Indicative assessment of the financial and economic security of the area: Practical approval of the method

Subject. This article considers the financial and economic security of an area as a complex system. Objectives. The article aims to develop and test a methodology for assessing regional financial and economic security based on a system of indicators divided into metrics. Methods. For the study, I used a statistical analysis and the indicative approach. Results. The article defines the integral safety factors of the Ulyanovsk Oblast, as well as a set of indicators and their threshold values for financial and economic security metrics. Conclusions. The article notes that the number of negative factors that can adversely affect the overall level of regional security and reduce the stability of the regional socioeconomic system has increased over time.

Privacy Preservation, Trust, and Security in Intelligent Embedded Systems

An embedded system is a software and hardware system that is based on a microcontroller or microprocessor designed to accomplish the dedicated functions within a massive electrical or mechanical system. An intelligent embedded system (IES) is a generation or promising evolution of an embedded system (ES). IES has the ability of reasoning about their external atmosphere and acclimates their nature accordingly. The capacity of IES is characterized by the ability of process, service, or product to expose the performance of the environment to enrich the lifetime, quality, and satisfaction of the individual. IES facilitates the processing of information gathered from the embedded sensors. IES rely on numerous multidisciplinary methods for the successive operation.IES is widely employed in consumer electronics, industrial machines, agriculture, medical equipment, and other automated applications. It is programmable and necessary functionalities can be achieved effectively. In this article diversified utilities of embedded intelligence, challenges, issues, privacy, and security metrics of IES are discussed.

Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture

The specific demands of supply chains built upon large and complex IoT systems, make it a must to design a coordinated framework for cyber resilience provisioning, intended to guarantee trusted supply chains of ICT systems, built upon distributed, dynamic, potentially insecure, and heterogeneous ICT infrastructures. As such, the solution proposed in this paper is envisioned to deal with the whole supply chain system components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability, and mitigation strategies, as well as security metrics and evidence-based security assurance. In this paper, we present FISHY as a preliminary architecture that is designed to orchestrate existing and beyond state-of-the-art security appliances in composed ICT scenarios. To this end, the FISHY architecture leverages the capabilities of programmable networks and IT infrastructure through seamless orchestration and instantiation of novel security services, both in real-time and proactively. The paper also includes a thorough business analysis to go far beyond the technical benefits of a potential FISHY adoption, as well as three real-world use cases highlighting the envisioned benefits of a potential FISHY adoption.

SC-DDPL as a Countermeasure against Static Power Side-Channel Attacks

With the continuous scaling of CMOS technology, which has now reached the 3 nm node at production level, static power begins to dominate the power consumption of nanometer CMOS integrated circuits. A novel class of security attacks to cryptographic circuits which exploit the correlation between the static power and the secret keys was introduced more than ten years ago, and, since then, several successful key recovery experiments have been reported. These results clearly demonstrate that attacks exploiting static power (AESP) represent a serious threat for cryptographic systems implemented in nanometer CMOS technologies. In this work, we analyze the effectiveness of the Standard Cell Delay-based Precharge Logic (SC-DDPL) style in counteracting static power side-channel attacks. Experimental results on an FPGA implementation of a compact PRESENT crypto-core show that the SC-DDPL implementation allows a great improvement of all the security metrics with respect to the standard CMOS implementation and other state-of-the-art countermeasures such as WDDL and MDPL.

Provisioning Cybersecurity in ICT Complex Supply Chains: An Overview, Key Issues and a Relevant Architecture

The specific demands inherent to supply chains built upon large IoT systems, make a must the design of a coordinated framework for cyber resilience provisioning intended to guaranteeing trusted supply chains of ICT systems, built upon distributed, dynamic, potentially insecure and heterogeneous ICT infrastructures. As such, the proposed solution is envisioned to deal with the whole supply chain system components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability and mitigation strategies as well as security metrics and evidence-based security assurance. In this paper we present FISHY, as a preliminary designed architecture, designed to orchestrate both existing and beyond state-of-the-art security appliances in composed ICT scenarios and also leveraging capabilities of programmable network and IT infrastructure through seamless orchestration and instantiation of novel security services, both in real-time and proactively. The paper also includes a thorough business analysis to go far beyond the technical benefits of a potential FISHY adoption as well as three real-world use cases where to strongly support the envisioned benefits of a FISHY adoption.

A Survey of Cooperative Jamming-Based Secure Transmission for Energy-Limited Systems

Considering the ongoing development of various devices and rich applications in intelligent Internet of Things (IoT) systems, it is a crucial issue to solve secure transmission of legitimate signals for massive data sharing in the systems. Cooperative jamming-based physical layer security is explored to be a complement of conventional cryptographic schemes to protect private information. Yet, this method needs to solve a game between energy consumption and signal secure transmission. In this paper, we summarize the basics of cooperative jamming and universal security metrics. Using the metrics, we study a series of typical cooperative jamming strategies from two aspects, including power allocation and energy harvesting. Finally, we propose open issues and challenges of further works on cooperative jamming in an IoT system with energy constraints.

Socio-Technical SIEM (ST-SIEM)

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.