scholarly journals Security Reference Architecture for Cyber-Physical Systems (CPS)

2021 ◽  
Vol 27 (6) ◽  
pp. 609-634
Author(s):  
Julio Moreno ◽  
David G. Rosado ◽  
Luis E. Sánchez ◽  
Manuel A. Serrano ◽  
Eduardo Fernández-Medina
Keyword(s):  
Global Perspective ◽  
Security Requirements ◽  
Reference Architecture ◽  
Security Issues ◽  
Starting Point ◽  
Secure Environment ◽  
Engineered Systems ◽  
Control Technologies ◽  
Definition Of ◽  
High Level

Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially conceived as a secure environment, and if these security issues are to be incorporated, then security must be considered from the very beginning of the system design. One way in which to solve this problem is by having a global perspective, which can be achieved by employing a Reference Architecture (RA), since it is a high-level abstraction of a system that could be useful in the implementation of complex systems. It is widely accepted that adding elements in order to address many security factors (integrity, confidentiality, availability, etc.) and facilitate the definition of the security requirements of a Security Reference Architecture (SRA) is a good starting point when attempting to solve these kinds of cybersecurity problems and protect the system from the beginning of the development. An SRA makes it possible to define the key elements of a specific environment, thus allowing a better understanding of the inherent elements of the environments, while promoting the integration of security aspects and mechanisms. The present paper, therefore, presents the definition of an SRA for CPS by using UML models in an attempt to facilitate secure CPS implementations.

Threat Analysis in Goal-Oriented Security Requirements Modelling

2017 ◽  
pp. 2025-2042 ◽  
Author(s):  
Per Håkon Meland ◽  
Elda Paja ◽  
Erlend Andreas Gjære ◽  
Stéphane Paul ◽  
Fabiano Dalpiaz ◽  
...  
Keyword(s):  
Traffic Management ◽  
Mutual Influence ◽  
Automated Analysis ◽  
Security Requirements ◽  
Tool Support ◽  
Security Issues ◽  
Raising Awareness ◽  
Goal Modelling ◽  
Threat Modelling ◽  
High Level

Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.

Threat Analysis in Goal-Oriented Security Requirements Modelling

2014 ◽  
Vol 5 (2) ◽  
pp. 1-19 ◽  
Author(s):  
Per Håkon Meland ◽  
Elda Paja ◽  
Erlend Andreas Gjære ◽  
Stéphane Paul ◽  
Fabiano Dalpiaz ◽  
...  
Keyword(s):  
Traffic Management ◽  
Mutual Influence ◽  
Automated Analysis ◽  
Security Requirements ◽  
Tool Support ◽  
Security Issues ◽  
Goal Modelling ◽  
Requirements Modelling ◽  
Threat Modelling ◽  
High Level

Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.

Model Driven Security for Inter-Organizational Workflows in E-Governent

2007 ◽  
pp. 233-253 ◽  
Author(s):  
Michael Hafner ◽  
Barbara Weber ◽  
Ruth Breu ◽  
Andrea Nowak
Keyword(s):  
Web Service ◽  
Security Requirements ◽  
Software Systems ◽  
Reference Architecture ◽  
Service Orchestration ◽  
Model Driven ◽  
Web Service Security ◽  
Web Service Orchestration ◽  
High Level ◽  
Security Standards

Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of Web services, Web service orchestration and Web service choreography. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are generated for a target reference architecture based on upcoming Web service security standards. Additionally, we show how participants of a choreography use model dependencies to map the choreography specifications to interfaces for their local workflows.

