Attack-Surface Metrics, OSSTMM and Common Criteria Based Approach to “Composable Security” in Complex Systems

In recent studies on Complex Systems and Systems-of-Systems theory, a huge effort has been put to cope with behavioral problems, i.e. the possibility of controlling a desired overall or end-to-end behavior by acting on the individual elements that constitute the system itself. This problem is particularly important in the “SMART” environments, where the huge number of devices, their significant computational capabilities as well as their tight interconnection produce a complex architecture for which it is difficult to predict (and control) a desired behavior; furthermore, if the scenario is allowed to dynamically evolve through the modification of both topology and subsystems composition, then the control problem becomes a real challenge. In this perspective, the purpose of this paper is to cope with a specific class of control problems in complex systems, the “composability of security functionalities”, recently introduced by the European Funded research through the pSHIELD and nSHIELD projects (ARTEMIS-JU programme). In a nutshell, the objective of this research is to define a control framework that, given a target security level for a specific application scenario, is able to i) discover the system elements, ii) quantify the security level of each element as well as its contribution to the security of the overall system, and iii) compute the control action to be applied on such elements to reach the security target. The main innovations proposed by the authors are: i) the definition of a comprehensive methodology to quantify the security of a generic system independently from the technology and the environment and ii) the integration of the derived metrics into a closed-loop scheme that allows real-time control of the system. The solution described in this work moves from the proof-of-concepts performed in the early phase of the pSHIELD research and enrich es it through an innovative metric with a sound foundation, able to potentially cope with any kind of pplication scenarios (railways, automotive, manufacturing, ...)

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

A security metric for assessing the security level of critical infrastructures

The deep integration between the cyber and physical domains in complex systems make very challenging the security evaluation process, as security itself is more of a concept (i.e. a subjective property) than a quantifiable characteristic. Traditional security assessing mostly relies on the personal skills of security experts, often based on best practices and personal experience. The present work is aimed at defining a security metric allowing evaluators to assess the security level of complex Cyber-Physical Systems (CPSs), as Critical Infrastructures, in a holistic, consistent and repeatable way. To achieve this result, the mathematical framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) is used as the backbone of the new security metric, since it allows to provide security indicators capturing, in a non-biased way, the security level of a system. Several concepts, as component Lifecycle, Vulnerability criticality and Damage Potential – Effort Ratio are embedded in the new security metric framework, developed in the scope of the H2020 project ATENA

Control architecture to provide E2E security in interconnected systems: the (new) SHIELD approach

Modern Systems are usually obtained as incremental composition of proper (smaller and SMART) subsystems interacting through communication interfaces. Such flexible architecture allows the pervasive provisioning of a wide class of services, ranging from multimedia contents delivery, through monitoring data collection, to command and control functionalities. All these services requires that the adequate level of robustness and security is assured at End-to- End (E2E) level, according to user requirements that may vary depending on the specific context or the involved technologies. A flexible methodology to dynamically control the security level of the service being offered is then needed. In this perspective, the authors propose an innovative control architecture able to assure E2E security potentially in any application, by dynamically adapting to the underlying systems and using its resources to “build the security”. In particular, the main novelties of this solution are: i) the possibility of dynamically discovering and composing the available functionalities offered by the environment to satisfy the security needs and ii) the possibility of modelling and measuring the security through innovative technology-independent metrics. The results presented in this paper moves from the solutions identified in the pSHIELD project and enrich them with the innovative advances achieved through the nSHIELD research, still ongoing. Both projects have been funded by ARTEMIS-JU

Interference mitigation in wideband radios using spectrum correlation and neural network

Technologies such as cognitive radio and dynamic spectrum access rely on spectrum sensing which provides wireless devices with information about the radio spectrum in the surrounding environment. One of the main challenges in wireless communications is the interference caused by malicious users on the shared spectrum. In this manuscript, an artificial intelligence enabled cognitive radio framework is proposed at system-level as part of a cyclic spectrum intelligence algorithm for interference mitigation in wideband radios. It exploits the cyclostationary feature of signals to differentiate users with different modulation schemes and an artificial neural network as classifier to detect potential malicious users. A dataset consisting of experimental modulated and dynamic signals is recorded by spectrum measurements with an in-house software defined radio testbed and then processed. Cyclostationary features are extracted for each detected signal and fed to a neural network classifier as training and testing data in a complex and dynamic scenario. Results highlight a classification rate of $3c1$ 1 in most of cases, even at low transmission power. A comparison with two previous works with hand-crafted features, which employ an energy detector-based classifier and a naive Bayes-based classifier, respectively, is discussed

Control Algorithms and Architectures for Resource Management in Multi-Layered Systems: Application to SatCom, Security and Manufacturing Domains

