Visible to the public Biblio

Filters: Keyword is legacy systems  [Clear All Filters]
2020-03-02
Hofnăr, Aurel-Dragoş, Joldoş, Marius.  2019.  Host Oriented Factor Normalizing Authentication Resource: More Secure Authentication for Legacy Systems. 2019 IEEE 15th International Conference on Intelligent Computer Communication and Processing (ICCP). :1–6.
Whenever one accesses a computer system there are three essential security issues involved: identification, authentication and authorization. The identification process enables recognition of an entity, which may be either a human, a machine, or another asset - e.g. software program. Two complementary mechanisms are used for determining who can access those systems: authentication and authorization. To address the authentication process, various solutions have been proposed in the literature, from a simple password to newer technologies based on biometrics or RFID (Radio Frequency Identification). This paper presents a novel scalable multi-factor authentication method, applicable to computer systems with no need of any hardware/software changes.
2018-03-05
Sugumar, G., Mathur, A..  2017.  Testing the Effectiveness of Attack Detection Mechanisms in Industrial Control Systems. 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :138–145.

Industrial Control Systems (ICS) are found in critical infrastructure such as for power generation and water treatment. When security requirements are incorporated into an ICS, one needs to test the additional code and devices added do improve the prevention and detection of cyber attacks. Conducting such tests in legacy systems is a challenge due to the high availability requirement. An approach using Timed Automata (TA) is proposed to overcome this challenge. This approach enables assessment of the effectiveness of an attack detection method based on process invariants. The approach has been demonstrated in a case study on one stage of a 6- stage operational water treatment plant. The model constructed captured the interactions among components in the selected stage. In addition, a set of attacks, attack detection mechanisms, and security specifications were also modeled using TA. These TA models were conjoined into a network and implemented in UPPAAL. The models so implemented were found effective in detecting the attacks considered. The study suggests the use of TA as an effective tool to model an ICS and study its attack detection mechanisms as a complement to doing so in a real plant-operational or under design.

2017-10-25
Azevedo, Ernani, Machado, Marcos, Melo, Rodrigo, Aschoff, Rafael, Sadok, Djamel, Carmo, Ubiratan do.  2016.  Adopting Security Routines in Legacy Organizations. Proceedings of the 2016 Workshop on Fostering Latin-American Research in Data Communication Networks. :55–57.

Security is a well-known critical issue and exploitation of vulnerabilities is increasing in number, sophistication and damage. Furthermore, legacy systems tend to offer difficulty when upgrades are needed, specially when security recommendations are proposed. This paper presents a strategy for legacy systems based on three disciplines which guide the adoption of secure routines while avoid production drop. We present a prototype framework and discuss its success in providing security to the network of a power plant.