Security Issues in Tactical Software-Defined Radios

2014 ◽  
pp. 22-53 ◽  
Author(s):  
Fabrício A. B. da Silva ◽  
David F. C. Moura ◽  
Juraci F. Galdino
Keyword(s):  
Software Defined Radio ◽  
Mitigation Strategies ◽  
Security Requirements ◽  
Paradigm Change ◽  
Radio Communication ◽  
Security Issues ◽  
Software Defined Radios ◽  
Simulation Results ◽  
Definition Of ◽  
Attack Mitigation

In recent years, the development of radio communication technology solutions has experienced a huge paradigm change – the Software-Defined Radio (SDR) technology upspring, in which previously hardware-based features became software-defined and users may also introduce new application waveforms on-the-fly. Given its growing importance for SDR application vendors and developers in different project domains, one of first steps in engineering a secure SDR system is the identification of classes of attacks on a SDR, along with the associated threats and vulnerabilities. Therefore, the identification of classes of attacks is necessary for the definition of realistic and relevant security requirements. One contribution of this chapter is to identify classes of attacks that Software Communications Architecture (SCA) compliant Software-Defined Radios (SDR) can suffer. It is noteworthy that, with the advancement of technology, new vulnerabilities emerge every day, and with them, new forms of threats and attacks on systems. The authors intend, however, to highlight in this chapter the classes of attacks that are more relevant for tactical software-defined radios, taking into account expected losses for legitimate radio network users. They also discuss, in this chapter, mitigation strategies for several identified attacks and how attack mitigation strategies can affect a SCA-compliant operating environment. Finally, the authors present several case studies, along with simulation results, illustrating the identified attack classes.

Model Driven Security for Inter-Organizational Workflows in E-Governent

2011 ◽  
pp. 3211-3226
Author(s):  
Michael Hafner ◽  
Barbara Weber ◽  
Ruth Breu ◽  
Andrea Nowak
Keyword(s):  
Web Service ◽  
Security Requirements ◽  
Software Systems ◽  
Reference Architecture ◽  
Service Orchestration ◽  
Model Driven ◽  
Web Service Security ◽  
Web Service Orchestration ◽  
High Level ◽  
Security Standards

Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of Web services, Web service orchestration and Web service choreography. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are generated for a target reference architecture based on upcoming Web service security standards. Additionally, we show how participants of a choreography use model dependencies to map the choreography specifications to interfaces for their local workflows.

Model Driven Security for Inter-Organizational Workflows in E-Governent

2008 ◽  
pp. 2686-2703
Author(s):  
Michael Hafner ◽  
Barbara Weber ◽  
Ruth Breu ◽  
Andrea Nowak
Keyword(s):  
Web Service ◽  
Security Requirements ◽  
Software Systems ◽  
Reference Architecture ◽  
Service Orchestration ◽  
Model Driven ◽  
Web Service Security ◽  
Web Service Orchestration ◽  
High Level ◽  
Security Standards

Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of Web services, Web service orchestration and Web service choreography. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are generated for a target reference architecture based on upcoming Web service security standards. Additionally, we show how participants of a choreography use model dependencies to map the choreography specifications to interfaces for their local workflows.

scholarly journals On the Necessity of Developing a Unified Definition of «Darknet» in Criminalistics

2021 ◽  
pp. 77-86
Author(s):  
Aleksander Protasyevich ◽  
Yulia Skryabikova
Keyword(s):  
Law Enforcement ◽  
Digital Literacy ◽  
Information Technologies ◽  
The Internet ◽  
Present Stage ◽  
Business Transactions ◽  
Starting Point ◽  
The Russian Federation ◽  
Definition Of ◽  
High Level

The article is devoted to counteracting crimes committed with the use of information-telecommunication technologies, specifically, the Internet. Criminals use the Internet actively to conduct criminal business transactions while hiding in the shadow part of the net — Darknet. This net provides offenders with opportunities for hiding by offering anonymous nets that guarantee a high level of confidentiality. This fact makes it considerably harder for law enforcement bodies to counteract crimes committed with the use of information technologies. Besides, an analysis of the criminal situation in the Russian Federation showed that law enforcement work of counteracting this type of crimes is not effective at the present stage. Due to this, there is a need for improving the level of “digital” literacy of law enforcement employees as well as the development of a criminalistic base that takes into account the digital progress. The authors offer a definition of “Darknet” that describes the essence of this net and that will become the starting point for researching the Darknet phenomenon as an object of criminalistics. The conducted research will make it possible to obtain new sources for building the elements of criminalistic description of crimes and a special criminalistic theory of investigating crimes committed with the use of Darknet.

