System Security Assurance: A Systematic Literature Review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions

Multi-cell MIMO Transceiver Design for Mission-Critical Communication

International audienceBusiness and Mission critical communication (MCC) is a major communication paradigm that is used by public agencies, e.g., during emergency situations, or critical infrastructure companies, e.g., airports, transportation, etc. MCC has very stringent requirements in terms of reliability, coverage and should offer group communications. Coordinated Multimedia Multicast/Broadcast single frequency network (MBSFN) is considered as a potential technology for MCC as it benefits from increased coverage and inter-cell interference mitigation. In this paper, we propose multi-input-multi-output (MIMO) multimedia MBSFN system design wherein each base station (BS) of a coordinated cluster multicasts a common message to all the users in a group. We use a greedy algorithm to dynamically form the cluster of synchronized BSs for optimal utilization of resources within an MBSFN. We assume the availability of perfect channel state information (CSI) knowledge and jointly obtain the optimal precoder and receive filters by minimizing the overall sum-mean-square-error (sum-MSE) constrained over the total transmit power. We further extend the proposed design to a robust case by considering the imperfections in available channel knowledge and obtain the transceiver matrices that are resilient to channel errors. We also present both the joint and robust system design for Single-Cell point-to-multipoint (SC-PTM) which is an alternative solution to MBSFN in MCC. Numerical results show the effectiveness of the proposed network architecture for future mission critical communication. Furthermore, the comparison results show that the proposed robust design demonstrate better performance and is resilient to the presence of CSI errors

PriLok:Citizen-protecting distributed epidemic tracing

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with the help of smartphone applications, an important but highly critical endeavor due to the privacy risks involved in such solutions. Extending our previously expressed concern, we clearly articulate in this article, the functional and non-functional requirements that any solution has to meet, when striving to serve, not mere collections of individuals, but the whole of a nation, as required in face of such potentially dangerous epidemics. We present a critical information infrastructure, PriLock, a fully-open preliminary architecture proposal and design draft for privacy preserving contact tracing, which we believe can be constructed in a way to fulfill the former requirements. Our architecture leverages the existing regulated mobile communication infrastructure and builds upon the concept of "checks and balances", requiring a majority of independent players to agree to effect any operation on it, thus preventing abuse of the highly sensitive information that must be collected and processed for efficient contact tracing. This is enforced with a largely decentralised layout and highly resilient state-of-the-art technology, which we explain in the paper, finishing by giving a security, dependability and resilience analysis, showing how it meets the defined requirements, even while the infrastructure is under attack

PriLok: Citizen-protecting distributed epidemic tracing

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with the help of smartphone applications, an important but highly critical endeavor due to the privacy risks involved in such solutions. Extending our previously expressed concern, we clearly articulate in this article, the functional and non-functional requirements that any solution has to meet, when striving to serve, not mere collections of individuals, but the whole of a nation, as required in face of such potentially dangerous epidemics. We present a critical information infrastructure, PriLock, a fully-open preliminary architecture proposal and design draft for privacy preserving contact tracing, which we believe can be constructed in a way to fulfill the former requirements. Our architecture leverages the existing regulated mobile communication infrastructure and builds upon the concept of "checks and balances", requiring a majority of independent players to agree to effect any operation on it, thus preventing abuse of the highly sensitive information that must be collected and processed for efficient contact tracing. This is enforced with a largely decentralised layout and highly resilient state-of-the-art technology, which we explain in the paper, finishing by giving a security, dependability and resilience analysis, showing how it meets the defined requirements, even while the infrastructure is under attack

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

UAV-Empowered Disaster-Resilient Edge Architecture for Delay-Sensitive Communication

The fifth-generation (5G) communication systems will enable enhanced mobile broadband, ultra-reliable low latency, and massive connectivity services. The broadband and low-latency services are indispensable to public safety (PS) communication during natural or man-made disasters. Recently, the third generation partnership project long term evolution (3GPPLTE) has emerged as a promising candidate to enable broadband PS communications. In this article, first we present six major PS-LTE enabling services and the current status of PS-LTE in 3GPP releases. Then, we discuss the spectrum bands allocated for PS-LTE in major countries by international telecommunication union (ITU). Finally, we propose a disaster resilient three-layered architecture for PS-LTE (DR-PSLTE). This architecture consists of a software-defined network (SDN) layer to provide centralized control, an unmanned air vehicle (UAV) cloudlet layer to facilitate edge computing or to enable emergency communication link, and a radio access layer. The proposed architecture is flexible and combines the benefits of SDNs and edge computing to efficiently meet the delay requirements of various PS-LTE services. Numerical results verified that under the proposed DR-PSLTE architecture, delay is reduced by 20% as compared with the conventional centralized computing architecture.Comment: 9,

Error resilient video transcoding for robust inter-network communications using GPRS

A novel fully comprehensive mobile video communications system is proposed in this paper. This system exploits the useful rate management features of the video transcoders and combines them with error resilience for transmissions of coded video streams over general packet radio service (GPRS) mobileaccess networks. The error-resilient video transcoding operation takes place at a centralized point, referred to as a video proxy, which provides the necessary output transmission rates with the required amount of robustness. With the use of this proposed algorithm, error resilience can be added to an already compressed video stream at an intermediate stage at the edge of two or more different networks through two resilience schemes, namely the adaptive intra refresh (AIR) and feedback control signaling (FCS) methods. Both resilience tools impose an output rate increase which can also be prevented with the proposed novel technique in this paper. Thus, an error-resilient video transcoding scheme is presented to give robust video outputs at near target transmission rates that only require the same number of GPRS timeslots as the nonresilient schemes. Moreover, an ultimate robustness is also accomplished with the combination of the two resilience algorithms at the video proxy. Extensive computer simulations demonstrate the effectiveness of the proposed system

RECODIS : Resilient communication services protecting end-user applications from disaster-based failures

P