Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception

The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in networked supply chains, and emerging technologies. Moreover, engaging organizational leadership to assess for risk management is also difficult. This paper reports on a scenario-driven, workshop-based study undertaken with executive leadership to assess for cybersecurity and cyber-risk perception related to preparation for, and response to, potential incidents. The study involves leadership members at a large public–private organization. Our approach utilizes scenarios, which are structured in their design to explore and analyse aspects of business risk, risk ownership, technological complexity, and uncertainty faced by an organizational leadership. The method offers a means to engage with leadership at real-world organizations, capturing capacity and insights to manage business risks due to cyberattacks

Towards a threat assessment framework for apps collusion

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel SecurityTM

Drivers and barriers for secure hardware adoption across ecosystem stakeholders

The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips provide security functions such as authentication, secure execution and integrity validation on system start, and are increasingly deemed to have a role in devices across sectors, such as IoT devices, autonomous vehicle systems and critical infrastructure components. To understand the decisions and opinions regarding the adoption of secure hardware, we conducted 23 semi-structured interviews with senior decision-makers from companies spanning a range of sectors, sizes and supply-chain roles. Our results consider the business propositional drivers, barriers and economic factors that influence the adoption decisions. Understanding these would help those seeking to influence the adoption process, whether as a business decision, or as a trade or national strategy

Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis

Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain

A formal framework for security testing of automotive over-the-air update systems

Modern vehicles are comparable to desktop computers due to the increase in connectivity. This fact also extends to potential cyber-attacks. A solution for preventing and mitigating cyber attacks is Over-The-Air (OTA) updates. This solution has also been used for both desktops and mobile phones. The current de facto OTA security system for vehicles is Uptane, which is developed to solve the unique issues vehicles face. The Uptane system needs to have a secure method of updating; otherwise, attackers will exploit it. To this end, we have developed a comprehensive and model-based security testing approach by translating Uptane and our attack model into formal models in Communicating Sequential Processes (CSP). These are combined and verified to generate an exhaustive list of test cases to see to which attacks Uptane may be susceptible. Security testing is then conducted based on these generated test cases, on a test-bed running an implementation of Uptane. The security testing result enables us to validate the security design of Uptane and some vulnerabilities to which it is subject

TOMSAC - Methodology for trade-off management between automotive safety and cyber security

Safety and security interdependencies have been of interest for researchers for several decades. However, in practice, they are not given the necessary consideration yet due to various reasons, such as lack of understanding and reluctance to change current practices. This research is aimed at advancing the state of the art in this area by developing a practical, easy to adapt and to use methodology for managing interdependencies and trade-offs throughout the development lifetime of cyber physical systems. The methodology is named TOMSAC, short for Trade-Off Management between Safety And Cyber security

FORMULATION AND CHARACTERIZATION OF FLOATING BEADS OF ANTIBIOTIC BY EMULSION GELATION TECHNIQUE

Objective: The study aims at formulation and characterization of floating hydrogel beads of cefdinir for improving its bioavailability. Methods: Cefdinir is broad-spectrum, oral, third-generation cephalosporin antimicrobial agent active against Gram-positive and Gram-negative bacteria. The floating hydrogel beads of cefdinir were formulated with polymers such as sodium alginate and sodium carboxymethyl cellulose by emulsion gelation technique using olive oil/castor oil. The beads were evaluated for surface morphology, bead size, entrapment efficiency, floating characteristics, in vitro swelling, in vitro drug release, and stability studies. Results: On the basis of evaluation, all the beads show good swelling up to 12 h in 0.1 N hydrochloric acid. The swelling was followed by values in order of vegetable oil > mineral oil in case of emulsion gelation method. Scanning electron microscopy study shows that beads were spherical in shape. Comparing all the formulations, formulation FB12 was considered as optimized formulation which shows % yield 94.06±0.11, % floating 87.28±0.90, in vitro drug release 94.68, and also stable in stability studies. Conclusion: From the findings, it may be concluded that cefdinir-loaded floating beads were successfully prepared and proved to be useful for the better bioavailability and patient compliance for enhanced antimicrobial activity