Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics

The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal

Information Technology and Systems - II:Server Administration Networks

A majority of IS graduates (56% in one recent survey] are involved in server administration, network administration and IS security work. An important recent innovation in these areas is the deployment of separate networks dedicated to server administration and related tasks, combining the cost and productivity advantages of remote administration with risk levels comparable to console-based administrative access. Remote server administration is a previously undocumented artisanal tradition that evolved in scientific and technical network environments, and is now becoming applicable to an increasing range of business networks. This tutorial article provides an overview of current server administration network architectures, and of the software, workstation, and user interface technologies associated with remote server administration

Assembly and Certification of ATLAS Muon Stations for the Middle and Outer Barrel at CERN

Roughly 400 of the approximately 700 muon stations of the ATLAS barrel belong to the middle and outer layer. Barrel Middle and Barrel Outer stations consist of both an MDT chamber and one or two RPC planes delivering the level-1 trigger information. While MDT chambers and individual RPC units are constructed at their home institutes, the assembly of the RPCs into planes, including the final cabling and the mounting of the trigger electronics, as well as the integration of MDTs and RPCs into muon stations takes place at CERN. MDT chambers, RPC planes and the completed stations have to pass a series of tests before being declared 'ready-for-installation'. Final certification criteria is the passing of a one-day cosmic ray test, for which a special setup has been built in building 899 (BB5). This note gives an overview over the work carried out in BB5, with emphasis on the cosmic ray test. Examples of abnormal chamber behavior will be discussed and a summary of common mistakes in station assembly or chamber cabling will be given. A second focus of the note is on the statistical analysis of the certification results

Analyzing IP Telephony over H.323

Tato práce popisuje protokoly obsažené ve standardu H.323. Zabývá se také nástroji použitelnými pro analýzu tohoto standardu. Hlavním cílem této práce je popsat návrh a implementaci nástroje pro analýzu komunikace hlasových přenosů právě přes H.323. Nástroj vyhledává a dekóduje signalizační zprávy, ze kterých získá jak informace o hovoru samotném (začátek a konec hovoru, telefonní čísla účastníků, atd.), tak informace nutné pro zachycení multimediálních dat. V případě zachycení multimediálních data tato exportuje ve formátu vhodném pro následné zpracování. Informace o hovorech jsou exportovány ve formátu XML.This thesis describes protocols from H.323 standard. Tools used for analyzing VoIP calls over H.323 are described. The main object is to describe a design and implementation of a tool for analyzing IP telephony over H.323. The tool seeks and decodes signaling messages. These messages are analyzed for information about call itself (time of beginning and end of a call, call numbers of participants, etc.) and for information necessary for capturing multimedia data. When captured, multimedia data are exported for proper post-processing. Call information are exported as XML structures.

Systems support for distributed learning environments

This thesis contends that the growing phenomena of multi-user networked "learning environments" should be treated as distributed interactive systems and that their developers should be aware of the systems and networks issues involved in their construction and maintenance. Such environments are henceforth referred to as distributed learning environments, or DLEs. Three major themes are identified as part of systems support: i) shared resource coherence in DLEs; ii) Quality of Service for the end- users of DLEs; and iii) the need for an integrating framework to develop, deploy and manage DLEs. The thesis reports on several distinct implementations and investigations that are each linked by one or more of those themes. Initially, responsiveness and coherence emerged as potentially conflicting requirements, and although a system was built that successfully resolved this conflict it proved difficult to move from the "clean room" conditions of a research project into a real world learning context. Accordingly, subsequent systems adopted a web-based approach to aid deployment in realistic settings. Indeed, production versions of these systems have been used extensively in credit-bearing modules in several Scottish Universities. Interactive responsiveness then emerged as a major Quality of Service issue in its own right, and motivated a series of investigations into the sources of delay, as experienced by end users of web-oriented distributed learning environments. Investigations into this issue provided insight into the nature of web-oriented interactive distributed learning and highlighted the need to be QoS-aware. As the volume and the range of usage of distributed learning applications increased the need for an integrating framework emerged. This required identifying and supporting a wide variety of educational resource types and also the key roles occupied by users of the system, such as tutors, students, supervisors, service providers, administrators, examiners. The thesis reports on the approaches taken and lessons learned from researching, designing and implementing systems which support distributed learning. As such, it constitutes a documented body of work that can inform the future design and deployment of distributed learning environments

Nuclear Fusion Programme: Annual Report of the Association Karlsruhe Institute of Technology/EURATOM ; January 2012 - December 2012 (KIT Scientific Reports ; 7647)

The Karlsruhe Institute of Technology (KIT) is working in the framework of the European Fusion Programme on key technologies in the areas of superconducting magnets, microwave heating systems (Electron-Cyclotron-Resonance-Heating, ECRH), the deuterium-tritium fuel cycle, He-cooled breeding blankets, a He-cooled divertor and structural materials, as well as refractory metals for high heat flux applications including a major participation in the preparation of the international IFMIF project

Distributed satellite communications system design : first-order interactions between system and network architectures

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2005.Includes bibliographical references (p. 159-165).Humanity now exists in the midst of the fast-moving Information Age, a period of history characterized by fast travel and even faster information transfer. As data becomes seemingly more valuable than physical possessions, the introduction of exciting applications for communications services becomes ever more critical for the success - and in some cases, survival - of businesses and even nations. While the majority of these innovations have occurred over cable and fiber, a number of the most socially significant have occurred due to the introduction of satellites. Terrestrial fiber and cable systems have a number of advantages, but the extent of their reach and the cost of installation - in terms of both capital and time - favor industrialized nations over more remote and underdeveloped communities. Even as satellites offer the only real chance for ultimate communications ubiquity and true global unity, there remains a significant cost-benefit barrier. Few commercial satellite systems have succeeded economically without first falling victim to bankruptcy. The upfront capital required to implement a satellite communications system is staggering, and historically satellite companies have failed to adequately match capacity and service options to the current and actual future demand. The design process itself is an inherent limiting factor to the achievable cost and performance of a system.(cont.) Traditionally, the first step toward designing satellite communication systems - as well as terrestrial, sensor web, and ad hoc networks - has been to specify the system topology (e.g., the orbits of the satellites and the locations of the ground stations) based on the desired market and then to design the network protocols to make the most of the available resources. Such a sequential process assumes that the design of the network architecture (e.g., protocols, packet structure, etc) does not drive the design of the system architecture (e.g., constellation topology, spacecraft design, etc). This thesis will show that in the case of Ka-band distributed satellite communication systems this fundamental assumption is not valid, and can have a significant impact on the success (cost, capacity, customer satisfaction) of the resulting satellite communication system. Furthermore, this thesis will show that how a designer values performance during the design and decision process can have a substantial impact on the quality of the design path taken through the trade space of possible joint architectures.by Jennifer E. Underwood.S.M