Risk analysis of autonomous vehicle and its safety impact on mixed traffic stream

In 2016, more than 35,000 people died in traffic crashes, and human error was the reason for 94% of these deaths. Researchers and automobile companies are testing autonomous vehicles in mixed traffic streams to eliminate human error by removing the human driver behind the steering wheel. However, recent autonomous vehicle crashes while testing indicate the necessity for a more thorough risk analysis. The objectives of this study were (1) to perform a risk analysis of autonomous vehicles and (2) to evaluate the safety impact of these vehicles in a mixed traffic stream. The overall research was divided into two phases: (1) risk analysis and (2) simulation of autonomous vehicles. Risk analysis of autonomous vehicles was conducted using the fault tree method. Based on failure probabilities of system components, two fault tree models were developed and combined to predict overall system reliability. It was found that an autonomous vehicle system could fail 158 times per one-million miles of travel due to either malfunction in vehicular components or disruption from infrastructure components. The second phase of this research was the simulation of an autonomous vehicle, where change in crash frequency after autonomous vehicle deployment in a mixed traffic stream was assessed. It was found that average travel time could be reduced by about 50%, and 74% of conflicts, i.e., traffic crashes, could be avoided by replacing 90% of the human drivers with autonomous vehicles

Classifying network attack scenarios using an ontology

This paper presents a methodology using network attack ontology to classify computer-based attacks. Computer network attacks differ in motivation, execution and end result. Because attacks are diverse, no standard classification exists. If an attack could be classified, it could be mitigated accordingly. A taxonomy of computer network attacks forms the basis of the ontology. Most published taxonomies present an attack from either the attacker's or defender's point of view. This taxonomy presents both views. The main taxonomy classes are: Actor, Actor Location, Aggressor, Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects, Motivation, Phase, Scope and Target. The "Actor" class is the entity executing the attack. The "Actor Location" class is the Actor‟s country of origin. The "Aggressor" class is the group instigating an attack. The "Attack Goal" class specifies the attacker‟s goal. The "Attack Mechanism" class defines the attack methodology. The "Automation Level" class indicates the level of human interaction. The "Effects" class describes the consequences of an attack. The "Motivation" class specifies incentives for an attack. The "Scope" class describes the size and utility of the target. The "Target" class is the physical device or entity targeted by an attack. The "Vulnerability" class describes a target vulnerability used by the attacker. The "Phase" class represents an attack model that subdivides an attack into different phases. The ontology was developed using an "Attack Scenario" class, which draws from other classes and can be used to characterize and classify computer network attacks. An "Attack Scenario" consists of phases, has a scope and is attributed to an actor and aggressor which have a goal. The "Attack Scenario" thus represents different classes of attacks. High profile computer network attacks such as Stuxnet and the Estonia attacks can now be been classified through the “Attack Scenario” class

Informacijos saugos reikalavimų harmonizavimo, analizės ir įvertinimo automatizavimas

The growing use of Information Technology (IT) in daily operations of enterprises requires an ever-increasing level of protection over organization’s assets and information from unauthorised access, data leakage or any other type of information security breach. Because of that, it becomes vital to ensure the necessary level of protection. One of the best ways to achieve this goal is to implement controls defined in Information security documents. The problems faced by different organizations are related to the fact that often, organizations are required to be aligned with multiple Information security documents and their requirements. Currently, the organization’s assets and information protection are based on Information security specialist’s knowledge, skills and experience. Lack of automated tools for multiple Information security documents and their requirements harmonization, analysis and visualization lead to the situation when Information security is implemented by organizations in ineffective ways, causing controls duplication or increased cost of security implementation. An automated approach for Information security documents analysis, mapping and visualization would contribute to solving this issue. The dissertation consists of an introduction, three main chapters and general conclusions. The first chapter introduces existing Information security regulatory documents, current harmonization techniques, information security implementation cost evaluation methods and ways to analyse Information security requirements by applying graph theory optimisation algorithms (Vertex cover and Graph isomorphism). The second chapter proposes ways to evaluate information security implementation and costs through a controls-based approach. The effectiveness of this method could be improved by implementing automated initial data gathering from Business processes diagrams. In the third chapter, adaptive mapping on the basis of Security ontology is introduced for harmonization of different security documents; such an approach also allows to apply visualization techniques for harmonization results presentation. Graph optimization algorithms (vertex cover algorithm and graph isomorphism algorithm) for Minimum Security Baseline identification and verification of achieved results against controls implemented in small and medium-sized enterprises were proposed. It was concluded that the proposed methods provide sufficient data for adjustment and verification of security controls applicable by multiple Information security documents.Dissertatio

