Towards a Layered Architectural View for Security Analysis in SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure

Web-centred end-user component modelling

This paper formally defines a web component model enabling end-user programmers to build component-based rich internet applications (RIAs) that are tailored to meet their particular needs. It is the product of a series of previously published papers. The formal definition in description logic verifies that the model is consistent and subsumes currently existing models. We demonstrate experimentally that it is more effective than the others. Current tools propose very disparate web component models, which are based on the appropriate invocation of service backends, overlooking user needs in order to exploit these services and resources in a friendly manner. We have proposed a web model based on a detailed study of existing tools, their pros and cons, limitations and key success factors that have enabled other web end-user development (WEUD) solutions to help end-user programmers to build software to support their needs. In this paper we have verified that the proposed model subsumes and is instantiated by the models of the other existing tools that we analysed, coming a step closer to the standardization of end-user centred RIAs and development environments. We have implemented a development tool, called EzWeb, to produce RIAs that implement the proposed model. This tool enables users to develop their application following the model’s component structure based on end-user programming success factors. We report a statistical experiment in which users develop increasingly complex web software using the EzWeb tool generating RIAs that conform to the proposed component model, and other WEUD tools generating RIAs that conform to other models. This experiment confirms the applicability of the proposed model and demonstrates that more enduser programmers (EUPs) (users concerned with programming primarily for personal rather public use) successfully develop web solutions for complex problems using the EzWeb tool that implements the model, which is more efficient than existing tools that implement other models

Study and proposal of a framework for designing tailorable user interfaces

Orientador: Maria Cecilia Calani BaranauskasTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: A socialização dos sistemas computacionais trouxe um desafio a mais para os pesquisadores de Interação Humano-Computador: como prover interfaces que propiciem acesso ao maior número possível de usuários independentemente de suas capacidades sensoriais, físicas, cognitivas e emocionais? Um dos caminhos que se apresenta é desenvolver sistemas flexíveis, i.e. que permitam modificações em seu comportamento durante a interação, oferecendo ao usuário a possibilidade de ajustar a interface de acordo com as suas preferências, necessidades e situações de uso. O design de interfaces flexíveis, que façam sentido e sejam acessíveis a mais pessoas, demanda abordagens que permitam conhecer e formalizar os diferentes requisitos de interação, definir funcionalidades e determinar o comportamento ajustável do sistema. Soluções encontradas na literatura relacionadas ao tema interfaces ajustáveis, (ou tailoring em inglês) enfatizam questões relacionadas à infra-estrutura necessária para o ajuste, não tendo sido encontrados trabalhos que apoiassem os designers de forma prática durante o processo de concepção dessas interfaces. Esta tese propõe e apresenta um framework para o design de interfaces de usuário ajustáveis, denominado PLuRaL. O termo framework é utilizado aqui no seu sentido mais amplo como uma estrutura composta por diretrizes, mecanismos, artefatos e sistemas usados no planejamento e na tomada de decisões de design. O PLuRaL adota uma perspectiva sócio-técnica para a concepção das interfaces ajustáveis e uma visão abrangente dos requisitos de interação, incluindo aqueles que são controversos ou minoritários e advindos não somente de usuários, mas também de diferentes dispositivos e ambientes de interação. Aspectos semânticos, pragmáticos e o impacto social da interação também são considerados. Por fim, o comportamento ajustável do sistema é modelado utilizando-se o conceito de normas. O referencial teórico-metodológico adotado para o trabalho de pesquisa envolveu as disciplinas de Interação Humano-Computador e Semiótica Organizacional. A construção do framework foi pautada por 2 estudos de caso envolvendo populações de usuário heterogêneas em contextos de sistemas de governo eletrônico e de rede social inclusiva. A validação do framework foi realizada com 17 designers e os resultados sugerem uma avaliação positiva considerando a utilidade, flexibilidade para apoiar mudanças, liberdade de criação e satisfação com as propostas de design resultantesAbstract: The socialization of computer systems has brought a new challenge to Human-Computer Interaction researchers: how to design interfaces that provide access to as many users as possible regardless of their sensory, physical, cognitive and emotional characteristics? One approach to answer this question is to develop flexible systems, i.e. those that allow changes in their behavior during the interaction, offering users the possibility to tailor the interface according to their preferences, needs and situations of use. The design of flexible interfaces, which make sense and are accessible to more people, demands approaches to understand and formalize the different interaction requirements, define functionalities and determine the system tailorable behavior. Solutions found in the literature about tailorable interfaces have focused on the infrastructure needed to offer flexibility and works to support designers in a practical way during the conception of such interfaces were not found. This thesis proposes and presents a framework for the design of tailorable user interfaces, named PLuRaL. The term framework is used here in its broadest sense as a structure consisting of guidelines, mechanisms, artifacts and systems used in design planning and decision-making. PLuRaL adopts a socio-technical approach to design tailorable interfaces and a comprehensive view for interaction requirements, including those that are controversial or from minority, and arising not only from users, but also from different devices and interaction environments. The semantic, pragmatic and social impacts of the interaction are also considered. Finally, the behavior of the tailorable system is modeled using the concept of norms. The theoretical and methodological references adopted in this work involved the disciplines of Human-Computer Interaction and Organizational Semiotics. The framework's construction was guided by 2 case studies with heterogeneous populations, in the context of electronic government and inclusive social network system. The framework's validation was performed with 17 designers and the results suggest a positive evaluation considering the usefulness and flexibility to support changes, freedom to create and satisfaction with the final design proposalsDoutoradoMetodologia e Tecnicas da ComputaçãoDoutor em Ciência da Computaçã

