Visible to the public Biblio

Filters: Keyword is integrated circuits  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
A
Arafin, M. T., Stanley, A., Sharma, P..  2017.  Hardware-Based Anti-Counterfeiting Techniques for Safeguarding Supply Chain Integrity. 2017 IEEE International Symposium on Circuits and Systems (ISCAS). :1–4.
Counterfeit integrated circuits (ICs) and systems have emerged as a menace to the supply chain of electronic goods and products. Simple physical inspection for counterfeit detection, basic intellectual property (IP) laws, and simple protection measures are becoming ineffective against advanced reverse engineering and counterfeiting practices. As a result, hardware security-based techniques have emerged as promising solutions for combating counterfeiting, reverse engineering, and IP theft. However, these solutions have their own merits and shortcomings, and therefore, these options must be carefully studied. In this work, we present a comparative overview of available hardware security solutions to fight against IC counterfeiting. We provide a detailed comparison of the techniques in terms of integration effort, deployability, and security matrices that would assist a system designer to adopt any one of these security measures for safeguarding the product supply chain against counterfeiting and IP theft.
Armknecht, F., Maes, R., Sadeghi, A, Standaert, O.-X., Wachsmann, C..  2011.  A Formalization of the Security Features of Physical Functions. Security and Privacy (SP), 2011 IEEE Symposium on. :397-412.

Physical attacks against cryptographic devices typically take advantage of information leakage (e.g., side-channels attacks) or erroneous computations (e.g., fault injection attacks). Preventing or detecting these attacks has become a challenging task in modern cryptographic research. In this context intrinsic physical properties of integrated circuits, such as Physical(ly) Unclonable Functions (PUFs), can be used to complement classical cryptographic constructions, and to enhance the security of cryptographic devices. PUFs have recently been proposed for various applications, including anti-counterfeiting schemes, key generation algorithms, and in the design of block ciphers. However, currently only rudimentary security models for PUFs exist, limiting the confidence in the security claims of PUF-based security primitives. A useful model should at the same time (i) define the security properties of PUFs abstractly and naturally, allowing to design and formally analyze PUF-based security solutions, and (ii) provide practical quantification tools allowing engineers to evaluate PUF instantiations. In this paper, we present a formal foundation for security primitives based on PUFs. Our approach requires as little as possible from the physics and focuses more on the main properties at the heart of most published works on PUFs: robustness (generation of stable answers), unclonability (not provided by algorithmic solutions), and unpredictability. We first formally define these properties and then show that they can be achieved by previously introduced PUF instantiations. We stress that such a consolidating work allows for a meaningful security analysis of security primitives taking advantage of physical properties, becoming increasingly important in the development of the next generation secure information systems.

B
Bhunia, S., Hsiao, M.S., Banga, M., Narasimhan, S..  2014.  Hardware Trojan Attacks: Threat Analysis and Countermeasures. Proceedings of the IEEE. 102:1229-1247.

Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
 

Brandauer, C., Dorfinger, P., Paiva, P. Y. A..  2017.  Towards scalable and adaptable security monitoring. 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC). :1–6.

A long time ago Industrial Control Systems were in a safe place due to the use of proprietary technology and physical isolation. This situation has changed dramatically and the systems are nowadays often prone to severe attacks executed from remote locations. In many cases, intrusions remain undetected for a long time and this allows the adversary to meticulously prepare an attack and maximize its destructiveness. The ability to detect an attack in its early stages thus has a high potential to significantly reduce its impact. To this end, we propose a holistic, multi-layered, security monitoring and mitigation framework spanning the physical- and cyber domain. The comprehensiveness of the approach demands for scalability measures built-in by design. In this paper we present how scalability is addressed by an architecture that enforces geographically decentralized data reduction approaches that can be dynamically adjusted to the currently perceived context. A specific focus is put on a robust and resilient solution to orchestrate dynamic configuration updates. Experimental results based on a prototype implementation show the feasibility of the approach.

