Visible to the public Biblio

Filters: Keyword is legacy systems  [Clear All Filters]
2018-03-05
Sugumar, G., Mathur, A..  2017.  Testing the Effectiveness of Attack Detection Mechanisms in Industrial Control Systems. 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :138–145.

Industrial Control Systems (ICS) are found in critical infrastructure such as for power generation and water treatment. When security requirements are incorporated into an ICS, one needs to test the additional code and devices added do improve the prevention and detection of cyber attacks. Conducting such tests in legacy systems is a challenge due to the high availability requirement. An approach using Timed Automata (TA) is proposed to overcome this challenge. This approach enables assessment of the effectiveness of an attack detection method based on process invariants. The approach has been demonstrated in a case study on one stage of a 6- stage operational water treatment plant. The model constructed captured the interactions among components in the selected stage. In addition, a set of attacks, attack detection mechanisms, and security specifications were also modeled using TA. These TA models were conjoined into a network and implemented in UPPAAL. The models so implemented were found effective in detecting the attacks considered. The study suggests the use of TA as an effective tool to model an ICS and study its attack detection mechanisms as a complement to doing so in a real plant-operational or under design.

2017-10-25
Azevedo, Ernani, Machado, Marcos, Melo, Rodrigo, Aschoff, Rafael, Sadok, Djamel, Carmo, Ubiratan do.  2016.  Adopting Security Routines in Legacy Organizations. Proceedings of the 2016 Workshop on Fostering Latin-American Research in Data Communication Networks. :55–57.

Security is a well-known critical issue and exploitation of vulnerabilities is increasing in number, sophistication and damage. Furthermore, legacy systems tend to offer difficulty when upgrades are needed, specially when security recommendations are proposed. This paper presents a strategy for legacy systems based on three disciplines which guide the adoption of secure routines while avoid production drop. We present a prototype framework and discuss its success in providing security to the network of a power plant.