Finding Answers to Complex Questions

In this chapter, we motivate one potential type of future QA system that deals with questions more complex than simple factoid questions and which provides answers with their supporting context. Our approach is based on the issues we faced when developing and delivering a QA system to deal with real time questions in the domain of RLVs within the larger field of aerospace engineering. This particular domain, the actual users of the system, and the questions asked, all demanded a change in our question-answering strategy. First, the chapter will present background on the project that provided the context and a description of the system that was deployed. Next, the chapter analyzes the questions put to the system by the users and discusses the implications that this analysis and the user evaluation study had on our design of a QA system of the future

Design Ltd.: Renovated Myths for the Development of Socially Embedded Technologies

This paper argues that traditional and mainstream mythologies, which have been continually told within the Information Technology domain among designers and advocators of conceptual modelling since the 1960s in different fields of computing sciences, could now be renovated or substituted in the mould of more recent discourses about performativity, complexity and end-user creativity that have been constructed across different fields in the meanwhile. In the paper, it is submitted that these discourses could motivate IT professionals in undertaking alternative approaches toward the co-construction of socio-technical systems, i.e., social settings where humans cooperate to reach common goals by means of mediating computational tools. The authors advocate further discussion about and consolidation of some concepts in design research, design practice and more generally Information Technology (IT) development, like those of: task-artifact entanglement, universatility (sic) of End-User Development (EUD) environments, bricolant/bricoleur end-user, logic of bricolage, maieuta-designers (sic), and laissez-faire method to socio-technical construction. Points backing these and similar concepts are made to promote further discussion on the need to rethink the main assumptions underlying IT design and development some fifty years later the coming of age of software and modern IT in the organizational domain.Comment: This is the peer-unreviewed of a manuscript that is to appear in D. Randall, K. Schmidt, & V. Wulf (Eds.), Designing Socially Embedded Technologies: A European Challenge (2013, forthcoming) with the title "Building Socially Embedded Technologies: Implications on Design" within an EUSSET editorial initiative (www.eusset.eu/

Documentation Driven Software Development

The views, opinions and/or findings contained in this report are those of the author(s) and should not contrued as an official Department of the Army position, policy or decision, unless so designated by other documentation.Our objective is to develop an integrated, systematic, documentation centric approach to software development, known as Documentation Driven Software Development (DDD). The research issues for DDD are creation and application of three key documenting technologies that will drive the development process and a Document Management System (DMS) that will support them. These technologies address (1) representations for active documents; (2) representations for repositories; (3) methods for analysis, transformation, and presentation of this information. In addition, we explored new possibilities for computed-aided interfaces that help humans with routine tasks. In doing so we applied Cognitive Science and machine learning methods to design user interfaces that can learn and assist users. We also expanded our work in the area of integration of ontologies from heterogeneous sources. Specifically, we studied Knowledge System Integration Ontology (KSIO) that aligns data and information systems with current situational context for the efficient knowledge collection, integration and transfer. The role of ontology is to organize and structure knowledge (e.g. by standardized terminology) so that semantic queries and associations become more efficient. We assessed the degree to which natural language processing can be usefully applied to the analysis of requirement changes and their impact on system structure and implementation

Practical Use of High-level Petri Nets

This booklet contains the proceedings of the Workshop on Practical Use of High-level Petri Nets, June 27, 2000. The workshop is part of the 21st International Conference on Application and Theory of Petri Nets organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The workshop papers are available in electronic form via the web pages: http://www.daimi.au.dk/pn2000/proceeding