C
Chen, X., Qu, G., Cui, A., Dunbar, C..  2017.  Scan chain based IP fingerprint and identification. 2017 18th International Symposium on Quality Electronic Design (ISQED). :264–270.
Digital fingerprinting refers to as method that can assign each copy of an intellectual property (IP) a distinct fingerprint. It was introduced for the purpose of protecting legal and honest IP users. The unique fingerprint can be used to identify the IP or a chip that contains the IP. However, existing fingerprinting techniques are not practical due to expensive cost of creating fingerprints and the lack of effective methods to verify the fingerprints. In the paper, we study a practical scan chain based fingerprinting method, where the digital fingerprint is generated by selecting the Q-SD or Q'-SD connection during the design of scan chains. This method has two major advantages. First, fingerprints are created as a post-silicon procedure and therefore there will be little fabrication overhead. Second, altering the Q-SD or Q'-SD connection style requires the modification of test vectors for each fingerprinted IP in order to maintain the fault coverage. This enables us to verify the fingerprint by inspecting the test vectors without opening up the chip to check the Q-SD or Q'-SD connection styles. We perform experiment on standard benchmarks to demonstrate that our approach has low design overhead. We also conduct security analysis to show that such fingerprints are robust against various attacks.
Choi, S., Chavez, A., Torres, M., Kwon, C., Hwang, I..  2017.  Trustworthy design architecture: Cyber-physical system. 2017 International Carnahan Conference on Security Technology (ICCST). :1–9.

Conventional cyber defenses require continual maintenance: virus, firmware, and software updates; costly functional impact tests; and dedicated staff within a security operations center. The conventional defenses require access to external sources for the latest updates. The whitelisted system, however, is ideally a system that can sustain itself freed from external inputs. Cyber-Physical Systems (CPS), have the following unique traits: digital commands are physically observable and verifiable; possible combinations of commands are limited and finite. These CPS traits, combined with a trust anchor to secure an unclonable digital identity (i.e., digitally unclonable function [DUF] - Patent Application \#15/183,454; CodeLock), offers an excellent opportunity to explore defenses built on whitelisting approach called “Trustworthy Design Architecture (TDA).” There exist significant research challenges in defining what are the physically verifiable whitelists as well as the criteria for cyber-physical traits that can be used as the unclonable identity. One goal of the project is to identify a set of physical and/or digital characteristics that can uniquely identify an endpoint. The measurements must have the properties of being reliable, reproducible, and trustworthy. Given that adversaries naturally evolve with any defense, the adversary will have the goal of disrupting or spoofing this process. To protect against such disruptions, we provide a unique system engineering technique, when applied to CPSs (e.g., nuclear processing facilities, critical infrastructures), that will sustain a secure operational state without ever needing external information or active inputs from cybersecurity subject-matter experts (i.e., virus updates, IDS scans, patch management, vulnerability updates). We do this by eliminating system dependencies on external sources for protection. Instead, all internal co- munication is actively sealed and protected with integrity, authenticity and assurance checks that only cyber identities bound to the physical component can deliver. As CPSs continue to advance (i.e., IoTs, drones, ICSs), resilient-maintenance free solutions are needed to neutralize/reduce cyber risks. TDA is a conceptual system engineering framework specifically designed to address cyber-physical systems that can potentially be maintained and operated without the persistent need or demand for vulnerability or security patch updates.

Chongxi Bao, Forte, D., Srivastava, A..  2014.  On application of one-class SVM to reverse engineering-based hardware Trojan detection. Quality Electronic Design (ISQED), 2014 15th International Symposium on. :47-54.

Due to design and fabrication outsourcing to foundries, the problem of malicious modifications to integrated circuits known as hardware Trojans has attracted attention in academia as well as industry. To reduce the risks associated with Trojans, researchers have proposed different approaches to detect them. Among these approaches, test-time detection approaches have drawn the greatest attention and most approaches assume the existence of a “golden model”. Prior works suggest using reverse-engineering to identify such Trojan-free ICs for the golden model but they did not state how to do this efficiently. In this paper, we propose an innovative and robust reverseengineering approach to identify the Trojan-free ICs. We adapt a well-studied machine learning method, one-class support vector machine, to solve our problem. Simulation results using state-of-the-art tools on several publicly available circuits show that our approach can detect hardware Trojans with high accuracy rate across different modeling and algorithm parameters.

