36 research outputs found
Recommended from our members
A Clean-Slate Design for the Next-Generation Secure Internet
This is the report on a workshop held at CMU on July 12-14, 2005. The workshop is part of the planning process initiated by NSF to explore potential architectures for a next generation secure network designed to meet the needs of the 21st century. In considering future architectures, we ignore issues of backward compatibility with the current Internet but seek to benefit from the experience gained by analyzing both the strengths and weaknesses of the current design. Specifically, this workshop looks at the fundamental interplay between security and underlying network architecture and seeks to chart a preliminary course for future work in this crucial research area. This workshop focused on initiating a productive dialog between experts from the network security and network architecture communities. The agenda was arranged to stimulate initial consideration of the security goals for a new Internet, the design space of possible solutions, how research in security and network architecture could be integrated so that security is included as a first-tier objective in future architectures, and to explore methods for identifying and considering the social consequences of these architecture and security design choices
ACUTA Journal of Telecommunications in Higher Education
In This Issue
System Security policy: What lt ts and Why Every Campus Needs One
Mlzzou lntegrates Firewall and VPN Technology for Added Security
College-Based programs Boost Computer Security
Privacy on Today\u27s Electronic Campus
Current Trends in lnformation Security at UW-Madison
Watching the Network
Cybercrime: Are you Ready?
Columns
Book Review
Bill D. Morris Awar
Security Management Framework for the Internet of Things
The increase in the design and development of wireless communication technologies
offers multiple opportunities for the management and control of cyber-physical systems
with connections between smart and autonomous devices, which provide the delivery
of simplified data through the use of cloud computing. Given this relationship with the
Internet of Things (IoT), it established the concept of pervasive computing that allows
any object to communicate with services, sensors, people, and objects without human
intervention. However, the rapid growth of connectivity with smart applications through
autonomous systems connected to the internet has allowed the exposure of numerous
vulnerabilities in IoT systems by malicious users.
This dissertation developed a novel ontology-based cybersecurity framework to
improve security in IoT systems using an ontological analysis to adapt appropriate
security services addressed to threats. The composition of this proposal explores
two approaches: (1) design time, which offers a dynamic method to build security
services through the application of a methodology directed to models considering
existing business processes; and (2) execution time, which involves monitoring the IoT
environment, classifying vulnerabilities and threats, and acting in the environment,
ensuring the correct adaptation of existing services.
The validation approach was used to demonstrate the feasibility of implementing the
proposed cybersecurity framework. It implies the evaluation of the ontology to offer
a qualitative evaluation based on the analysis of several criteria and also a proof of
concept implemented and tested using specific industrial scenarios. This dissertation
has been verified by adopting a methodology that follows the acceptance in the research
community through technical validation in the application of the concept in an industrial
setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece
múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões
entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados
simplificados através do uso da computação em nuvem. Diante dessa relação com
a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que
permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos
sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as
aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu
a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos.
Esta dissertação desenvolveu um novo framework de cibersegurança baseada em
ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica
para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A
composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece
um método dinâmico para construir serviços de segurança através da aplicação de uma
metodologia dirigida a modelos, considerando processos empresariais existentes; e (2)
tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de
vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos
serviços existentes.
Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da
implementação do framework de cibersegurança proposto. Isto implica na avaliação da
ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios
e também uma prova de conceito implementada e testada usando cenários específicos.
Esta dissertação foi validada adotando uma metodologia que segue a validação na
comunidade científica através da validação técnica na aplicação do nosso conceito em
um cenário industrial
Practical Encryption Gateways to Integrate Legacy Industrial Machinery
Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks.
The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic.
The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably.
As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work.
Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways
ACUTA Journal of Telecommunications in Higher Education
In This Issue
The Buzz on E-Biz
Eliminating the Paper Trail
SAM Comes to UMC
B2B and Directory Services: Opportunities and Challenges
Telecommunications and the Digital Campus
Managing E-Business at UCSB
Binghamton lnstalls a High- Speed Optical Fiber Network
Amherst Takes to the Air
Columns
Intervie
A framework for promoting interoperability in a global electronic market-space
The primary contributions to the area of electronic business integration, propounded by this thesis, are (in no particular order):
 A novel examination of global Business-to-Business (B2B) interoperability in terms of a "multiplicity paradox" and of a "global electronic market-space" from a Complex Systems Science perspective.
 A framework for an, integrated, global electronic market-space, which is based on a hierarchical, incremental, minimalist-business-pattern approach. A Web Services-SOA forms the basis of application-to-application integration within the framework. The framework is founded in a comprehensive study of existing technologies, standards and models for secure interoperability and the SOA paradigm. The Complex Systems Science concepts of "predictable structure" and "structural complexity" are used consistently throughout the progressive formulation of the framework.
 A model for a global message handler (including a standards-based message-format) which obviates the common problems implicit in standard SOAP-RPC. It is formulated around the "standardized, common, abstract application interface" critical success factor, deduced from examining existing models. The model can be used in any collaboration context.
 An open standards-based security model for the global message handler.
Conceptually, the framework comprises the following:
 An interoperable standardized message format: a standardized SOAP-envelope with standardized attachments (8-bit binary MIME-serialized XOP packages).
 An interoperable standardized message-delivery infrastructure encompassing an RPC-invoked message-handler - a Web service, operating in synchronous and/or asynchronous mode, which relays attachments to service endpoints.
 A business information processing infrastructure comprised of: a standardized generic minimalist-business-pattern (simple buying/selling), comprising global pre-specifications for business processes (for example, placing an order), standardized specific atomic business activities (e.g. completing an order-form), a standardized document-set (including, e.g. an order-form) based on standardized metadata (common nomenclature and common semantics used in XSD's, e.g. the order-form), the standardized corresponding choreography for atomic activities (e.g. acknowledgement of receipt of order-form) and service endpoints (based on standardized programming interfaces and virtual methods with customized implementations).Theoretical ComputingPHD (INFORMATION SYSTEMS
Recommended from our members
Perspective Access Networks
Perspective Access Networks provide an infrastructure from which users can specify the location from which they wish to view the Internet. The ability to specify location has become necessary as the Internet has become increasingly inconsistent. An increasing preponderance of middleboxes, location-dependent services, and large-scale content filtering have contributed to this situation. Our work offers the following contributions. First, we propose an infrastructure that routes traffic to a location from which a given resource can be viewed, taking instructions from user-specified attributes describing the desired location. Second, we analyze the tradeoff between the expressivity of user requests and the finite resources available within the network for propagating metadata about available perspectives. Third, we stipulate a set of real scenarios that fall within the limits of what can reasonably be handled by a system appropriately tuned to manage the tradeoff, and we argue that the specific algorithm we propose can handle the scenarios effectively.Engineering and Applied Science
Proceedings of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST2005)
The present report contains the pre-proceedings of the third international Workshop on Formal Aspects in Security and Trust (FAST2005), held in Newcastle upon Tyne, 18-19 July 2005. FAST is an event affliated with the Formal Methods 2005 Congress (FM05). The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the previous two FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space, as a future paradigm in the information society, demand for a coherent and rigorous framework of concepts, tools and methodologies to provide user\u27s trust&confidence on the underlying communication/interaction infrastructure. It is necessary to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users
Cyber Security and Critical Infrastructures 2nd Volume
The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems