641 research outputs found
Evolution of security engineering artifacts: a state of the art survey
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research
Master of Science
thesisArguably, the inherent complexity of network management makes it the top concern for network operators. While true for all networks, network management complexity is significantly exacerbated in open access networks where, unlike more monolithic "closed access networks," services are provided by different service providers on a shared network infrastructure that is operated by a separate network owner/operator. The intricate responsibilities of the role players in this environment, combined with the lack of automation in current network management and operation practices, conspire to prevent open access networks from reaching their true potential. In this thesis, we present our work on the FlowOps framework to address these concerns. FlowOps is a network management and operations framework that provides structured, automated network management for heterogeneous open access network environments. In FlowOps, we are exploring the use of a production rules system to realize automated network management and operations. This rule-based approach enables us to accurately model dependencies and relationships of devices and role players in an open access network. FlowOps enables the automation of network configuration and fault management tasks in both traditional and software-defined networks. We present a prototype implementation of FlowOps and demonstrate its utility for network operators, service providers, and end users
Decision Support Systems
Decision support systems (DSS) have evolved over the past four decades from theoretical concepts into real world computerized applications. DSS architecture contains three key components: knowledge base, computerized model, and user interface. DSS simulate cognitive decision-making functions of humans based on artificial intelligence methodologies (including expert systems, data mining, machine learning, connectionism, logistical reasoning, etc.) in order to perform decision support functions. The applications of DSS cover many domains, ranging from aviation monitoring, transportation safety, clinical diagnosis, weather forecast, business management to internet search strategy. By combining knowledge bases with inference rules, DSS are able to provide suggestions to end users to improve decisions and outcomes. This book is written as a textbook so that it can be used in formal courses examining decision support systems. It may be used by both undergraduate and graduate students from diverse computer-related fields. It will also be of value to established professionals as a text for self-study or for reference
Online failure prediction in air traffic control systems
This thesis introduces a novel approach to online failure prediction for mission critical distributed systems that has the distinctive features to be black-box, non-intrusive and online. The approach combines Complex Event Processing (CEP) and Hidden Markov Models (HMM) so as to analyze symptoms of failures that might occur in the form of anomalous conditions of performance metrics identified for such purpose. The thesis presents an architecture named CASPER, based on CEP and HMM, that relies on sniffed information from the communication network of a mission critical system, only, for predicting anomalies that can lead to software failures. An instance of Casper has been implemented, trained and tuned to monitor a real Air Traffic Control (ATC) system developed by Selex ES, a Finmeccanica Company. An extensive experimental evaluation of CASPER is presented. The obtained results show (i) a very low percentage of false positives over both normal and under stress conditions, and (ii) a sufficiently high failure prediction time that allows the system to apply appropriate recovery procedures
Online failure prediction in air traffic control systems
This thesis introduces a novel approach to online failure prediction for mission critical distributed systems that has the distinctive features to be black-box, non-intrusive and online. The approach combines Complex Event Processing (CEP) and Hidden Markov Models (HMM) so as to analyze symptoms of failures that might occur in the form of anomalous conditions of performance metrics identified for such purpose. The thesis presents an architecture named CASPER, based on CEP and HMM, that relies on sniffed information from the communication network of a mission critical system, only, for predicting anomalies that can lead to software failures. An instance of Casper has been implemented, trained and tuned to monitor a real Air Traffic Control (ATC) system developed by Selex ES, a Finmeccanica Company. An extensive experimental evaluation of CASPER is presented. The obtained results show (i) a very low percentage of false positives over both normal and under stress conditions, and (ii) a sufficiently high failure prediction time that allows the system to apply appropriate recovery procedures
Advanced Topics in Systems Safety and Security
This book presents valuable research results in the challenging field of systems (cyber)security. It is a reprint of the Information (MDPI, Basel) - Special Issue (SI) on Advanced Topics in Systems Safety and Security. The competitive review process of MDPI journals guarantees the quality of the presented concepts and results. The SI comprises high-quality papers focused on cutting-edge research topics in cybersecurity of computer networks and industrial control systems. The contributions presented in this book are mainly the extended versions of selected papers presented at the 7th and the 8th editions of the International Workshop on Systems Safety and Security—IWSSS. These two editions took place in Romania in 2019 and respectively in 2020. In addition to the selected papers from IWSSS, the special issue includes other valuable and relevant contributions. The papers included in this reprint discuss various subjects ranging from cyberattack or criminal activities detection, evaluation of the attacker skills, modeling of the cyber-attacks, and mobile application security evaluation. Given this diversity of topics and the scientific level of papers, we consider this book a valuable reference for researchers in the security and safety of systems
Architectures for embedded multimodal sensor data fusion systems in the robotics : and airport traffic suveillance ; domain
Smaller autonomous robots and embedded sensor data fusion systems often suffer from limited
computational and hardware resources. Many ‘Real Time’ algorithms for multi modal sensor data
fusion cannot be executed on such systems, at least not in real time and sometimes not at all, because
of the computational and energy resources needed, resulting from the architecture of the
computational hardware used in these systems. Alternative hardware architectures for generic
tracking algorithms could provide a solution to overcome some of these limitations. For tracking and
self localization sequential Bayesian filters, in particular particle filters, have been shown to be able to
handle a range of tracking problems that could not be solved with other algorithms. But particle filters
have some serious disadvantages when executed on serial computational architectures used in most
systems. The potential increase in performance for particle filters is huge as many of the computational
steps can be done concurrently. A generic hardware solution for particle filters can relieve the central
processing unit from the computational load associated with the tracking task.
