Visible to the public Biblio

Found 1012 results

Filters: First Letter Of Title is C  [Clear All Filters]
A B [C] D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
C
Vegh, Laura.  2018.  Cyber-physical systems security through multi-factor authentication and data analytics. 2018 IEEE International Conference on Industrial Technology (ICIT). :1369–1374.
We are living in a society where technology is present everywhere we go. We are striving towards smart homes, smart cities, Internet of Things, Internet of Everything. Not so long ago, a password was all you needed for secure authentication. Nowadays, even the most complicated passwords are not considered enough. Multi-factor authentication is gaining more and more terrain. Complex system may also require more than one solution for real, strong security. The present paper proposes a framework based with MFA as a basis for access control and data analytics. Events within a cyber-physical system are processed and analyzed in an attempt to detect, prevent and mitigate possible attacks.
Paridari, Kaveh, El-Din Mady, Alie, La Porta, Silvio, Chabukswar, Rohan, Blanco, Jacobo, Teixeira, André, Sandberg, Henrik, Boubekeur, Menouer.  2016.  Cyber-physical-security Framework for Building Energy Management System. Proceedings of the 7th International Conference on Cyber-Physical Systems. :18:1–18:9.

Energy management systems (EMS) are used to control energy usage in buildings and campuses, by employing technologies such as supervisory control and data acquisition (SCADA) and building management systems (BMS), in order to provide reliable energy supply and maximise user comfort while minimising energy usage. Historically, EMS systems were installed when potential security threats were only physical. Nowadays, EMS systems are connected to the building network and as a result directly to the outside world. This extends the attack surface to potential sophisticated cyber-attacks, which adversely impact EMS operation, resulting in service interruption and downstream financial implications. Currently, the security systems that detect attacks operate independently to those which deploy resiliency policies and use very basic methods. We propose a novel EMS cyber-physical-security framework that executes a resilient policy whenever an attack is detected using security analytics. In this framework, both the resilient policy and the security analytics are driven by EMS data, where the physical correlations between the data-points are identified to detect outliers and then the control loop is closed using an estimated value in place of the outlier. The framework has been tested using a reduced order model of a real EMS site.

Bertino, E., Kantarcioglu, M..  2017.  A Cyber-Provenance Infrastructure for Sensor-Based Data-Intensive Applications. 2017 IEEE International Conference on Information Reuse and Integration (IRI). :108–114.

Summary form only given. Strong light-matter coupling has been recently successfully explored in the GHz and THz [1] range with on-chip platforms. New and intriguing quantum optical phenomena have been predicted in the ultrastrong coupling regime [2], when the coupling strength Ω becomes comparable to the unperturbed frequency of the system ω. We recently proposed a new experimental platform where we couple the inter-Landau level transition of an high-mobility 2DEG to the highly subwavelength photonic mode of an LC meta-atom [3] showing very large Ω/ωc = 0.87. Our system benefits from the collective enhancement of the light-matter coupling which comes from the scaling of the coupling Ω ∝ √n, were n is the number of optically active electrons. In our previous experiments [3] and in literature [4] this number varies from 104-103 electrons per meta-atom. We now engineer a new cavity, resonant at 290 GHz, with an extremely reduced effective mode surface Seff = 4 × 10-14 m2 (FE simulations, CST), yielding large field enhancements above 1500 and allowing to enter the few (textless;100) electron regime. It consist of a complementary metasurface with two very sharp metallic tips separated by a 60 nm gap (Fig.1(a, b)) on top of a single triangular quantum well. THz-TDS transmission experiments as a function of the applied magnetic field reveal strong anticrossing of the cavity mode with linear cyclotron dispersion. Measurements for arrays of only 12 cavities are reported in Fig.1(c). On the top horizontal axis we report the number of electrons occupying the topmost Landau level as a function of the magnetic field. At the anticrossing field of B=0.73 T we measure approximately 60 electrons ultra strongly coupled (Ω/ω- textbartextbar

Grushka - Cohen, Hagit, Sofer, Oded, Biller, Ofer, Shapira, Bracha, Rokach, Lior.  2016.  CyberRank: Knowledge Elicitation for Risk Assessment of Database Security. Proceedings of the 25th ACM International on Conference on Information and Knowledge Management. :2009–2012.
Security systems for databases produce numerous alerts about anomalous activities and policy rule violations. Prioritizing these alerts will help security personnel focus their efforts on the most urgent alerts. Currently, this is done manually by security experts that rank the alerts or define static risk scoring rules. Existing solutions are expensive, consume valuable expert time, and do not dynamically adapt to changes in policy. Adopting a learning approach for ranking alerts is complex due to the efforts required by security experts to initially train such a model. The more features used, the more accurate the model is likely to be, but this will require the collection of a greater amount of user feedback and prolong the calibration process. In this paper, we propose CyberRank, a novel algorithm for automatic preference elicitation that is effective for situations with limited experts' time and outperforms other algorithms for initial training of the system. We generate synthetic examples and annotate them using a model produced by Analytic Hierarchical Processing (AHP) to bootstrap a preference learning algorithm. We evaluate different approaches with a new dataset of expert ranked pairs of database transactions, in terms of their risk to the organization. We evaluated using manual risk assessments of transaction pairs, CyberRank outperforms all other methods for cold start scenario with error reduction of 20%.
Farzan, F., Jafari, M.A., Wei, D., Lu, Y..  2014.  Cyber-related risk assessment and critical asset identification in power grids. Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES. :1-5.

This paper proposes a methodology to assess cyber-related risks and to identify critical assets both at power grid and substation levels. The methodology is based on a two-pass engine model. The first pass engine is developed to identify the most critical substation(s) in a power grid. A mixture of Analytical hierarchy process (AHP) and (N-1) contingent analysis is used to calculate risks. The second pass engine is developed to identify risky assets within a substation and improve the vulnerability of a substation against the intrusion and malicious acts of cyber hackers. The risk methodology uniquely combines asset reliability, vulnerability and costs of attack into a risk index. A methodology is also presented to improve the overall security of a substation by optimally placing security agent(s) on the automation system.
 

Farzan, F., Jafari, M.A., Wei, D., Lu, Y..  2014.  Cyber-related risk assessment and critical asset identification in power grids. Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES. :1-5.

This paper proposes a methodology to assess cyber-related risks and to identify critical assets both at power grid and substation levels. The methodology is based on a two-pass engine model. The first pass engine is developed to identify the most critical substation(s) in a power grid. A mixture of Analytical hierarchy process (AHP) and (N-1) contingent analysis is used to calculate risks. The second pass engine is developed to identify risky assets within a substation and improve the vulnerability of a substation against the intrusion and malicious acts of cyber hackers. The risk methodology uniquely combines asset reliability, vulnerability and costs of attack into a risk index. A methodology is also presented to improve the overall security of a substation by optimally placing security agent(s) on the automation system.

Farzan, F., Jafari, M.A., Wei, D., Lu, Y..  2014.  Cyber-related risk assessment and critical asset identification in power grids. Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES. :1-5.

This paper proposes a methodology to assess cyber-related risks and to identify critical assets both at power grid and substation levels. The methodology is based on a two-pass engine model. The first pass engine is developed to identify the most critical substation(s) in a power grid. A mixture of Analytical hierarchy process (AHP) and (N-1) contingent analysis is used to calculate risks. The second pass engine is developed to identify risky assets within a substation and improve the vulnerability of a substation against the intrusion and malicious acts of cyber hackers. The risk methodology uniquely combines asset reliability, vulnerability and costs of attack into a risk index. A methodology is also presented to improve the overall security of a substation by optimally placing security agent(s) on the automation system.

Segovia, Mariana, Rubio-Hernan, Jose, Cavalli, Ana R., Garcia-Alfaro, Joaquin.  2020.  Cyber-Resilience Evaluation of Cyber-Physical Systems. 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA). :1—8.
Cyber-Physical Systems (CPS) use computational resources to control physical processes and provide critical services. For this reason, an attack in these systems may have dangerous consequences in the physical world. Hence, cyber- resilience is a fundamental property to ensure the safety of the people, the environment and the controlled physical processes. In this paper, we present metrics to quantify the cyber-resilience level based on the design, structure, stability, and performance under the attack of a given CPS. The metrics provide reference points to evaluate whether the system is better prepared or not to face the adversaries. This way, it is possible to quantify the ability to recover from an adversary using its mathematical model based on actuators saturation. Finally, we validate our approach using a numeric simulation on the Tennessee Eastman control challenge problem.
Kim, C..  2016.  Cyber-resilient industrial control system with diversified architecture and bus monitoring. 2016 World Congress on Industrial Control Systems Security (WCICSS). :1–6.

This paper focuses on exploitable cyber vulnerabilities in industrial control systems (ICS) and on a new approach of resiliency against them. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of cyber-attacks for ICS is impossible. Countering the impact and consequence of possible malfunctions caused by such attacks in the safety-critical ICS's, this paper proposes new controller architecture to fail-operate even under compromised situations. The proposed new ICS is realized with diversification of hardware/software and unidirectional communication in alerting suspicious infiltration to upper-level management. Equipped with control bus monitoring, this operation-basis approach of infiltration detection would become a truly cyber-resilient ICS. The proposed system is tested in a lab hardware experimentation setup and on a cybersecurity test bed, DeterLab, for validation.

