Software Engineering Challenges for Investigating Cyber-Physical Incidents

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, supported by a motivating example, we describe some emerging software engineering challenges to support investigations of cyber-physical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay

Barriers to Building Information Modeling (BIM) implementation in China's prefabricated construction: An interpretive structural modeling (ISM) approach

It is widely recognized that Building Information Modeling (BIM) can facilitate the delivery of prefabricated construction. Nevertheless, the actual practice of BIM faces several barriers. A range of existing studies and literature have discussed these barriers extensively, but two research questions remain unanswered. First, what are the unique barriers facing the use of BIM in China's prefabricated construction? Second, how do these barriers interrelate with one another? This research aims to address these two questions. Conducting a two-round literature review and a questionnaire survey ascertained twelve barriers acutely affecting the Chinese experience of applying BIM to prefabricated construction. In addition, Interpretive Structural Modeling (ISM) was used to identify interrelationships among these barriers. The exercise found that, compared with the cost-related issues suggested by previous studies that focused on general BIM implementation barriers, the lack of research about BIM in China and the absence of standards and domestic-oriented tools are likely the biggest hindrances to the practical application of BIM in China's prefabricated construction. This study contributes to the knowledge body by revealing major barriers to BIM implementation in China's prefabricated construction and crafting a corresponding three-level strategy to facilitate the possible implementation. The findings of this study can thus act as a practical reference for future research attempting to provide technological and managerial solutions to improve BIM implementation in China's prefabricated construction

First Glance: An Introductory Analysis of Network Forensics of Tor

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. Additional known, but yet to be perpetrated, attacks are examined for a more holistic view of the state of forensics of the Tor network. Based on the combination of these studies, there is some evidence that a specific, individual flow of traffic over the Tor network is attributable to a single entity. However, the content of that flow has not been compromised within the Tor network. As such, the inculpatory evidence required for legal action is limited at this time. Keywords: Tor, Forensic Analysis, Privacy & Anonymit

AVOIDIT IRS: An Issue Resolution System To Resolve Cyber Attacks

Cyber attacks have greatly increased over the years and the attackers have progressively improved in devising attacks against specific targets. Cyber attacks are considered a malicious activity launched against networks to gain unauthorized access causing modification, destruction, or even deletion of data. This dissertation highlights the need to assist defenders with identifying and defending against cyber attacks. In this dissertation an attack issue resolution system is developed called AVOIDIT IRS (AIRS). AVOIDIT IRS is based on the attack taxonomy AVOIDIT (Attack Vector, Operational Impact, Defense, Information Impact, and Target). Attacks are collected by AIRS and classified into their respective category using AVOIDIT.Accordingly, an organizational cyber attack ontology was developed using feedback from security professionals to improve the communication and reusability amongst cyber security stakeholders. AIRS is developed as a semi-autonomous application that extracts unstructured external and internal attack data to classify attacks in sequential form. In doing so, we designed and implemented a frequent pattern and sequential classification algorithm associated with the five classifications in AVOIDIT. The issue resolution approach uses inference to educate the defender on the plausible cyber attacks. The AIRS can work in conjunction with an intrusion detection system (IDS) to provide a heuristic to cyber security breaches within an organization. AVOIDIT provides a framework for classifying appropriate attack information, which is fundamental in devising defense strategies against such cyber attacks. The AIRS is further used as a knowledge base in a game inspired defense architecture to promote game model selection upon attack identification. Future work will incorporate honeypot attack information to improve attack identification, classification, and defense propagation.In this dissertation, 1,025 common vulnerabilities and exposures (CVEs) and over 5,000 lines of log files instances were captured in the AIRS for analysis. Security experts were consulted to create rules to extract pertinent information and algorithms to correlate identified data for notification. The AIRS was developed using the Codeigniter [74] framework to provide a seamless visualization tool for data mining regarding potential cyber attacks relative to web applications. Testing of the AVOIDIT IRS revealed a recall of 88%, precision of 93%, and a 66% correlation metric

Towards a Framework for Automatic Firewalls Configuration via Argumentation Reasoning

Firewalls have been widely used to protect not only small and local networks but also large enterprise networks. The configuration of firewalls is mainly done by network administrators, thus, it suffers from human errors. This paper aims to solve the network administrators' problem by introducing a formal approach that helps to configure centralized and distributed firewalls and automatically generate conflict-free firewall rules. We propose a novel framework, called ArgoFiCo, which is based on argumentation reasoning. Our framework automatically populates the firewalls of a network, given the network topology and the high-level requirements that represent how the network should behave. ArgoFiCo provides two strategies for firewall rules distribution

Cyber Security Body of Knowledge and Curricula Development

The cyber world is an ever-changing world and cyber security is most important and touches the lives of everyone on the cyber world including researchers, students, businesses, academia, and novice user. The chapter suggests a body of knowledge that incorporates the view of academia as well as practitioners. This research attempts to put basic step and a framework for cyber security body of knowledge and to allow practitioners and academicians to face the problem of lack of standardization. Furthermore, the chapter attempts to bridge the gap between the different audiences. The gap is so broad that the term of cyber security is not agreed upon even in spelling. The suggested body of knowledge may not be perfect, yet it is a step forward