The general topic of this research are hardware-software architectures for multi modal sensor data
fusion in embedded systems in particular tracking, with the goal to develop a high performance
computational architecture for embedded applications in robotics and airport traffic surveillance
domain. The primary concern of the research is therefore: The integration of domain specific concept
support into hardware architectures for low level multi modal sensor data fusion, in particular
embedded systems for tracking with Bayesian filters; and a distributed hardware-software tracking
systems for airport traffic surveillance and control systems.
Runway Incursions are occurrences at an aerodrome involving the incorrect presence of an aircraft,
vehicle, or person on the protected area of a surface designated for the landing and take-off of aircraft.
The growing traffic volume kept runway incursions on the NTSB’s ‘Most Wanted’ list for safety
improvements for over a decade. Recent incidents show that problem is still existent. Technological
responses that have been deployed in significant numbers are ASDE-X and A-SMGCS. Although these
technical responses are a significant improvement and reduce the frequency of runway incursions,
some runway incursion scenarios are not optimally covered by these systems, detection of runway
incursion events is not as fast as desired, and they are too expensive for all but the biggest airports.
Local, short range sensors could be a solution to provide the necessary affordable surveillance accuracy
for runway incursion prevention. In this context the following objectives shall be reached. 1) Show the
feasibility of runway incursion prevention systems based on localized surveillance. 2) Develop a design
for a local runway incursion alerting system. 3) Realize a prototype of the system design using the
developed tracking hardware.Kleinere autonome Roboter und eingebettete Sensordatenfusionssysteme haben oft mit stark
begrenzter Rechenkapazität und eingeschränkten Hardwareressourcen zu kämpfen. Viele
Echtzeitalgorithmen für die Fusion von multimodalen Sensordaten können, bedingt durch den hohen
Bedarf an Rechenkapazität und Energie, auf solchen Systemen überhaupt nicht ausgeführt werden,
oder zu mindesten nicht in Echtzeit. Der hohe Bedarf an Energie und Rechenkapazität hat seine
Ursache darin, dass die Architektur der ausführenden Hardware und der ausgeführte Algorithmus
nicht aufeinander abgestimmt sind. Dies betrifft auch Algorithmen zu Spurverfolgung. Mit Hilfe von
alternativen Hardwarearchitekturen für die generische Ausführung solcher Algorithmen könnten sich
einige der typischerweise vorliegenden Einschränkungen überwinden lassen. Eine Reihe von Aufgaben,
die sich mit anderen Spurverfolgungsalgorithmen nicht lösen lassen, lassen sich mit dem Teilchenfilter,
einem Algorithmus aus der Familie der Bayesschen Filter lösen. Bei der Ausführung auf traditionellen
Architekturen haben Teilchenfilter gegenüber anderen Algorithmen einen signifikanten Nachteil,
allerdings ist hier ein großer Leistungszuwachs durch die nebenläufige Ausführung vieler
Rechenschritte möglich. Eine generische Hardwarearchitektur für Teilchenfilter könnte deshalb die
oben genannten Systeme stark entlasten.