Bidram, Ali, Damodaran, Lakshmisree, Fierro, Rafael.  2019.  Cybersecure Distributed Voltage Control of AC Microgrids. 2019 IEEE/IAS 55th Industrial and Commercial Power Systems Technical Conference (I CPS). :1—6.

In this paper, the cybersecurity of distributed secondary voltage control of AC microgrids is addressed. A resilient approach is proposed to mitigate the negative impacts of cyberthreats on the voltage and reactive power control of Distributed Energy Resources (DERs). The proposed secondary voltage control is inspired by the resilient flocking of a mobile robot team. This approach utilizes a virtual time-varying communication graph in which the quality of the communication links is virtualized and determined based on the synchronization behavior of DERs. The utilized control protocols on DERs ensure that the connectivity of the virtual communication graph is above a specific resilience threshold. Once the resilience threshold is satisfied the Weighted Mean Subsequence Reduced (WMSR) algorithm is applied to satisfy voltage restoration in the presence of malicious adversaries. A typical microgrid test system including 6 DERs is simulated to verify the validity of proposed resilient control approach.

Rubin, S. H., Grefe, W. K., Bouabana-Tebibel, T., Chen, S. C., Shyu, M. L., Simonsen, K. S..  2017.  Cyber-Secure UAV Communications Using Heuristically Inferred Stochastic Grammars and Hard Real-Time Adaptive Waveform Synthesis and Evolution. 2017 IEEE International Conference on Information Reuse and Integration (IRI). :9–15.
Summary form only given. Strong light-matter coupling has been recently successfully explored in the GHz and THz [1] range with on-chip platforms. New and intriguing quantum optical phenomena have been predicted in the ultrastrong coupling regime [2], when the coupling strength Ω becomes comparable to the unperturbed frequency of the system ω. We recently proposed a new experimental platform where we couple the inter-Landau level transition of an high-mobility 2DEG to the highly subwavelength photonic mode of an LC meta-atom [3] showing very large Ω/ωc = 0.87. Our system benefits from the collective enhancement of the light-matter coupling which comes from the scaling of the coupling Ω ∝ √n, were n is the number of optically active electrons. In our previous experiments [3] and in literature [4] this number varies from 104-103 electrons per meta-atom. We now engineer a new cavity, resonant at 290 GHz, with an extremely reduced effective mode surface Seff = 4 × 10-14 m2 (FE simulations, CST), yielding large field enhancements above 1500 and allowing to enter the few (\textbackslashtextless;100) electron regime. It consist of a complementary metasurface with two very sharp metallic tips separated by a 60 nm gap (Fig.1(a, b)) on top of a single triangular quantum well. THz-TDS transmission experiments as a function of the applied magnetic field reveal strong anticrossing of the cavity mode with linear cyclotron dispersion. Measurements for arrays of only 12 cavities are reported in Fig.1(c). On the top horizontal axis we report the number of electrons occupying the topmost Landau level as a function of the magnetic field. At the anticrossing field of B=0.73 T we measure approximately 60 electrons ultra strongly coupled (Ω/ω- \textbackslashtextbar\textbackslashtextbar
Javid, T., Faris, M., Beenish, H., Fahad, M..  2020.  Cybersecurity and Data Privacy in the Cloudlet for Preliminary Healthcare Big Data Analytics. 2020 International Conference on Computing and Information Technology (ICCIT-1441). :1—4.

In cyber physical systems, cybersecurity and data privacy are among most critical considerations when dealing with communications, processing, and storage of data. Geospatial data and medical data are examples of big data that require seamless integration with computational algorithms as outlined in Industry 4.0 towards adoption of fourth industrial revolution. Healthcare Industry 4.0 is an application of the design principles of Industry 4.0 to the medical domain. Mobile applications are now widely used to accomplish important business functions in almost all industries. These mobile devices, however, are resource poor and proved insufficient for many important medical applications. Resource rich cloud services are used to augment poor mobile device resources for data and compute intensive applications in the mobile cloud computing paradigm. However, the performance of cloud services is undesirable for data-intensive, latency-sensitive mobile applications due increased hop count between the mobile device and the cloud server. Cloudlets are virtual machines hosted in server placed nearby the mobile device and offer an attractive alternative to the mobile cloud computing in the form of mobile edge computing. This paper outlines cybersecurity and data privacy aspects for communications of measured patient data from wearable wireless biosensors to nearby cloudlet host server in order to facilitate the cloudlet based preliminary and essential complex analytics for the medical big data.

Munindar P. Singh.  2015.  Cybersecurity as an Application Domain for Multiagent Systems. Proceedings of the 14th International Conference on Autonomous Agents and MultiAgent Systems (AAMAS).

