6 research outputs found
Visitor Management System Design and Implementation during the Covid-19 Pandemic
In todays computer technology environment, the effect of IT plays a significant part in all real-time systems. Various management systems are in place to help the company organization achieve profit, standards, and future commercial growth. The VMS is important for monitoring how many visitors are there, what the objective of the facility visit will be, and who will be put in the block listed record due to rule violation. This technology also protects the buildings overall security. The goal of this system is to synchronize the organizations business and visitors in order to achieve a wonderful connection among organizations globally. The background was compiled from many papers that discussed similar subjects and were connected to the system. In addition, the limitations and analyses of the present system have been addressed in order to demonstrate the organizations demands for a new system. In part three, we will go through the project planning, covering the feasibility study, Gantt chart, and software methodology in specific stages. Stepping on functional and non- functional requirements of the system, it is covered in the same chapter, as well as the system steps in the implementation part of section four, and finally with clear and direct conclusion and recommendations in section five with future work of the visitor management system, which will be added after the system is implanted in the organization and other related organizations
Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems
Attack-Defence Trees (ADTs) are well-suited to assess possible attacks to
systems and the efficiency of counter-measures. In this paper, we first enrich
the available constructs with reactive patterns that cover further security
scenarios, and equip all constructs with attributes such as time and cost to
allow quantitative analyses. Then, ADTs are modelled as (an extension of)
Asynchronous Multi-Agents Systems--EAMAS. The ADT-EAMAS transformation is
performed in a systematic manner that ensures correctness. The transformation
allows us to quantify the impact of different agents configurations on metrics
such as attack time. Using EAMAS also permits parametric verification: we
derive constraints for property satisfaction. Our approach is exercised on
several case studies using the Uppaal and IMITATOR tools.Comment: This work was partially funded by the NWO project SEQUOIA (grant
15474), EU project SUCCESS (102112) and the PHC van Gogh PAMPAS. The work of
Arias and Petrucci has been supported by the BQR project AMoJA
Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis
Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain
Cost-damage analysis of attack trees
Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front
Parametric Analyses of Attack-fault Trees
This manuscript is the author version of the manuscript of the same name published in Fundamenta Informatica 182(1).This manuscript is an extended version of the manuscript of the same name published in the proceedings of the 19th International Conference on Application of Concurrency to System Design (ACSD 2019).International audienceRisk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e., absence of unintentional failures) and security (i.e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to consider these problems is attack trees, a treebased formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parameterize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Moreover, we add the possibility to define countermeasures. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient countermeasure
Parametric analyses of attack-fault trees
This is the extended version of the manuscript of the same name published in ACSD 2019.International audienceRisk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure