Securing critical utility systems & network infrastructures

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009As infra-estruturas críticas de TI para serviços públicos são apoiadas por inúmeros sistemas complexos. Estes sistemas permitem a gestão e recolha de informação em tempo-real, constituindo a base para a gestão eficiente das operações. A utilização, cada vez mais frequente, de software e hardware (Commercial Off-The-Shelf, COTS) em sistemas SCADA permitiu grandes beneficios financeiros na aquisição e desenvolvimento de soluções técnicas que suportam os serviços públicos. O uso de hardware e software COTS em sistemas SCADA transferiu para as infra-estruturas críticas os problemas de segurança de uma infraestrutura de TI empresarial. Neste contexto, um desafio para as equipas de gestão operacional dos sistemas de TI é a gestão eficaz dos sistemas e redes que compõem as infra-estruturas críticas dos serviços públicos. Apesar de estas organizações adoptarem, cada vez mais, normas e melhores práticas que visam melhorar a gestão, operações e processos de configuração. Este projecto de investigação propõe-se a desenvolver um estudo comparativo de plataformas de gestão integrada no contexto dos sistemas SCADA que suportam serviços públicos. Adicionalmente, este projecto de investigação irá desenvolver estudos acerca de perfis operacionais dos Sistemas Operativos que suportam a infra-estrutura IT dos serviços públicos críticos. Este projecto de investigação irá descrever como as decisões estratégicas de gestão têm impacto nas operações de gestão de uma infra-estrutura TI.Modern critical utility IT infrastructures are supported by numerous complex systems. These systems allow real-time management and information collection, which is the basis of efficient service management operations. The usage of commercial off-the-shelf (COTS) hardware and software in SCADA systems allowed for major financial advantages in purchasing and developing technical solutions. On the other hand, this COTS hardware and software generalized usage in SCADA systems, exposed critical infrastructures to the security problems of a corporate IT infrastructure. A significant challenge for IT teams is managing critical utility IT infrastructures even upon adopting security best practices that help management, operations and configuration of the systems and network components that comprise those infrastructures. This research project proposes to survey integrated management software that can address the specific security constraints of a SCADA infrastructure supported by COTS software. Additionally, this research project proposes to investigate techniques that will allow the creation of operational profiles of Operating Systems supporting critical utility IT infrastructures. This research project will describe how the strategic management decisions impact tactical operations management of an IT environment. We will investigate desirable technical management elements in support of the operational management

State of the art for the systematic construction and analysis of i* models for assessing COTS-based systems development

This document presents the state of the art related with the systematic construction and analysis of i* models for assessing COTS-based systems development. The fist section presents an overview of the Component-Based Systems (CBS) development processes. As components are part of the architecture of the system, the second section introduces the evaluation of software architectures. The i* framework has been proved useful on the representation and evaluation of software architectures, including those containing COTS, the third section presents the i* framework and some other requirements engineering techniques. As the i* framework is agent-oriented, and so, the fourth section presents an overview of agent-oriented paradigm. Finally, as CBS development is an activity that seldom takes place from the scratch, we can tackle it as a process reengineering activity, because of that, section 5 outline the main issues in business process reengineering.Postprint (published version

Tradespace and Affordability – Phase 1

One of the key elements of the SERC’s research strategy is transforming the practice of systems engineering – “SE Transformation.” The Grand Challenge goal for SE Transformation is to transform the DoD community’s current systems engineering and management methods, processes, and tools (MPTs) and practices away from sequential, single stovepipe system, hardware-first, outside-in, document-driven, point-solution, acquisition-oriented approaches; and toward concurrent, portfolio and enterprise-oriented, hardware-software-human engineered, balanced outside-in and inside-out, model-driven, set-based, full life cycle approaches.This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08- D-0171 (Task Order 0031, RT 046).This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08- D-0171 (Task Order 0031, RT 046)

COSPO/CENDI Industry Day Conference

The conference's objective was to provide a forum where government information managers and industry information technology experts could have an open exchange and discuss their respective needs and compare them to the available, or soon to be available, solutions. Technical summaries and points of contact are provided for the following sessions: secure products, protocols, and encryption; information providers; electronic document management and publishing; information indexing, discovery, and retrieval (IIDR); automated language translators; IIDR - natural language capabilities; IIDR - advanced technologies; IIDR - distributed heterogeneous and large database support; and communications - speed, bandwidth, and wireless