Cioranesco, J.-M., Danger, J.-L., Graba, T., Guilley, S., Mathieu, Y., Naccache, D., Xuan Thuy Ngo.  2014.  Cryptographically secure shields. Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on. :25-31.

Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called shield that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the newly proposed SIMON lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. For the first time in the open literature, we describe a chip designed with a digital shield, and give an extensive report of its cost, in terms of power, metal layer(s) to sacrifice and of logic (including the logic to connect it to the CPU). Also, we explain how “Through Silicon Vias” (TSV) technology can be used for the protection against both frontside and backside probing.

Cozzi, M., Galliere, J., Maurine, P..  2018.  Exploiting Phase Information in Thermal Scans for Stealthy Trojan Detection. 2018 21st Euromicro Conference on Digital System Design (DSD). :573-576.
Infrared thermography has been recognized for its ability to investigate integrated circuits in a non destructive way. Coupled to lock-in correlation it has proven efficient in detecting thermal hot spots. Most of the state of the Art measurement systems are based on amplitude analysis. In this paper we propose to investigate weak thermal hot spots using the phase of infrared signals. We demonstrate that phase analysis is a formidable alternative to amplitude to detect small heat signatures. Finally, we apply our measurement platform and its detection method to the identification of stealthy hardware Trojans.
D
Drias, Z., Serhrouchni, A., Vogel, O..  2017.  Identity-based cryptography (IBC) based key management system (KMS) for industrial control systems (ICS). 2017 1st Cyber Security in Networking Conference (CSNet). :1–10.

Often considered as the brain of an industrial process, Industrial control systems are presented as the vital part of today's critical infrastructure due to their crucial role in process control and monitoring. Any failure or error in the system will have a considerable damage. Their openness to the internet world raises the risk related to cyber-attacks. Therefore, it's necessary to consider cyber security challenges while designing an ICS in order to provide security services such as authentication, integrity, access control and secure communication channels. To implement such services, it's necessary to provide an efficient key management system (KMS) as an infrastructure for all cryptographic operations, while preserving the functional characteristics of ICS. In this paper we will analyze existing KMS and their suitability for ICS, then we propose a new KMS based on Identity Based Cryptography (IBC) as a better alternative to traditional KMS. In our proposal, we consider solving two security problems in IBC which brings it up to be more suitable for ICS.

F
Feng, C., Li, T., Chana, D..  2017.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :261–272.

We outline an anomaly detection method for industrial control systems (ICS) that combines the analysis of network package contents that are transacted between ICS nodes and their time-series structure. Specifically, we take advantage of the predictable and regular nature of communication patterns that exist between so-called field devices in ICS networks. By observing a system for a period of time without the presence of anomalies we develop a base-line signature database for general packages. A Bloom filter is used to store the signature database which is then used for package content level anomaly detection. Furthermore, we approach time-series anomaly detection by proposing a stacked Long Short Term Memory (LSTM) network-based softmax classifier which learns to predict the most likely package signatures that are likely to occur given previously seen package traffic. Finally, by the inspection of a real dataset created from a gas pipeline SCADA system, we show that an anomaly detection scheme combining both approaches can achieve higher performance compared to various current state-of-the-art techniques.

Ferres, E., Immler, V., Utz, A., Stanitzki, A., Lerch, R., Kokozinski, R..  2018.  Capacitive Multi-Channel Security Sensor IC for Tamper-Resistant Enclosures. 2018 IEEE SENSORS. :1–4.
Physical attacks are a serious threat for embedded devices. Since these attacks are based on physical interaction, sensing technology is a key aspect in detecting them. For highest security levels devices in need of protection are placed into tamper-resistant enclosures. In this paper we present a capacitive multi-channel security sensor IC in a 350 nm CMOS technology. This IC measures more than 128 capacitive sensor nodes of such an enclosure with an SNR of 94.6 dB across a 16×16 electrode matrix in just 19.7 ms. The theoretical sensitivity is 35 aF which is practically limited by noise to 460 aF. While this is similar to capacitive touch technology, it outperforms available solutions of this domain with respect to precision and speed.
G
Gonzalez, D., Alhenaki, F., Mirakhorli, M..  2019.  Architectural Security Weaknesses in Industrial Control Systems (ICS) an Empirical Study Based on Disclosed Software Vulnerabilities. 2019 IEEE International Conference on Software Architecture (ICSA). :31–40.

Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.

Gouglidis, A., Green, B., Busby, J., Rouncefield, M., Hutchison, D., Schauer, S..  2016.  Threat awareness for critical infrastructures resilience. 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM). :196–202.

Utility networks are part of every nation's critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company.

Guizani, S..  2014.  Security applications challenges of RFID technology and possible countermeasures. Computing, Management and Telecommunications (ComManTel), 2014 International Conference on. :291-297.

Radio Frequency IDentification (RFID) is a technique for speedy and proficient identification system, it has been around for more than 50 years and was initially developed for improving warfare machinery. RFID technology bridges two technologies in the area of Information and Communication Technologies (ICT), namely Product Code (PC) technology and Wireless technology. This broad-based rapidly expanding technology impacts business, environment and society. The operating principle of an RFID system is as follows. The reader starts a communication process by radiating an electromagnetic wave. This wave will be intercepted by the antenna of the RFID tag, placed on the item to be identified. An induced current will be created at the tag and will activate the integrated circuit, enabling it to send back a wave to the reader. The reader redirects information to the host where it will be processed. RFID is used for wide range of applications in almost every field (Health, education, industry, security, management ...). In this review paper, we will focus on agricultural and environmental applications.

Guo, X., Dutta, R. G., He, J., Jin, Y..  2017.  PCH framework for IP runtime security verification. 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :79–84.

Untrusted third-party vendors and manufacturers have raised security concerns in hardware supply chain. Among all existing solutions, formal verification methods provide powerful solutions in detection malicious behaviors at the pre-silicon stage. However, little work have been done towards built-in hardware runtime verification at the post-silicon stage. In this paper, a runtime formal verification framework is proposed to evaluate the trust of hardware during its execution. This framework combines the symbolic execution and SAT solving methods to validate the user defined properties. The proposed framework has been demonstrated on an FPGA platform using an SoC design with untrusted IPs. The experimentation results show that the proposed approach can provide high-level security assurance for hardware at runtime.

H
Hasegawa, K., Yanagisawa, M., Togawa, N..  2017.  Trojan-Feature Extraction at Gate-Level Netlists and Its Application to Hardware-Trojan Detection Using Random Forest Classifier. 2017 IEEE International Symposium on Circuits and Systems (ISCAS). :1–4.

Recently, due to the increase of outsourcing in IC design, it has been reported that malicious third-party vendors often insert hardware Trojans into their ICs. How to detect them is a strong concern in IC design process. The features of hardware-Trojan infected nets (or Trojan nets) in ICs often differ from those of normal nets. To classify all the nets in netlists designed by third-party vendors into Trojan ones and normal ones, we have to extract effective Trojan features from Trojan nets. In this paper, we first propose 51 Trojan features which describe Trojan nets from netlists. Based on the importance values obtained from the random forest classifier, we extract the best set of 11 Trojan features out of the 51 features which can effectively detect Trojan nets, maximizing the F-measures. By using the 11 Trojan features extracted, the machine-learning based hardware Trojan classifier has achieved at most 100% true positive rate as well as 100% true negative rate in several TrustHUB benchmarks and obtained the average F-measure of 74.6%, which realizes the best values among existing machine-learning-based hardware-Trojan detection methods.

Hossain, F. S., Yoneda, T., Shintani, M., Inoue, M., Orailoglo, A..  2017.  Intra-Die-Variation-Aware Side Channel Analysis for Hardware Trojan Detection. 2017 IEEE 26th Asian Test Symposium (ATS). :52–57.

