Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Adapting to change: Time for climate resilience and a new adaptation strategy. EPC Issue Paper 5 March 2020

The dramatic effects of climate change are being felt across the European continent and the world. Considering how sluggish and unsuccessful the world has been in reducing greenhouse gas (GHG) emissions, the impacts will become long-lasting scars. Even implementing radical climate mitigation now would be insufficient in addressing the economic, societal and environmental implications of climate change, which are expected to only intensify in the years to come. This means climate mitigation must go hand in hand with the adaptation efforts recognised in the Paris Agreement. And although the damages of climate change are usually localised and adaptation measures often depend on local specificities, given the interconnections between ecosystems, people and economies in a globalised world there are strong reasons for European Union (EU) member states to join forces, pool risk and cooperate across borders. Sharing information, good practices, experiences and resources to strengthen resilience and enhance adaptive capacity makes sense economically, environmentally and socially. The European Commission’s 2013 Adaptation Strategy is the first attempt to set EU-wide adaptation and climate resilience and could be considered novel in that it tried to mainstream adaptation goals into relevant legislation, instruments and funds. It was not very proactive, however. It also lacked long-term perspective, failed to put the adaptation file high on the political agenda, was under resourced, and suffered from knowledge gaps and silo thinking. The Commission’s European Green Deal proposal, which has been presented as a major step forward to the goal of Europe becoming the world’s first climate-neutral continent, suggests that the Commission will adopt a new EU strategy on adaptation to climate within the first two years of its mandate (2020-2021). In light of the risks climate change poses to ecosystems, societies and the economy (through inter alia the vulnerability of the supply chain to climate change and its potential failure to provide services to consumers), adaptation should take a prominent role alongside mitigation in the EU’s political climate agenda. Respecting the division of treaty competences, there are important areas where EU-wide action and support could foster the continent’s resilience to climate change. The European Policy Centre (EPC) project “Building a climate-resilient Europe”, which has culminated in this Issue Paper, has identified the following: (i) the ability to convert science-based knowledge into preventive action and responsible behaviour, thus filling the information gap; (ii) the need to close the protection gap through better risk management and risk sharing; (iii) the necessity to adopt nature-based infrastructural solutions widely and tackle the grey infrastructure bias; and (iv) the need to address the funding and investment gap. This Issue Paper aims to help inform the upcoming EU Adaptation Strategy and, by extension, strengthen the EU’s resilience to climate change. To that end, the authors make a call for the EU to mainstream adaptation and shift its focus from reacting to disasters to a more proactive approach that prioritises prevention, risk reduction and resilience building. In doing so, the EU must ensure fairness and distributive justice while striving for climate change mitigation and protecting the environment and biodiversity. To succeed, the new EU Adaptation Strategy will need to address specific challenges related to the information, protection, funding and investment gaps; and the grey infrastructure bias. To tackle and address those challenges, this Paper proposes 17 solutions outlined in Table 1 (see page 6)

Anger: the unrecognized emotion in emotional disorders

Anger plays a prominent definitional role in some psychological disorders currently widely scattered across DSM‐5 categories (e.g., intermittent explosive disorder, borderline personality disorder). But the presence and consequences of anger in the emotional disorders (e.g., anxiety disorders, depressive disorders) remain sparsely examined. In this review, we examine the presence of anger in the emotional disorders and find that anger is elevated across these disorders and, when it is present, is associated with negative consequences, including greater symptom severity and worse treatment response. Based on this evidence, anger appears to be an important and understudied emotion in the development, maintenance, and treatment of emotional disorders.First author draf