Generating Test Cases for Marine Safety and Security Scenarios: A Composition Framework

In this paper we address the problem of testing complex computer models forinfrastructure protection and emergency response based on detailed and realisticapplication scenarios using advanced computational methods and tools. Specifically,we focus here on testing situation analysis decision support models for marine safety& security operations as a sample application domain. Arguably, methodicalapproaches for analyzing and validating situation analysis methods, decision supportmodels, and information fusion algorithms require realistic vignettes that describe ingreat detail how a situation unfolds over time depending on initial configurations,dynamic environmental conditions and uncertain operational aspects. Meaningfulresults from simulation runs require appropriate test cases, the production of whichis in itself a complex activity. To simplify this task, we introduce here the conceptualdesign of a Vignette Generator that has been developed and tested in an industrialresearch project. We also propose a framework for composing vignettes fromreusable vignette elements together with a formal representation for vignettes usingthe Abstract State Machine method and illustrate the approach by means of variouspractical examples

The future of trans-Atlantic collaboration in modelling and simulation of Cyber-Physical Systems - A strategic research agenda for collaboration

Smart systems, in which sophisticated software/hardware is embedded in physical systems, are part of everyday life. From simple products with embedded decision-making software, to massive systems in which hundreds of systems, each with hundreds or thousands of embedded processors, interoperate the use of Cyber-Physical Systems (CPS) will continue to expand. There has been substantial investment in CPS research in Europe and the United States. Through a series of workshops and other events, the TAMS4CPS project has established that there is mutual benefit in the European Union and US collaborating on CPS research. An agenda for collaborative research into modelling and simulation for CPS is thus set forth in the publication at hand. The agenda includes models for many different purposes, including fundamental concepts, design models (e.g. architectures), predictive techniques, real-time control, human-CPS interaction, and CPS governance. Within this framework, seven important themes have been identified where mutual benefits can be realised by EU-US cooperation. To actively advance research and innovation in these fields, a number of collaboration mechanisms is presented and concrete actions to encourage, enhance and implement trans-Atlantic collaboration in modelling and simulation of CPS are recommended

Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the separation of the network logic from the forwarding functions. The industry has already widely adopted SDN and researchers thoroughly analyzed its vulnerabilities, proposing solutions to improve its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE), by means of which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. To address the KYE attack, we also propose an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideratio

Trust Management and Security in Satellite Telecommand Processing

New standards and initiatives in satellite system architecture are moving the space industry to more open and efficient mission operations. Primarily, these standards allow multiple missions to share standard ground and space based resources to reduce mission development and sustainment costs. With the benefits of these new concepts comes added risk associated with threats to the security of our critical space assets in a contested space and cyberspace domain. As one method to mitigate threats to space missions, this research develops, implements, and tests the Consolidated Trust Management System (CTMS) for satellite flight software. The CTMS architecture was developed using design requirements and features of Trust Management Systems (TMS) presented in the field of distributed information systems. This research advances the state of the art with the CTMS by refining and consolidating existing TMS theory and applying it to satellite systems. The feasibility and performance of this new CTMS architecture is demonstrated with a realistic implementation in satellite flight software and testing in an emulated satellite system environment. The system is tested with known threat modeling techniques and a specific forgery attack abuse case of satellite telecommanding functions. The CTMS test results show the promise of this technique to enhance security in satellite flight software telecommand processing. With this work, a new class of satellite protection mechanisms is established, which addresses the complex security issues facing satellite operations today. This work also fills a critical shortfall in validated security mechanisms for implementation in both public and private sector satellite systems

Future Internet Routing Design for Massive Failures and Attacks

Given the high complexity and increasing traffic load of the Internet, geo-correlated challenges caused by large-scale disasters or malicious attacks pose a significant threat to dependable network communications. To understand its characteristics, we propose a critical-region identification mechanism and incorporate its result into a new graph resilience metric, compensated Total Geographical Graph Diversity. Our metric is capable of characterizing and differentiating resiliency levels for different physical topologies. We further analyze the mechanisms attackers could exploit to maximize the damage and demonstrate the effectiveness of a network restoration plan. Based on the geodiversity in topologies, we present the path geodiverse problem and two heuristics to solve it more efficiently compared to the optimal algorithm. We propose the flow geodiverse problem and two optimization formulations to study the tradeoff among cost, end-to-end delay, and path skew with multipath forwarding. We further integrate the solution to above models into our cross-layer resilient protocol stack, ResTP–GeoDivRP. Our protocol stack is prototyped and implemented in the network simulator ns-3 and emulated in our KanREN testbed. By providing multiple GeoPaths, our protocol stack provides better path restoration performance than Multipath TCP