ThreMA: Ontology-based Automated Threat Modelling for ICT Infrastructures

Threat Modelling allows defenders to identify threats to which the target system is exposed. Such a process requires a detailed infrastructure analysis to map threats to assets and to identify possible flaws. Unfortunately, the process is still mostly done manually and without the support of formally sound approaches. Moreover, Threat Modelling often involves teams with different levels of security knowledge, leading to different possible interpretation in the system under analysis representation. Threat modelling automation comes with two main challenges: (i) the need for a standard representation of models and data used in various stages of the process, establishing a formal vocabulary for all involved parties, and (ii) the requirement for a well-defined inference rule set enabling reasoning process automation for threat identification. The paper presents the ThreMA approach to automating threat modelling for ICT infrastructures, aiming at addressing the key automation issues through the use of ontologies. Specifically, a formal vocabulary for modelling an ICT infrastructure, a threat catalog and a set of inference rules needed to support the reasoning process for threat identification are provided. The proposed approach has been validated against actual significant case studies provided by different Stakeholders of the Italian Public Sector

Development of an intelligent surgical training system for Thoracentesis

Surgical training improves patient care, helps to reduce surgical risks, increases surgeon’s confidence, and thus enhances overall patient safety. Current surgical training systems are more focused on developing technical skills, e.g. dexterity, of the surgeons while lacking the aspects of context-awareness and intra-operative real-time guidance. Context-aware intelligent training systems interpret the current surgical situation and help surgeons to train on surgical tasks. As a prototypical scenario, we chose Thoracentesis procedure in this work. We designed the context-aware software framework using the surgical process model encompassing ontology and production rules, based on the procedure descriptions obtained through textbooks and interviews, and ontology-based and marker-based object recognition, where the system tracked and recognised surgical instruments and materials in surgeon’s hands and recognised surgical instruments on the surgical stand. The ontology was validated using annotated surgical videos, where the system identified “Anaesthesia” and “Aspiration” phase with 100% relative frequency and “Penetration” phase with 65% relative frequency. The system tracked surgical swab and 50 mL syringe with approximately 88.23% and 100% accuracy in surgeon’s hands and recognised surgical instruments with approximately 90% accuracy on the surgical stand. Surgical workflow training with the proposed system showed equivalent results as the traditional mentor-based training regime, thus this work is a step forward a new tool for context awareness and decision-making during surgical training

Integrating building and urban semantics to empower smart water solutions

Current urban water research involves intelligent sensing, systems integration, proactive users and data-driven management through advanced analytics. The convergence of building information modeling with the smart water field provides an opportunity to transcend existing operational barriers. Such research would pave the way for demand-side management, active consumers, and demand-optimized networks, through interoperability and a system of systems approach. This paper presents a semantic knowledge management service and domain ontology which support a novel cloud-edge solution, by unifying domestic socio-technical water systems with clean and waste networks at an urban scale, to deliver value-added services for consumers and network operators. The web service integrates state of the art sensing, data analytics and middleware components. We propose an ontology for the domain which describes smart homes, smart metering, telemetry, and geographic information systems, alongside social concepts. This integrates previously isolated systems as well as supply and demand-side interventions, to improve system performance. A use case of demand-optimized management is introduced, and smart home application interoperability is demonstrated, before the performance of the semantic web service is presented and compared to alternatives. Our findings suggest that semantic web technologies and IoT can merge to bring together large data models with dynamic data streams, to support powerful applications in the operational phase of built environment systems