Holism, Chinese Medicine and Systems Ideologies: Rewriting the Past to Imagine the Future

2018 ◽  
Author(s):  
Volker Scheid
Keyword(s):  
Eighteenth Century ◽  
Chinese Medicine ◽  
Medical Humanities ◽  
Science And Technology Studies ◽  
Human Beings ◽  
The Past ◽  
Starting Point ◽  
The Us ◽  
Shared Objective ◽  
Definition Of

This chapter explores the articulations that have emerged over the last half century between various types of holism, Chinese medicine and systems biology. Given the discipline’s historical attachments to a definition of ‘medicine’ that rather narrowly refers to biomedicine as developed in Europe and the US from the eighteenth century onwards, the medical humanities are not the most obvious starting point for such an inquiry. At the same time, they do offer one advantage over neighbouring disciplines like medical history, anthropology or science and technology studies for someone like myself, a clinician as well as a historian and anthropologist: their strong commitment to the objective of facilitating better medical practice. This promise furthermore links to the wider project of critique, which, in Max Horkheimer’s definition of the term, aims at change and emancipation in order ‘to liberate human beings from the circumstances that enslave them’. If we take the critical medical humanities as explicitly affirming this shared objective and responsibility, extending the discipline’s traditional gaze is not a burden but becomes, in fact, an obligation.

Europe

2020 ◽  
pp. 649-666
Author(s):  
Andrea Renda
Keyword(s):  
Artificial Intelligence ◽  
Digital Technology ◽  
Policy Framework ◽  
Expert Group ◽  
Ethical Guidelines ◽  
Ethical Implications ◽  
Strong Focus ◽  
Ethics Guidelines ◽  
Definition Of ◽  
High Level

This chapter assesses Europe’s efforts in developing a full-fledged strategy on the human and ethical implications of artificial intelligence (AI). The strong focus on ethics in the European Union’s AI strategy should be seen in the context of an overall strategy that aims at protecting citizens and civil society from abuses of digital technology but also as part of a competitiveness-oriented strategy aimed at raising the standards for access to Europe’s wealthy Single Market. In this context, one of the most peculiar steps in the European Union’s strategy was the creation of an independent High-Level Expert Group on AI (AI HLEG), accompanied by the launch of an AI Alliance, which quickly attracted several hundred participants. The AI HLEG, a multistakeholder group including fifty-two experts, was tasked with the definition of Ethics Guidelines as well as with the formulation of “Policy and Investment Recommendations.” With the advice of the AI HLEG, the European Commission put forward ethical guidelines for Trustworthy AI—which are now paving the way for a comprehensive, risk-based policy framework.

scholarly journals Shape Sensing of a Complex Aeronautical Structure with Inverse Finite Element Method

Sensors ◽  
2021 ◽  
Vol 21 (4) ◽  
pp. 1388
Author(s):  
Daniele Oboe ◽  
Luca Colombo ◽  
Claudio Sbarufatti ◽  
Marco Giglio
Keyword(s):  
Finite Element Method ◽  
Finite Element ◽  
Boundary Conditions ◽  
Strain Field ◽  
Element Analysis ◽  
Inverse Finite Element Method ◽  
Shape Sensing ◽  
Definition Of ◽  
High Level ◽  
Element Method

The inverse Finite Element Method (iFEM) is receiving more attention for shape sensing due to its independence from the material properties and the external load. However, a proper definition of the model geometry with its boundary conditions is required, together with the acquisition of the structure’s strain field with optimized sensor networks. The iFEM model definition is not trivial in the case of complex structures, in particular, if sensors are not applied on the whole structure allowing just a partial definition of the input strain field. To overcome this issue, this research proposes a simplified iFEM model in which the geometrical complexity is reduced and boundary conditions are tuned with the superimposition of the effects to behave as the real structure. The procedure is assessed for a complex aeronautical structure, where the reference displacement field is first computed in a numerical framework with input strains coming from a direct finite element analysis, confirming the effectiveness of the iFEM based on a simplified geometry. Finally, the model is fed with experimentally acquired strain measurements and the performance of the method is assessed in presence of a high level of uncertainty.

Sign in / Sign up

Export Citation Format

Share Document