1,736,127 research outputs found
Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems
There is a growing threat to the cyber-security of safety-critical systems.
The introduction of Commercial Off The Shelf (COTS) software, including
Linux, specialist VOIP applications and Satellite Based Augmentation Systems
across the aviation, maritime, rail and power-generation infrastructures has created
common, vulnerabilities. In consequence, more people now possess the technical
skills required to identify and exploit vulnerabilities in safety-critical systems.
Arguably for the first time there is the potential for cross-modal attacks
leading to future ‘cyber storms’. This situation is compounded by the failure of
public-private partnerships to establish the cyber-security of safety critical applications.
The fiscal crisis has prevented governments from attracting and retaining
competent regulators at the intersection of safety and cyber-security. In particular,
we argue that superficial similarities between safety and security have led
to security policies that cannot be implemented in safety-critical systems. Existing
office-based security standards, such as the ISO27k series, cannot easily be integrated
with standards such as IEC61508 or ISO26262. Hybrid standards such as
IEC 62443 lack credible validation. There is an urgent need to move beyond
high-level policies and address the more detailed engineering challenges that
threaten the cyber-security of safety-critical systems. In particular, we consider
the ways in which cyber-security concerns undermine traditional forms of safety
engineering, for example by invalidating conventional forms of risk assessment.
We also summarise the ways in which safety concerns frustrate the deployment of
conventional mechanisms for cyber-security, including intrusion detection systems
Patterns of information security postures for socio-technical systems and systems-of-systems
This paper describes a proposal to develop patterns
of security postures for computer based socio-technical systems and systems-of-systems. Such systems typically span many organisational boundaries, integrating multiple computer systems, infrastructures and organisational processes. The paper describes the motivation for the proposed work, and our approach to the development, specification, integration and validation of security patterns for socio-technical and system-of-system scale systems
Stochastic Tools for Network Intrusion Detection
With the rapid development of Internet and the sharp increase of network
crime, network security has become very important and received a lot of
attention. We model security issues as stochastic systems. This allows us to
find weaknesses in existing security systems and propose new solutions.
Exploring the vulnerabilities of existing security tools can prevent
cyber-attacks from taking advantages of the system weaknesses. We propose a
hybrid network security scheme including intrusion detection systems (IDSs) and
honeypots scattered throughout the network. This combines the advantages of two
security technologies. A honeypot is an activity-based network security system,
which could be the logical supplement of the passive detection policies used by
IDSs. This integration forces us to balance security performance versus cost by
scheduling device activities for the proposed system. By formulating the
scheduling problem as a decentralized partially observable Markov decision
process (DEC-POMDP), decisions are made in a distributed manner at each device
without requiring centralized control. The partially observable Markov decision
process (POMDP) is a useful choice for controlling stochastic systems. As a
combination of two Markov models, POMDPs combine the strength of hidden Markov
Model (HMM) (capturing dynamics that depend on unobserved states) and that of
Markov decision process (MDP) (taking the decision aspect into account).
Decision making under uncertainty is used in many parts of business and
science.We use here for security tools.We adopt a high-quality approximation
solution for finite-space POMDPs with the average cost criterion, and their
extension to DEC-POMDPs. We show how this tool could be used to design a
network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and
Security (2017
Quantum key distribution with an efficient countermeasure against correlated intensity fluctuations in optical pulses
Quantum key distribution (QKD) allows two distant parties to share secret
keys with the proven security even in the presence of an eavesdropper with
unbounded computational power. Recently, GHz-clock decoy QKD systems have been
realized by employing ultrafast optical communication devices. However,
security loopholes of high-speed systems have not been fully explored yet. Here
we point out a security loophole at the transmitter of the GHz-clock QKD, which
is a common problem in high-speed QKD systems using practical band-width
limited devices. We experimentally observe the inter-pulse intensity
correlation and modulation-pattern dependent intensity deviation in a practical
high-speed QKD system. Such correlation violates the assumption of most
security theories. We also provide its countermeasure which does not require
significant changes of hardware and can generate keys secure over 100 km fiber
transmission. Our countermeasure is simple, effective and applicable to wide
range of high-speed QKD systems, and thus paves the way to realize ultrafast
and security-certified commercial QKD systems
- …