Security of systems: modeling and analysis methodology

Die Security-Bewertung eines Systems erfordert eine Systembeschreibung. Die Beschreibung bestimmt die Qualität der Analyse und die Qualität der entsprechenden Security-Lösung. In der Arbeit wird eine Methodik zur Bewertung der Security von Systemen entwickelt. Es wird mit einem einfachen Modell begonnen und dieses iterativ verfeinert. Das resultierende Modell repräsentiert eine möglichst vollständige Sicht auf das zu evaluierende System, wobei die einzelnen Schritte überschaubar bleiben. In der Praxis variiert der Grad der verfügbaren Informationen. Der Ansatz kann mit fehlenden Informationen über Teile des Systems umgehen. Das Modell beinhaltet schließlich Teilsysteme auf verschiedenen Abstraktionsebenen. Nach jedem atomaren Schritt der Modellierung kann eine Analyse durchgeführt werden, um die Security des modellierten Systems zu bewerten. Die Analyse ermittelt die Pfade, die ein Angreifer durch das System nehmen könnte. Da sich bei einem komplexen System eine große Anzahl an Pfaden ergibt, können diese für eine detailliertere Betrachtung priorisiert werden. Die Methodik kann in allen Phasen des Systemlebenszyklus eingesetzt werden. Sie ist erweiterbar gehalten, um zusätzliche Informationen und Konzepte einbeziehen zu können.The evaluation of security of a system requires a system description. The description determines the quality of the analysis and the quality of the corresponding security solution. The thesis introduces a methodology for evaluating the security of systems. By starting with a simple model and iteratively refining it, the resulting model represents an as complete as needed view on the system under evaluation by keeping the single steps manageable. In real world scenarios, it is a common case that the degree of information available varies. The approach can deal with missing information on parts of the system. Finally, it leads to a model of different levels of abstraction for each subsystem. After each atomic step of modeling, an analysis can be executed to evaluate the security of the modeled system. The analysis determines the paths an attacker could take through the system. As there will be a large number of paths for a complex system, they can be sorted for prioritized in depth inspection. The methodology is intended to be used at all steps of system life cycle. Additionally, it is extendable to allow inclusion of further information and concepts

Attack-Surface Metrics, OSSTMM and Common Criteria Based Approach to “Composable Security” in Complex Systems

In recent studies on Complex Systems and Systems-of-Systems theory, a huge effort has been put to cope with behavioral problems, i.e. the possibility of controlling a desired overall or end-to-end behavior by acting on the individual elements that constitute the system itself. This problem is particularly important in the “SMART” environments, where the huge number of devices, their significant computational capabilities as well as their tight interconnection produce a complex architecture for which it is difficult to predict (and control) a desired behavior; furthermore, if the scenario is allowed to dynamically evolve through the modification of both topology and subsystems composition, then the control problem becomes a real challenge. In this perspective, the purpose of this paper is to cope with a specific class of control problems in complex systems, the “composability of security functionalities”, recently introduced by the European Funded research through the pSHIELD and nSHIELD projects (ARTEMIS-JU programme). In a nutshell, the objective of this research is to define a control framework that, given a target security level for a specific application scenario, is able to i) discover the system elements, ii) quantify the security level of each element as well as its contribution to the security of the overall system, and iii) compute the control action to be applied on such elements to reach the security target. The main innovations proposed by the authors are: i) the definition of a comprehensive methodology to quantify the security of a generic system independently from the technology and the environment and ii) the integration of the derived metrics into a closed-loop scheme that allows real-time control of the system. The solution described in this work moves from the proof-of-concepts performed in the early phase of the pSHIELD research and enrich es it through an innovative metric with a sound foundation, able to potentially cope with any kind of pplication scenarios (railways, automotive, manufacturing, ...)