and next steps are discussed.Comment: 26 pages, 6 figure
Integrated helicopter survivability
A high level of survivability is important to protect military personnel and equipment and is
central to UK defence policy. Integrated Survivability is the systems engineering
methodology to achieve optimum survivability at an affordable cost, enabling a mission to
be completed successfully in the face of a hostile environment. âIntegrated Helicopter
Survivabilityâ is an emerging discipline that is applying this systems engineering approach
within the helicopter domain. Philosophically the overall survivability objective is âzero
attritionâ, even though this is unobtainable in practice.
The research question was: âHow can helicopter survivability be assessed in an integrated
way so that the best possible level of survivability can be achieved within the constraints and
how will the associated methods support the acquisition process?â
The research found that principles from safety management could be applied to the
survivability problem, in particular reducing survivability risk to as low as reasonably
practicable (ALARP). A survivability assessment process was developed to support this
approach and was linked into the military helicopter life cycle. This process positioned the
survivability assessment methods and associated input data derivation activities.
The system influence diagram method was effective at defining the problem and capturing
the wider survivability interactions, including those with the defence lines of development
(DLOD). Influence diagrams and Quality Function Deployment (QFD) methods were
effective visual tools to elicit stakeholder requirements and improve communication across
organisational and domain boundaries.
The semi-quantitative nature of the QFD method leads to numbers that are not real. These
results are suitable for helping to prioritise requirements early in the helicopter life cycle, but
they cannot provide the quantifiable estimate of risk needed to demonstrate ALARP. The probabilistic approach implemented within the Integrated Survivability Assessment
Model (ISAM) was developed to provide a quantitative estimate of âriskâ to support the
approach of reducing survivability risks to ALARP. Limitations in available input data for
the rate of encountering threats leads to a probability of survival that is not a real number that
can be used to assess actual loss rates. However, the method does support an assessment
across platform options, provided that the âtest environmentâ remains consistent throughout
the assessment. The survivability assessment process and ISAM have been applied to an
acquisition programme, where they have been tested to support the survivability decision
making and design process.
The survivability âtest environmentâ is an essential element of the survivability assessment
process and is required by integrated survivability tools such as ISAM. This test
environment, comprising of threatening situations that span the complete spectrum of
helicopter operations requires further development. The âtest environmentâ would be used
throughout the helicopter life cycle from selection of design concepts through to test and
evaluation of delivered solutions. It would be updated as part of the through life capability
management (TLCM) process.
A framework of survivability analysis tools requires development that can provide
probabilistic input data into ISAM and allow derivation of confidence limits. This systems
level framework would be capable of informing more detailed survivability design work
later in the life cycle and could be enabled through a MATLABÂź based approach.
Survivability is an emerging system property that influences the whole system capability.
There is a need for holistic capability level analysis tools that quantify survivability along
with other influencing capabilities such as: mobility (payload / range), lethality, situational
awareness, sustainability and other mission capabilities.
It is recommended that an investigation of capability level analysis methods across defence
should be undertaken to ensure a coherent and compliant approach to systems engineering
that adopts best practice from across the domains. Systems dynamics techniques should be
considered for further use by Dstl and the wider MOD, particularly within the survivability
and operational analysis domains. This would improve understanding of the problem space,
promote a more holistic approach and enable a better balance of capability, within which
survivability is one essential element.
There would be value in considering accidental losses within a more comprehensive
âsurvivabilityâ analysis. This approach would enable a better balance to be struck between
safety and survivability risk mitigations and would lead to an improved, more integrated
overall design
- âŠ