2,264 research outputs found
Security Management Framework for the Internet of Things
The increase in the design and development of wireless communication technologies
offers multiple opportunities for the management and control of cyber-physical systems
with connections between smart and autonomous devices, which provide the delivery
of simplified data through the use of cloud computing. Given this relationship with the
Internet of Things (IoT), it established the concept of pervasive computing that allows
any object to communicate with services, sensors, people, and objects without human
intervention. However, the rapid growth of connectivity with smart applications through
autonomous systems connected to the internet has allowed the exposure of numerous
vulnerabilities in IoT systems by malicious users.
This dissertation developed a novel ontology-based cybersecurity framework to
improve security in IoT systems using an ontological analysis to adapt appropriate
security services addressed to threats. The composition of this proposal explores
two approaches: (1) design time, which offers a dynamic method to build security
services through the application of a methodology directed to models considering
existing business processes; and (2) execution time, which involves monitoring the IoT
environment, classifying vulnerabilities and threats, and acting in the environment,
ensuring the correct adaptation of existing services.
The validation approach was used to demonstrate the feasibility of implementing the
proposed cybersecurity framework. It implies the evaluation of the ontology to offer
a qualitative evaluation based on the analysis of several criteria and also a proof of
concept implemented and tested using specific industrial scenarios. This dissertation
has been verified by adopting a methodology that follows the acceptance in the research
community through technical validation in the application of the concept in an industrial
setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece
múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões
entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados
simplificados através do uso da computação em nuvem. Diante dessa relação com
a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que
permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos
sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as
aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu
a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos.
Esta dissertação desenvolveu um novo framework de cibersegurança baseada em
ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica
para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A
composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece
um método dinâmico para construir serviços de segurança através da aplicação de uma
metodologia dirigida a modelos, considerando processos empresariais existentes; e (2)
tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de
vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos
serviços existentes.
Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da
implementação do framework de cibersegurança proposto. Isto implica na avaliação da
ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios
e também uma prova de conceito implementada e testada usando cenários específicos.
Esta dissertação foi validada adotando uma metodologia que segue a validação na
comunidade científica através da validação técnica na aplicação do nosso conceito em
um cenário industrial
Advances in Information Security and Privacy
With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue
Threats on the horizon: Understanding security threats in the era of cyber-physical systems
Disruptive innovations of the last few decades, such as smart cities and Industry 4.0, were made possible by higher integration of physical and digital elements. In today's pervasive cyber-physical systems, connecting more devices introduces new vulnerabilities and security threats. With increasing cybersecurity incidents, cybersecurity professionals are becoming incapable of addressing what has become the greatest threat climate than ever before. This research investigates the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The findings were that the majority of known actors were from the US and Russia, most victims were from western states and geographic origin tended to reflect global affairs. The most commonly targeted asset was information, with the majority of attack modes relying on privilege abuse. The key feature observed was extensive internal security breaches, most often a result of human error. This tends to show that access in any form appears to be the source of vulnerability rather than incident specifics due to a fundamental trade-off between usability and security in the design of computer systems. This provides fundamental evidence of the need for a major reevaluation of the founding principles in cybersecurity
Intership Report on data merging at the bank of Portugal Internship Experience at the Bank of Portugal: A Comprehensive Dive into Full Stack Development - Leveraging Modern Technology to Innovate Financial Infrastructure and Enhance User Experience
Internship Report presented as the partial requirement for obtaining a Master's degree in Data Science and Advanced Analytics, specialization in Data ScienceThis report details my full-stack development internship experiences at the Bank of Portugal, with a
particular emphasis on the creation of a website intended to increase operational effectiveness in the
DAS Department. My main contributions met a clear need, which was the absence of a reliable
platform that could manage and combine data from many sources. I was actively involved in creating
functionality for the Django applications Integrator and BAII using Django, a high-level Python web
framework. Several problems were addressed by the distinctive features I planned and programmed,
including daily data extraction from several SQL databases, entity error detection, data merging, and
user-friendly interfaces for data manipulation. A feature that enables the attribution of litigation to
certain entities was also developed. The outcomes of the developed features have proven to be useful,
giving the Institutional Intervention Area, the Sanctioning Action Area, the Illicit Financial Activity
Investigation Area, and the Money Laundering Preventive Supervision Area for Capital and Financing
of Terrorism tools to carry out their duties more effectively. The full-stack development approaches'
advancement and use in the banking industry, notably in data management and web application
development, have been aided by this internship experience
- …