Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

Scope Management of Non-Functional Requirements

In order to meet commitments in software projects, a realistic assessment must be made of project scope. Such an assessment relies on the availability of knowledge on the user-defined project requirements and their effort estimates and priorities, as well as their risk. This knowledge enables analysts, managers and software engineers to identify the most significant requirements from the list of requirements initially defined by the user. In practice, this scope assessment is applied to the Functional Requirements (FRs) provided by users who are unaware of, or ignore, the Non-Functional Requirements (NFRs). This paper presents ongoing research which aims at managing NFRs during the software development process. Establishing the relative priority of each NFR, and obtaining a rough estimate of the effort and risk associated with it, is integral to the software development process and to resource management. Our work extends the taxonomy of the NFR framework by integrating the concept of the "hardgoal". A functional size measure of NFRs is applied to facilitate the effort estimation process. The functional size measurement method we have chosen is COSMICFFP, which is theoretically sound and the de facto standard in the software industry

Teaching, learning and technology: An e-route to deep learning?

This is the author's pdf version of an article published in Research into Education.This paper details a research project that considered the extent to which e-learning is congruent with the notion of inculcating and maintaining deep approaches to learning within HE. Also, to explore what actions may be taken to engender and or maintain a deep approach when using e-learning as the central androgogy as knowing what (is possible) and how (it may be achieved) provides a fuller picture. Whilst this paper is designed to help inform practice and professional judgement it is not purporting to provide absolute answers. Whilst I have attempted to provide an honest account of my findings, truth and reality are social constructions (Pring 2000). The research was based upon methodical triangulation and involved thirty-eight undergraduate students who are undertaking study through e-learning and five academic members of staff who utilise e-learning in their programmes. As such, the project was small scale and how much may be inferred as applicable to other groups and other contexts may be contested, as those sampled for this research have their own unique paradigms and perceptions. Finally, it is always worth remembering that effective teaching and learning is contextual (Pring 2000). The research revealed that deep approaches to learning are situational (Biggs 2003) and e-learning can authentically lead to a student adopting and maintaining a deep approach. There are several factors that increase the likelihood of a student adopting this desired approach. These include; where students perceive the programme to be of high quality (Parker 2004), they have feelings of competence and confidence in their ability to study and interact with the technology and others. In addition, students require appropriate, reliable access to technology, associated systems and individualised planned support (Salmon 2004). Further to this deep approaches are more likely to be adopted where programmes are built on a constructivist androgogy, constructive alignment is achieved, interaction at several levels and a steady or systematic style of learning are encouraged (Hwang and Wang 2004). Critically study programmes should have authentic assessment in which deep approaches are intrinsic to their completion. To effectively support students in achieving a deep approach to learning, when employing e-learning, staff require knowledge and skill in three areas: teaching and learning, technology, and subject content (Good 2001). They also require support from leaders at cultural, strategic and structural levels (Elloumi 2004)

Idea-caution before exploitation:the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities

The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST