Visible to the public Biblio

Filters: Keyword is Modeling  [Clear All Filters]
Gonçalves, Charles F., Menasche, Daniel S., Avritzer, Alberto, Antunes, Nuno, Vieira, Marco.  2020.  A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate. 2020 Mediterranean Communication and Computer Networking Conference (MedComNet). :1—8.
The complexity and ubiquity of modern computing systems is a fertile ground for anomalies, including security and privacy breaches. In this paper, we propose a new methodology that addresses the practical challenges to implement anomaly detection approaches. Specifically, it is challenging to define normal behavior comprehensively and to acquire data on anomalies in diverse cloud environments. To tackle those challenges, we focus on anomaly detection approaches based on system performance signatures. In particular, performance signatures have the potential of detecting zero-day attacks, as those approaches are based on detecting performance deviations and do not require detailed knowledge of attack history. The proposed methodology leverages an analytical performance model and experimentation, and allows to control the rate of false positives in a principled manner. The methodology is evaluated using the TPCx-V workload, which was profiled during a set of executions using resource exhaustion anomalies that emulate the effects of anomalies affecting system performance. The proposed approach was able to successfully detect the anomalies, with a low number of false positives (precision 90%-98%).
Tekinerdoğan, B., Özcan, K., Yağız, S., Yakın, İ.  2020.  Systems Engineering Architecture Framework for Physical Protection Systems. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1–8.
A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent intruder attacks. In this paper we focus on the architecture modeling of PPS to support the communication among stakeholders, analysis and guiding the systems development activities. A common practice for modeling architecture is by using an architecture framework that defines a coherent set of viewpoints. Existing systems engineering modeling approaches appear to be too general and fail to address the domain-specific aspects of PPSs. On the other hand, no dedicated architecture framework approach has been provided yet to address the specific concerns of PPS. In this paper, we present an architecture framework for PPS (PPSAF) that has been developed in a real industrial context focusing on the development of multiple PPSs. The architecture framework consists of six coherent set of viewpoints including facility viewpoint, threats and vulnerabilities viewpoint, deterrence viewpoint, detection viewpoint, delay viewpoint, and response viewpoint. We illustrate the application of the architecture framework for the design of a PPS architecture of a building.
Chen, Jing, Tong, Wencan, Li, Xiaojian, Jiang, Yiyi, Zhu, Liyu.  2019.  A Survey of Time-varying Structural Modeling to Accountable Cloud Services. 2019 IEEE International Conference on Computation, Communication and Engineering (ICCCE). :9—12.

Cloud service has the computing characteristics of self-organizing strain on demand, which is prone to failure or loss of responsibility in its extensive application. In the prediction or accountability of this, the modeling of cloud service structure becomes an insurmountable priority. This paper reviews the modeling of cloud service network architecture. It mainly includes: Firstly, the research status of cloud service structure modeling is analyzed and reviewed. Secondly, the classification of time-varying structure of cloud services and the classification of time-varying structure modeling methods are summarized as a whole. Thirdly, it points out the existing problems. Finally, for cloud service accountability, research approach of time-varying structure modeling is proposed.

Zhang, Lichen.  2018.  Modeling Cloud Based Cyber Physical Systems Based on AADL. 2018 24th International Conference on Automation and Computing (ICAC). :1—6.

Cloud-based cyber-physical systems, like vehicle and intelligent transportation systems, are now attracting much more attentions. These systems usually include large-scale distributed sensor networks covering various components and producing enormous measurement data. Lots of modeling languages are put to use for describing cyber-physical systems or its aspects, bringing contribution to the development of cyber-physical systems. But most of the modeling techniques only focuse on software aspect so that they could not exactly express the whole cloud-based cyber-physical systems, which require appropriate views and tools in its design; but those tools are hard to be used under systemic or object-oriented methods. For example, the widest used modeling language, UML, could not fulfil the above design's requirements by using the foremer's standard form. This paper presents a method designing the cloud-based cyber-physical systems with AADL, by which we can analyse, model and apply those requirements on cloud platforms ensuring QoS in a relatively highly extensible way at the mean time.

Papakonstantinou, Nikolaos, Linnosmaa, Joonas, Alanen, Jarmo, Bashir, Ahmed Z., O'Halloran, Bryan, Van Bossuyt, Douglas L..  2019.  Early Hybrid Safety and Security Risk Assessment Based on Interdisciplinary Dependency Models. 2019 Annual Reliability and Maintainability Symposium (RAMS). :1–7.
Safety and security of complex critical infrastructures are very important for economic, environmental and social reasons. The complexity of these systems introduces difficulties in the identification of safety and security risks that emerge from interdisciplinary interactions and dependencies. The discovery of safety and security design weaknesses late in the design process and during system operation can lead to increased costs, additional system complexity, delays and possibly undesirable compromises to address safety and security weaknesses.
Tucker, Scot.  2018.  Engineering Trust: A Graph-Based Algorithm for Modeling, Validating, and Evaluating Trust. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1–9.
Trust is an important topic in today's interconnected world. Breaches of trust in today's systems has had profound effects upon us all, and they are very difficult and costly to fix especially when caused by flaws in the system's architecture. Trust modeling can expose these types of issues, but modeling trust in complex multi-tiered system architectures can be very difficult. Often experts have differing views of trust and how it applies to systems within their domain. This work presents a graph-based modeling methodology that normalizes the application of trust across disparate system domains allowing the modeling of complex intersystem trust relationships. An algorithm is proposed that applies graph theory to model, validate and evaluate trust in system architectures. Also, it provides the means to apply metrics to compare and prioritize the effectiveness of trust management in system and component architectures. The results produced by the algorithm can be used in conjunction with systems engineering processes to ensure both trust and the efficient use of resources.
Xiao, Lili, Xiang, Shuangqing, Zhuy, Huibiao.  2018.  Modeling and Verifying SDN with Multiple Controllers. Proceedings of the 33rd Annual ACM Symposium on Applied Computing. :419-422.

SDN (Software Defined Network) with multiple controllers draws more attention for the increasing scale of the network. The architecture can handle what SDN with single controller is not able to address. In order to understand what this architecture can accomplish and face precisely, we analyze it with formal methods. In this paper, we apply CSP (Communicating Sequential Processes) to model the routing service of SDN under HyperFlow architecture based on OpenFlow protocol. By using model checker PAT (Process Analysis Toolkit), we verify that the models satisfy three properties, covering deadlock freeness, consistency and fault tolerance.

Jansen, Rob, Traudt, Matthew, Hopper, Nicholas.  2018.  Privacy-Preserving Dynamic Learning of Tor Network Traffic. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1944-1961.

Experimentation tools facilitate exploration of Tor performance and security research problems and allow researchers to safely and privately conduct Tor experiments without risking harm to real Tor users. However, researchers using these tools configure them to generate network traffic based on simplifying assumptions and outdated measurements and without understanding the efficacy of their configuration choices. In this work, we design a novel technique for dynamically learning Tor network traffic models using hidden Markov modeling and privacy-preserving measurement techniques. We conduct a safe but detailed measurement study of Tor using 17 relays (\textasciitilde2% of Tor bandwidth) over the course of 6 months, measuring general statistics and models that can be used to generate a sequence of streams and packets. We show how our measurement results and traffic models can be used to generate traffic flows in private Tor networks and how our models are more realistic than standard and alternative network traffic generation\textasciitildemethods.

Kulik, T., Tran-Jørgensen, P. W. V., Boudjadar, J., Schultz, C..  2018.  A Framework for Threat-Driven Cyber Security Verification of IoT Systems. 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :89-97.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

Pournaras, E., Ballandies, M., Acharya, D., Thapa, M., Brandt, B..  2018.  Prototyping Self-Managed Interdependent Networks - Self-Healing Synergies against Cascading Failures. 2018 IEEE/ACM 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS). :119–129.
The interconnection of networks between several techno-socio-economic sectors such as energy, transport, and communication, questions the manageability and resilience of the digital society. System interdependencies alter the fundamental dynamics that govern isolated systems, which can unexpectedly trigger catastrophic instabilities such as cascading failures. This paper envisions a general-purpose, yet simple prototyping of self-management software systems that can turn system interdependencies from a cause of instability to an opportunity for higher resilience. Such prototyping proves to be challenging given the highly interdisciplinary scope of interdependent networks. Different system dynamics and organizational constraints such as the distributed nature of interdependent networks or the autonomy and authority of system operators over their controlled infrastructure perplex the design for a general prototyping approach, which earlier work has not yet addressed. This paper contributes such a modular design solution implemented as an open source software extension of SFINA, the Simulation Framework for Intelligent Network Adaptations. The applicability of the software artifact is demonstrated with the introduction of a novel self-healing mechanism for interdependent power networks, which optimizes power flow exchanges between a damaged and a healer network to mitigate power cascading failures. Results show a significant decrease in the damage spread by self-healing synergies, while the degree of interconnectivity between the power networks indicates a tradeoff between links survivability and load served. The contributions of this paper aspire to bring closer several research communities working on modeling and simulation of different domains with an economic and societal impact on the resilience of real-world interdependent networks.
Ramadan, Q., Salnitriy, M., Strüber, D., Jürjens, J., Giorgini, P..  2017.  From Secure Business Process Modeling to Design-Level Security Verification. 2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS). :123–133.

Tracing and integrating security requirements throughout the development process is a key challenge in security engineering. In socio-technical systems, security requirements for the organizational and technical aspects of a system are currently dealt with separately, giving rise to substantial misconceptions and errors. In this paper, we present a model-based security engineering framework for supporting the system design on the organizational and technical level. The key idea is to allow the involved experts to specify security requirements in the languages they are familiar with: business analysts use BPMN for procedural system descriptions; system developers use UML to design and implement the system architecture. Security requirements are captured via the language extensions SecBPMN2 and UMLsec. We provide a model transformation to bridge the conceptual gap between SecBPMN2 and UMLsec. Using UMLsec policies, various security properties of the resulting architecture can be verified. In a case study featuring an air traffic management system, we show how our framework can be practically applied.

Rotella, P., Chulani, S..  2017.  Predicting Release Reliability. 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :39–46.

Customers need to know how reliable a new release is, and whether or not the new release has substantially different, either better or worse, reliability than the one currently in production. Customers are demanding quantitative evidence, based on pre-release metrics, to help them decide whether or not to upgrade (and thereby offer new features and capabilities to their customers). Finding ways to estimate future reliability performance is not easy - we have evaluated many prerelease development and test metrics in search of reliability predictors that are sufficiently accurate and also apply to a broad range of software products. This paper describes a successful model that has resulted from these efforts, and also presents both a functional extension and a further conceptual simplification of the extended model that enables us to better communicate key release information to internal stakeholders and customers, without sacrificing predictive accuracy or generalizability. Work remains to be done, but the results of the original model, the extended model, and the simplified version are encouraging and are currently being applied across a range of products and releases. To evaluate whether or not these early predictions are accurate, and also to compare releases that are available to customers, we use a field software reliability assessment mechanism that incorporates two types of customer experience metrics: field bug encounters normalized by usage, and field bug counts, also normalized by usage. Our 'release-overrelease' strategy combines the 'maturity assessment' component (i.e., estimating reliability prior to release to the field) and the 'reliability assessment' component (i.e., gauging actual reliability after release to the field). This overall approach enables us to both predict reliability and compare reliability results for recent releases for a product.

Noureddine, M. A., Marturano, A., Keefe, K., Bashir, M., Sanders, W. H..  2017.  Accounting for the Human User in Predictive Security Models. 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing (PRDC). :329–338.

Given the growing sophistication of cyber attacks, designing a perfectly secure system is not generally possible. Quantitative security metrics are thus needed to measure and compare the relative security of proposed security designs and policies. Since the investigation of security breaches has shown a strong impact of human errors, ignoring the human user in computing these metrics can lead to misleading results. Despite this, and although security researchers have long observed the impact of human behavior on system security, few improvements have been made in designing systems that are resilient to the uncertainties in how humans interact with a cyber system. In this work, we develop an approach for including models of user behavior, emanating from the fields of social sciences and psychology, in the modeling of systems intended to be secure. We then illustrate how one of these models, namely general deterrence theory, can be used to study the effectiveness of the password security requirements policy and the frequency of security audits in a typical organization. Finally, we discuss the many challenges that arise when adopting such a modeling approach, and then present our recommendations for future work.

Mitchell, R., Walkup, E..  2017.  Further refinements to the foundations of cyber zone defense. MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). :823–828.