High detection sensitivity in the presence of process variation is a key challenge for hardware Trojan detection through side channel analysis. In this work, we present an efficient Trojan detection approach in the presence of elevated process variations. The detection sensitivity is sharpened by 1) comparing power levels from neighboring regions within the same chip so that the two measured values exhibit a common trend in terms of process variation, and 2) generating test patterns that toggle each cell multiple times to increase Trojan activation probability. Detection sensitivity is analyzed and its effectiveness demonstrated by means of RPD (relative power difference). We evaluate our approach on ISCAS'89 and ITC'99 benchmarks and the AES-128 circuit for both combinational and sequential type Trojans. High detection sensitivity is demonstrated by analysis on RPD under a variety of process variation levels and experiments for Trojan inserted circuits.

Hossain, F. S., Shintani, M., Inoue, M., Orailoglu, A..  2018.  Variation-Aware Hardware Trojan Detection through Power Side-Channel. 2018 IEEE International Test Conference (ITC). :1-10.
A hardware Trojan (HT) denotes the malicious addition or modification of circuit elements. The purpose of this work is to improve the HT detection sensitivity in ICs using power side-channel analysis. This paper presents three detection techniques in power based side-channel analysis by increasing Trojan-to-circuit power consumption and reducing the variation effect in the detection threshold. Incorporating the three proposed methods has demonstrated that a realistic fine-grain circuit partitioning and an improved pattern set to increase HT activation chances can magnify Trojan detectability.
Hossain, M., Hasan, R..  2017.  Boot-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes. 2017 IEEE International Congress on Internet of Things (ICIOT). :1–8.

The Internet of Things (IoT) devices perform security-critical operations and deal with sensitive information in the IoT-based systems. Therefore, the increased deployment of smart devices will make them targets for cyber attacks. Adversaries can perform malicious actions, leak private information, and track devices' and their owners' location by gaining unauthorized access to IoT devices and networks. However, conventional security protocols are not primarily designed for resource constrained devices and therefore cannot be applied directly to IoT systems. In this paper, we propose Boot-IoT - a privacy-preserving, lightweight, and scalable security scheme for limited resource devices. Boot-IoT prevents a malicious device from joining an IoT network. Boot-IoT enables a device to compute a unique identity for authentication each time the device enters a network. Moreover, during device to device communication, Boot-IoT provides a lightweight mutual authentication scheme that ensures privacy-preserving identity usages. We present a detailed analysis of the security strength of BootIoT. We implemented a prototype of Boot-IoT on IoT devices powered by Contiki OS and provided an extensive comparative analysis of Boot-IoT with contemporary authentication methods. Our results show that Boot-IoT is resource efficient and provides better scalability compared to current solutions.

Huang, J., Hou, D., Schuckers, S..  2017.  A Practical Evaluation of Free-Text Keystroke Dynamics. 2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA). :1–8.

Free text keystroke dynamics is a behavioral biometric that has the strong potential to offer unobtrusive and continuous user authentication. Unfortunately, due to the limited data availability, free text keystroke dynamics have not been tested adequately. Based on a novel large dataset of free text keystrokes from our ongoing data collection using behavior in natural settings, we present the first study to evaluate keystroke dynamics while respecting the temporal order of the data. Specifically, we evaluate the performance of different ways of forming a test sample using sessions, as well as a form of continuous authentication that is based on a sliding window on the keystroke time series. Instead of accumulating a new test sample of keystrokes, we update the previous sample with keystrokes that occur in the immediate past sliding window of n minutes. We evaluate sliding windows of 1 to 5, 10, and 30 minutes. Our best performer using a sliding window of 1 minute, achieves an FAR of 1% and an FRR of 11.5%. Lastly, we evaluate the sensitivity of the keystroke dynamics algorithm to short quick insider attacks that last only several minutes, by artificially injecting different portions of impostor keystrokes into the genuine test samples. For example, the evaluated algorithm is found to be able to detect insider attacks that last 2.5 minutes or longer, with a probability of 98.4%.