Das allgemeine Thema dieses Forschungsvorhabens sind Hardware-Software-Architekturen für die
multimodale Sensordatenfusion auf eingebetteten Systemen - speziell für Aufgaben der
Spurverfolgung, mit dem Ziel eine leistungsfähige Architektur für die Berechnung entsprechender
Algorithmen auf eingebetteten Systemen zu entwickeln, die für Anwendungen in der Robotik und
Verkehrsüberwachung auf Flughäfen geeignet ist. Das Augenmerk des Forschungsvorhabens liegt
dabei auf der Integration von vom Einsatzgebiet abhängigen Konzepten in die Architektur von
Systemen zur Spurverfolgung mit Bayeschen Filtern, sowie auf verteilten Hardware-Software
Spurverfolgungssystemen zur Überwachung und Führung des Rollverkehrs auf Flughäfen.
Eine „Runway Incursion“ (RI) ist ein Vorfall auf einem Flugplatz, bei dem ein Fahrzeug oder eine Person
sich unerlaubt in einem Abschnitt der Start- bzw. Landebahn befindet, der einem Verkehrsteilnehmer
zur Benutzung zugewiesen wurde. Der wachsende Flugverkehr hat dafür gesorgt, das RIs seit über
einem Jahrzehnt auf der „Most Wanted“-Liste des NTSB für Verbesserungen der Sicherheit stehen.
Jüngere Vorfälle zeigen, dass das Problem noch nicht behoben ist. Technologische Maßnahmen die in
nennenswerter Zahl eingesetzt wurden sind das ASDE-X und das A-SMGCS. Obwohl diese Maßnahmen
eine deutliche Verbesserung darstellen und die Zahl der RIs deutlich reduzieren, gibt es einige RISituationen
die von diesen Systemen nicht optimal abgedeckt werden. Außerdem detektieren sie RIs
ist nicht so schnell wie erwünscht und sind - außer für die größten Flughäfen - zu teuer. Lokale Sensoren
mit kurzer Reichweite könnten eine Lösung sein um die für die zuverlässige Erkennung von RIs
notwendige Präzision bei der Überwachung des Rollverkehrs zu erreichen. Vor diesem Hintergrund
sollen die folgenden Ziele erreicht werden. 1) Die Machbarkeit eines Runway Incursion
Vermeidungssystems, das auf lokalen Sensoren basiert, zeigen. 2) Einen umsetzbaren Entwurf für ein
solches System entwickeln. 3) Einen Prototypen des Systems realisieren, das die oben gennannte
Hardware zur Spurverfolgung einsetzt
Reinforcing the weakest link in cyber security: securing systems and software against attacks targeting unwary users
Unwary computer users are often blamed as the weakest link on the security chain, for unknowingly facilitating incoming cyber attacks and jeopardizing the efforts to secure systems and networks. However, in my opinion, average users should not bear the blame because of their lack of expertise to predict the security consequence of every action they perform, such as browsing a webpage, downloading software to their computers, or installing an application to their mobile devices.
My thesis work aims to secure software and systems by reducing or eliminating the chances where users’ mere action can unintentionally enable external exploits and attacks. In achieving this goal, I follow two complementary paths: (i) building runtime monitors to identify and interrupt the attack-triggering user actions; (ii) designing offline detectors for the software vulnerabilities that allow for such actions. To maximize the impact, I focus on securing software that either serve the largest number of users (e.g. web browsers) or experience the fastest user growth (e.g. smartphone apps), despite the platform distinctions.
I have addressed the two dominant attacks through which most malicious software (a.k.a. malware) infections happen on the web: drive-by download and rogue websites. BLADE, an OS kernel extension, infers user intent through OS-level events and prevents the execution of download files that cannot be attributed to any user intent. Operating as a browser extension and identifying malicious post-search redirections, SURF protects search engine users from falling into the trap of poisoned search results that lead to fraudulent websites. In the infancy of security problems on mobile
devices, I built Dalysis, the first comprehensive static program analysis framework for vetting Android apps in bytecode form. Based on Dalysis, CHEX detects the component hijacking vulnerability in large volumes of apps.
My thesis as a whole explores, realizes, and evaluates a new perspective of securing software and system, which limits or avoids the unwanted security consequences caused by unwary users. It shows that, with the proposed approaches, software can be reasonably well protected against attacks targeting its unwary users. The knowledge and insights gained throughout the course of developing the thesis have advanced the community’s awareness of the threats and the increasing importance of considering unwary users when designing and securing systems. Each work included in this thesis has yielded at least one practical threat mitigation system. Evaluated by the large-scale real-world experiments, these systems have demonstrated the effectiveness at thwarting the security threats faced by most unwary users today. The threats addressed by this thesis have span multiple computing platforms, such as desktop operating systems, the Web, and smartphone devices, which highlight the broad impact of the thesis.Ph.D
- …