Attribute based component design: Supporting model driven development in CbSE

In analysing the evolution of Software Engineering, the scale of the components has increased, the requirements for different domains become complex and a variety of different component frameworks and their associated models have emerged. Many modern component frameworks provide enterprise level facilities and services, such as instance management, and component container support, that allow developers to apply if needed to manage scale and complexity. Although the services provided by these frameworks are common, they have different models and implementation. Accordingly, the main problem is, when developing a component based application using a component framework, the design of the components becomes tightly integrated with the framework implementation and the framework model is embedded in the component functionality, and hence reduces reusability. Another problem arose is, the designers must have in-depth knowledge of the implementation of a component framework to be able to model, design and implement the components and take advantages of the services provided. To address these problems, this research proposes the Attribute based Component Design (AbCD) approach which allows developers to model software using logical and abstract components at the specification level. The components encapsulate the provided functionality, as well as the required services, runtime requirements and interaction models using a set of attributes. These attributes are systemically derived by grouping common features and services from light weight component frameworks and heavy weight component frameworks that are available in the literature. The AbCD approach consists of the AbCD Meta-model, which is an extension of the บML meta-model, and the Component Design Guidelines (CDG) that includes core Component based Software Engineering principles to assist the modelling process for designers. To support the AbCD approach, an implementation has been developed as a set of plug-ins, called the AbCD tool suite, for Eclipse IDE. An evaluation of the AbCD approach is conducted by using the tool suite with two case studies. The first case study focuses on abstraction achieved by the AbCD approach and the second focuses on reusability of the components. The evaluation shows that the artefacts produced using the approach provide an alternative architectural view to the design and help to re-factor the design based on aspects. At the same time the evaluation process identified possible improvements in the AbCD meta-model and the tool suite constructed. This research provides a non-invasive approach for designing component based software using model driven development

Managing Information System Integration Technologies--A Study of Text Mined Industry White Papers

Industry white papers are increasingly being used to explain the philosophy and operation of a product in marketplace or technology context. This explanation is used by senior managers for strategic planning in an organization. This research explores the effectiveness of white papers and strategies for managers to learn about technologies using white papers. The research is conducted by collecting industry white papers in the area of Information System Integration and gleaned relevant information through text-mining tool, Vantage Point. The text mined information is analyzed to provide solutions for practical problems in systems integration market. The indirect findings of the research are New System Integration Business Models, Methods for Calculating ROI of System Integration Project, and Managing Implementation Failures

Rethinking the Business Model with RFID

Radio Frequency Identification (RFID) is an enabling technology that can provide organizations with unprecedented improved visibility and traceability of items throughout their journey in the value chain. This paper explores how RFID can impact traditional business models or create new ones. In particular, we propose an RFID business model framework and use it to show how value can be created for organizations, suppliers, customers, and business partners. We also identify the major dynamic phases of RFID and their corresponding impact on RFID business models. A taxonomy of 12 specific RFID business models is also presented, reflecting the wide spectrum of potential directions and applications of the technology. Finally, we present a case study to test the practical and theoretical relevance of our conceptual models. The paper outlines the need for technology managers to take a holistic approach to RFID business model innovation, taking into account the interrelated technical, strategic, organizational, and external environmental factors

Automated Injection of Curated Knowledge Into Real-Time Clinical Systems: CDS Architecture for the 21st Century

abstract: Clinical Decision Support (CDS) is primarily associated with alerts, reminders, order entry, rule-based invocation, diagnostic aids, and on-demand information retrieval. While valuable, these foci have been in production use for decades, and do not provide a broader, interoperable means of plugging structured clinical knowledge into live electronic health record (EHR) ecosystems for purposes of orchestrating the user experiences of patients and clinicians. To date, the gap between knowledge representation and user-facing EHR integration has been considered an “implementation concern” requiring unscalable manual human efforts and governance coordination. Drafting a questionnaire engineered to meet the specifications of the HL7 CDS Knowledge Artifact specification, for example, carries no reasonable expectation that it may be imported and deployed into a live system without significant burdens. Dramatic reduction of the time and effort gap in the research and application cycle could be revolutionary. Doing so, however, requires both a floor-to-ceiling precoordination of functional boundaries in the knowledge management lifecycle, as well as formalization of the human processes by which this occurs. This research introduces ARTAKA: Architecture for Real-Time Application of Knowledge Artifacts, as a concrete floor-to-ceiling technological blueprint for both provider heath IT (HIT) and vendor organizations to incrementally introduce value into existing systems dynamically. This is made possible by service-ization of curated knowledge artifacts, then injected into a highly scalable backend infrastructure by automated orchestration through public marketplaces. Supplementary examples of client app integration are also provided. Compilation of knowledge into platform-specific form has been left flexible, in so far as implementations comply with ARTAKA’s Context Event Service (CES) communication and Health Services Platform (HSP) Marketplace service packaging standards. Towards the goal of interoperable human processes, ARTAKA’s treatment of knowledge artifacts as a specialized form of software allows knowledge engineers to operate as a type of software engineering practice. Thus, nearly a century of software development processes, tools, policies, and lessons offer immediate benefit: in some cases, with remarkable parity. Analyses of experimentation is provided with guidelines in how choice aspects of software development life cycles (SDLCs) apply to knowledge artifact development in an ARTAKA environment. Portions of this culminating document have been further initiated with Standards Developing Organizations (SDOs) intended to ultimately produce normative standards, as have active relationships with other bodies.Dissertation/ThesisDoctoral Dissertation Biomedical Informatics 201