I
Isaacson, D. M..  2018.  The ODNI-OUSD(I) Xpress Challenge: An Experimental Application of Artificial Intelligence Techniques to National Security Decision Support. 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). :104-109.
Current methods for producing and disseminating analytic products contribute to the latency of relaying actionable information and analysis to the U.S. Intelligence Community's (IC's) principal customers, U.S. policymakers and warfighters. To circumvent these methods, which can often serve as a bottleneck, we report on the results of a public prize challenge that explored the potential for artificial intelligence techniques to generate useful analytic products. The challenge tasked solvers to develop algorithms capable of searching and processing nearly 15,000 unstructured text files into a 1-2 page analytic product without human intervention; these analytic products were subsequently evaluated and scored using established IC methodologies and criteria. Experimental results from this challenge demonstrate the promise for the ma-chine generation of analytic products to ensure that the IC warns and informs in a more timely fashion.
Ivanov, A. V., Sklyarov, V. A..  2018.  The Urgency of the Threats of Attacks on Interfaces and Field-Layer Protocols in Industrial Control Systems. 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE). :162-165.
The paper is devoted to analysis of condition of executing devices and sensors of Industrial Control Systems information security. The work contains structures of industrial control systems divided into groups depending on system's layer. The article contains the analysis of analog interfaces work and work features of data transmission protocols in industrial control system field layer. Questions about relevance of industrial control systems information security, both from the point of view of the information security occurring incidents, and from the point of view of regulators' reaction in the form of normative legal acts, are described. During the analysis of the information security systems of industrial control systems a possibility of leakage through technical channels of information leakage at the field layer was found. Potential vectors of the attacks on devices of field layer and data transmission network of an industrial control system are outlined in the article. The relevance analysis of the threats connected with the attacks at the field layer of an industrial control system is carried out, feature of this layer and attractiveness of this kind of attacks is observed.
K
Kannan, S., Karimi, N., Karri, R., Sinanoglu, O..  2014.  Detection, diagnosis, and repair of faults in memristor-based memories. VLSI Test Symposium (VTS), 2014 IEEE 32nd. :1-6.

Memristors are an attractive option for use in future memory architectures due to their non-volatility, high density and low power operation. Notwithstanding these advantages, memristors and memristor-based memories are prone to high defect densities due to the non-deterministic nature of nanoscale fabrication. The typical approach to fault detection and diagnosis in memories entails testing one memory cell at a time. This is time consuming and does not scale for the dense, memristor-based memories. In this paper, we integrate solutions for detecting and locating faults in memristors, and ensure post-silicon recovery from memristor failures. We propose a hybrid diagnosis scheme that exploits sneak-paths inherent in crossbar memories, and uses March testing to test and diagnose multiple memory cells simultaneously, thereby reducing test time. We also provide a repair mechanism that prevents faults in the memory from being activated. The proposed schemes enable and leverage sneak paths during fault detection and diagnosis modes, while still maintaining a sneak-path free crossbar during normal operation. The proposed hybrid scheme reduces fault detection and diagnosis time by ~44%, compared to traditional March tests, and repairs the faulty cell with minimal overhead.
 

Kawanishi, Y., Nishihara, H., Souma, D., Yoshida, H., Hata, Y..  2018.  A Study on Quantitative Risk Assessment Methods in Security Design for Industrial Control Systems. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :62-69.

In recent years, there has been progress in applying information technology to industrial control systems (ICS), which is expected to make the development cost of control devices and systems lower. On the other hand, the security threats are becoming important problems. In 2017, a command injection issue on a data logger was reported. In this paper, we focus on the risk assessment in security design for data loggers used in industrial control systems. Our aim is to provide a risk assessment method optimized for control devices and systems in such a way that one can prioritize threats more preciously, that would lead work resource (time and budget) can be assigned for more important threats than others. We discuss problems with application of the automotive-security guideline of JASO TP15002 to ICS risk assessment. Consequently, we propose a three-phase risk assessment method with a novel Risk Scoring Systems (RSS) for quantitative risk assessment, RSS-CWSS. The idea behind this method is to apply CWSS scoring systems to RSS by fixing values for some of CWSS metrics, considering what the designers can evaluate during the concept phase. Our case study with ICS employing a data logger clarifies that RSS-CWSS can offer an interesting property that it has better risk-score dispersion than the TP15002-specified RSS.