Last two decades have seen an exponential increase in the availability of innovative and cost effective technological solutions in a wide variety of fields, ranging from electronics to chemistry, from mechanics to computer science. These new potentialities have led to a growth in systems’ complexity, thus making their control and optimization a challenging task, eager for new methodologies, approaches, paradigms. With respect to this context, the doctorate research presented in this thesis aims at providing the scientific and industrial communities with enriched solutions to cope with a specific class of control applications, resource management, in a well-defined class of complex systems, the multi-layered ones. Multi-layered systems are commonly obtained by incremental design or hierarchical approaches: several layers, each one assigned to a specific task, are put together to jointly create an enriched, vertical or end-to-end, behaviour. In such conditions, resources are necessarily distributed between layers and information sharing is limited, thus resulting in an underutilization of system’s potentialities and poor performances: efficient resource management solutions are needed. Resource management is in fact the set of mechanism, procedures and algorithms that allow to control the allocation, distribution or utilization of systems’ capabilities (being them hardware or software functionalities, physical or logical resources): for this reason, they play a key role for the overall system’s performances; in recent years, control and optimization theories have proven to be the best candidates to address this class of problems. This doctorate work provides original results in the following selected multi-layered domains: - Satellite Communication, with the design of innovative cross-layer algorithms - Security, with the formalization of the “composable security” by means of control theory - Manufacturing, with the identification of a closed-loop “cognitive architecture” for the Factories of the Future. To achieve these results, original research has been performed in the areas of: i) modelling techniques; ii) control algorithms; iii) optimization algorithms. Some of these results have been jointly developed in the scope of European funded research, in particular in the MONET Project (Satellite Communication) and in the p/nSHIELD Projects (Security in Embedded Systems), where they have represented an original contribution with promising industrial exploitation perspectives

Congestion pricing for dynamic bandwidth allocation in satellite networks: A game-theoretic approach

The purpose of this work is to provide an enhanced adaptive approach to classic queue-based Bandwidth-on-Demand (BoD) procedures in broadband satellite networks. In queue-based schemes, the controller's objective is to drive the buffer queue length to an appropriate reference queue length, and the efficiency of the control strictly depends on the choice of its reference value. In latest approaches, solutions to adaptively modify the target reference queue length based on a set of network information have been proposed; nevertheless, in such approaches, the satellite terminals should base their control strategies on information which are not available to them, according to the communication standards of state-of-the-art technologies, such as DVB-RCS. The novelty of the presented algorithm is that it overcomes this limit by dynamically changing the reference queue length, based on information actually broadcast to the network terminals; the algorithm is at same time simple and effective, and is based on a game-theoretic approach which benefits of recent advances in congestion pricing theory. The effectiveness of the proposed approach is supported by Opnet (R) simulations as well as by considerations about the real implementability of the solution

Dynamic uplink frame optimization with ACM in DVB-RCS2 satellite networks

In current generation of satellite networks, modulation and coding schemes can be dynamically changed in real-time to face different link conditions. Therefore, the link budget is no more required to be computed under the worst-case, with relevant advantages in terms of efficiency. The new DVB-RCS2 standard extends the dynamic modulation and coding to the return link: by using different modulation and coding schemes within the uplink frame, the terminals experiencing good link conditions transmit at very high bitrates, while the terminals experiencing fade events transmit at lower bitrates. This paper addresses the problem of optimizing the uplink frame modulation and coding schemes based on the current link conditions experienced by the terminals and on their transmission capacity requirements. The problem is formulated as an Integer Program and an efficient Linear Program approximation is proposed. Simulation results validate the proposed approach

An innovative optimal approach to Slotted-ALOHA random access protocol

This work presents an innovative, adaptive and optimal approach for Slotted-ALOHA protocols in Satellite Networks. Most ALOHA random access protocols are based on the assumptions that: i) all the involved stations receive packets with the same rate and ii) the transmission probabilities, computed analytically, are the same for each station. These assumptions are too optimistic, since, in real scenarios, different sources receive traffic with different arrival rates: a classical approach leads therefore to a sub-optimal exploitation of the available resources. The proposed algorithm takes into account the arrival rate of the traffic, considered as generated by different services. The traffic model is then used to compute the (stationary) probabilities of the traffic arrival rate of the stations: each station is characterized by a finite set of arrival rates and each arrival rate is associated to a stationary probability. Then, an optimization problem is defined, aimed at obtaining the transmission probabilities which minimize the channel collisions; the innovation is that the transmission probabilities are associated to the traffic arrival rate and are different depending on the arrival rates themselves. The increased efficiency of the proposed solution with respect to the standard ALOHA approach is proved by means event-based simulations (performed with Matlab simulation tools). The work is partially based on research activities carried out in the framework of the EmerSat project funded by ASI (Italian Space Agency). ©2010 IEEE

Dynamic Bandwidth Allocation in Satellite Networks

This work presents an adaptive control approach for queue-based Bandwidth-on-Demand (BoD) procedures in geostationary satellite networks. In queue-based protocols, the controller objective is to drive the buffer queue length to a certain target queue length. The proposed protocol is based on the construction of a certain number of models (MRs) that represents a particular statistical network behavior in a way to obtain the above mentioned reference queue length. The reference queue length is computed as a weighted sum of the outputs of the different MRs. By varying on-line the target queue length a trade-off between efficient exploiting of bandwidth and reduction of queuing delay is achieved