Sophisticated cyber attacks by state-sponsored and criminal actors continue to plague government and industrial infrastructure. Intuitively, partitioning cyber systems into survivable, intrusion tolerant compartments is a good idea. This prevents witting and unwitting insiders from moving laterally and reaching back to their command and control (C2) servers. However, there is a lack of artifacts that can predict the effectiveness of this approach in a realistic setting. We extend earlier work by relaxing simplifying assumptions and providing a new attacker-facing metric. In this article, we propose new closed-form mathematical models and a discrete time simulation to predict three critical statistics: probability of compromise, probability of external host compromise and probability of reachback. The results of our new artifacts agree with one another and with previous work, which suggests they are internally valid and a viable method to evaluate the effectiveness of cyber zone defense.

Pan, X., Yang, Y., Zhang, G., Zhang, B..  2017.  Resilience-based optimization of recovery strategies for network systems. 2017 Second International Conference on Reliability Systems Engineering (ICRSE). :1–6.

Network systems, such as transportation systems and water supply systems, play important roles in our daily life and industrial production. However, a variety of disruptive events occur during their life time, causing a series of serious losses. Due to the inevitability of disruption, we should not only focus on improving the reliability or the resistance of the system, but also pay attention to the ability of the system to response timely and recover rapidly from disruptive events. That is to say we need to pay more attention to the resilience. In this paper, we describe two resilience models, quotient resilience and integral resilience, to measure the final recovered performance and the performance cumulative process during recovery respectively. Based on these two models, we implement the optimization of the system recovery strategies after disruption, focusing on the repair sequence of the damaged components and the allocation scheme of resource. The proposed research in this paper can serve as guidance to prioritize repair tasks and allocate resource reasonably.

Athinaiou, M..  2017.  Cyber security risk management for health-based critical infrastructures. 2017 11th International Conference on Research Challenges in Information Science (RCIS). :402–407.

This brief paper reports on an early stage ongoing PhD project in the field of cyber-physical security in health care critical infrastructures. The research overall aims to develop a methodology that will increase the ability of secure recovery of health critical infrastructures. This ambitious or reckless attempt, as it is currently at an early stage, in this paper, tries to answer why cyber-physical security for health care infrastructures is important and of scientific interest. An initial PhD project methodology and expected outcomes are also discussed. The report concludes with challenges that emerge and possible future directions.

Atighetchi, Michael, Simidchieva, Borislava, Carvalho, Marco, Last, David.  2016.  Experimentation Support for Cyber Security Evaluations. Proceedings of the 11th Annual Cyber and Information Security Research Conference. :5:1–5:7.
To improve the information assurance of mission execution over modern IT infrastructure, new cyber defenses need to not only provide security benefits, but also perform within a given cost regime. Current approaches for validating and integrating cyber defenses heavily rely on manual trial-and-error, without a clear and systematic understanding of security versus cost tradeoffs. Recent work on model-based analysis of cyber defenses has led to quantitative measures of the attack surface of a distributed system hosting mission critical applications. These metrics show great promise, but the cost of manually creating the underlying models is an impediment to their wider adoption. This paper describes an experimentation framework for automating multiple activities associated with model construction and validation, including creating ontological system models from real systems, measuring and recording distributions of resource impact and end-to-end performance overhead values, executing real attacks to validate theoretic attack vectors found through analytic reasoning, and creating and managing multi-variable experiments.
Taylor, Joshua, Zaffarano, Kara, Koller, Ben, Bancroft, Charlie, Syversen, Jason.  2016.  Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks. Proceedings of the 2016 ACM Workshop on Moving Target Defense. :129–134.

In this paper, we describe the results of several experiments designed to test two dynamic network moving target defenses against a propagating data exfiltration attack. We designed a collection of metrics to assess the costs to mission activities and the benefits in the face of attacks and evaluated the impacts of the moving target defenses in both areas. Experiments leveraged Siege's Cyber-Quantification Framework to automatically provision the networks used in the experiment, install the two moving target defenses, collect data, and analyze the results. We identify areas in which the costs and benefits of the two moving target defenses differ, and note some of their unique performance characteristics.

Kang, Eunsuk, Milicevic, Aleksandar, Jackson, Daniel.  2016.  Multi-representational Security Analysis. Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. :181–192.

Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems.

Spring, J., Kern, S., Summers, A..  2015.  Global adversarial capability modeling. 2015 APWG Symposium on Electronic Crime Research (eCrime). :1–21.

Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.

Orojloo, H., Azgomi, M. A..  2015.  Evaluating the complexity and impacts of attacks on cyber-physical systems. 2015 CSI Symposium on Real-Time and Embedded Systems and Technologies (RTEST). :1–8.

In this paper, a new method for quantitative evaluation of the security of cyber-physical systems (CPSs) is proposed. The proposed method models the different classes of adversarial attacks against CPSs, including cross-domain attacks, i.e., cyber-to-cyber and cyber-to-physical attacks. It also takes the secondary consequences of attacks on CPSs into consideration. The intrusion process of attackers has been modeled using attack graph and the consequence estimation process of the attack has been investigated using process model. The security attributes and the special parameters involved in the security analysis of CPSs, have been identified and considered. The quantitative evaluation has been done using the probability of attacks, time-to-shutdown of the system and security risks. The validation phase of the proposed model is performed as a case study by applying it to a boiling water power plant and estimating the suitable security measures.

Ken Keefre, University of Illinolis at Urbana-Champaing, William H. Sanders, University of Illinois at Urbana-Champaign.  2015.  Reliability Analysis with Dynamic Reliability Block Diagrams in the Mobius Modeling Tool. 9th EAI International Conference on Performance Evaluation Methodologies and Tools (VALUETOOLS 2015).

Reliability block diagram (RBD) models are a commonly used reliability analysis method. For static RBD models, combinatorial solution techniques are easy and efficient. However, static RBDs are limited in their ability to express varying system state, dependent events, and non-series-parallel topologies. A recent extension to RBDs, called Dynamic Reliability Block Diagrams (DRBD), has eliminated those limitations. This tool paper details the RBD implementation in the M¨obius modeling framework and provides technical details for using RBDs independently or in composition with other M¨obius modeling formalisms. The paper explains how the graphical front-end provides a user-friendly interface for specifying RBD models. The back-end implementation that interfaces with the M¨obius AFI to define and generate executable models that the M¨obius tool uses to evaluate system metrics is also detailed.

Ignacio X. Dominguez, Jayant Dhawan, Robert St. Amant, David L. Roberts.  In Press.  Exploring the Effects of Different Text Stimuli on Typing Behavior. International Conference on Cognitive Modeling.

In this work we explore how different cognitive processes af- fected typing patterns through a computer game we call The Typing Game. By manipulating the players’ familiarity with the words in our game through their similarity to dictionary words, and by allowing some players to replay rounds, we found that typing speed improves with familiarity with words, and also with practice, but that these are independent of the number of mistakes that are made when typing. We also found that users who had the opportunity to replay rounds exhibited different typing patterns even before replaying the rounds. 

Goncalo Martins, Sajal Bhatia, Xenofon Kousoukos, Keith Stouffer, CheeYee Tang, Richard Candell.  2015.  Towards a Systematic Threat Modeling Approach for Cyber-physical Systems. 2nd National Symposium on Resilient Critical Infrastructure (ISRCS 2015).

Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of attacks. In this paper, it is argued that an effective approach to achieve this goal is to systematically identify the potential threats at the design phase of building such systems, commonly achieved via threat modeling. In this context, a tool to perform systematic analysis of threat modeling for CPS is proposed. A real-world wireless railway temperature monitoring system is used as a case study to validate the proposed approach. The threats identified in the system are subsequently mitigated using National Institute of Standards and Technology (NIST) standards.

Alrabaee, S., Bataineh, A., Khasawneh, F.A., Dssouli, R..  2014.  Using model checking for Trivial File Transfer Protocol validation. Communications and Networking (ComNet), 2014 International Conference on. :1-7.

This paper presents verification and model based checking of the Trivial File Transfer Protocol (TFTP). Model checking is a technique for software verification that can detect concurrency defects within appropriate constraints by performing an exhaustive state space search on a software design or implementation and alert the implementing organization to potential design deficiencies that are otherwise difficult to be discovered. The TFTP is implemented on top of the Internet User Datagram Protocol (UDP) or any other datagram protocol. We aim to create a design model of TFTP protocol, with adding window size, using Promela to simulate it and validate some specified properties using spin. The verification has been done by using the model based checking tool SPIN which accepts design specification written in the verification language PROMELA. The results show that TFTP is free of live locks.