The science of cybersecurity has recently been garnering much attention among researchers and practitioners dissatisfied with the ad hoc nature of much of the existing work on cybersecurity. Cybersecurity offers a great opportunity for multiagent systems research.  We motivate cybersecurity as an application area for multiagent systems with an emphasis on normative multiagent systems. First, we describe ways in which multiagent systems could help advance our understanding of cybersecurity and provide a set of principles that could serve as a foundation for a new science of cybersecurity. Second, we argue how paying close attention to the challenges of cybersecurity could expose the limitations of current research in multiagent systems, especially with respect to dealing with considerations of autonomy and interdependence.

Stange, M., Tang, C., Tucker, C., Servine, C., Geissler, M..  2019.  Cybersecurity Associate Degree Program Curriculum. 2019 IEEE International Symposium on Technologies for Homeland Security (HST). :1—5.

The spotlight is on cybersecurity education programs to develop a qualified cybersecurity workforce to meet the demand of the professional field. The ACM CCECC (Committee for Computing Education in Community Colleges) is leading the creation of a set of guidelines for associate degree cybersecurity programs called Cyber2yr, formerly known as CSEC2Y. A task force of community college educators have created a student competency focused curriculum that will serve as a global cybersecurity guide for applied (AAS) and transfer (AS) degree programs to develop a knowledgeable and capable associate level cybersecurity workforce. Based on the importance of the Cyber2yr work; ABET a nonprofit, non-governmental agency that accredits computing programs has created accreditation criteria for two-year cybersecurity programs.

Ogundokun, A., Zavarsky, P., Swar, B..  2018.  Cybersecurity assurance control baselining for smart grid communication systems. 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS). :1–6.

Cybersecurity assurance plays an important role in managing trust in smart grid communication systems. In this paper, cybersecurity assurance controls for smart grid communication networks and devices are delineated from the more technical functional controls to provide insights on recent innovative risk-based approaches to cybersecurity assurance in smart grid systems. The cybersecurity assurance control baselining presented in this paper is based on requirements and guidelines of the new family of IEC 62443 standards on network and systems security of industrial automation and control systems. The paper illustrates how key cybersecurity control baselining and tailoring concepts of the U.S. NIST SP 800-53 can be adopted in smart grid security architecture. The paper outlines the application of IEC 62443 standards-based security zoning and assignment of security levels to the zones in smart grid system architectures. To manage trust in the smart grid system architecture, cybersecurity assurance base lining concepts are applied per security impact levels. Selection and justification of security assurance controls presented in the paper is utilizing the approach common in Security Technical Implementation Guides (STIGs) of the U.S. Defense Information Systems Agency. As shown in the paper, enhanced granularity for managing trust both on the overall system and subsystem levels of smart grid systems can be achieved by implementation of the instructions of the CNSSI 1253 of the U.S. Committee of National Security Systems on security categorization and control selection for national security systems.

Shah, P. R., Agarwal, A..  2020.  Cybersecurity Behaviour of Smartphone Users Through the Lens of Fogg Behaviour Model. 2020 3rd International Conference on Communication System, Computing and IT Applications (CSCITA). :79—82.

It is now a fact that human is the weakest link in the cybersecurity chain. Many theories from behavioural science like the theory of planned behaviour and protection motivation theory have been used to investigate the factors that affect the cybersecurity behaviour and practices of the end-user. In this paper, the researchers have used Fogg behaviour model (FBM) to study factors affecting the cybersecurity behaviour and practices of smartphone users. This study found that the odds of secure behaviour and practices by respondents with high motivation and high ability were 4.64 times more than the respondents with low motivation and low ability. This study describes how FBM may be used in the design and development of cybersecurity awareness program leading to a behaviour change.

Choejey, P., Fung, Chun Che, Wong, Kok Wai, Murray, D., Sonam, D..  2015.  Cybersecurity challenges for Bhutan. 2015 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). :1–5.

Information and Communications Technologies (ICTs), especially the Internet, have become a key enabler for government organisations, businesses and individuals. With increasing growth in the adoption and use of ICT devices such as smart phones, personal computers and the Internet, Cybersecurity is one of the key concerns facing modern organisations in both developed and developing countries. This paper presents an overview of cybersecurity challenges in Bhutan, within the context that the nation is emerging as an ICT developing country. This study examines the cybersecurity incidents reported both in national media and government reports, identification and analysis of different types of cyber threats, understanding of the characteristics and motives behind cyber-attacks, and their frequency of occurrence since 1999. A discussion on an ongoing research study to investigate cybersecurity management and practices for Bhutan's government organisations is also highlighted.

Ionita, Drd. Irene.  2019.  Cybersecurity concerns on real time monitoring in electrical transmission and distribution systems (SMART GRIDS). 2019 54th International Universities Power Engineering Conference (UPEC). :1–4.
The virtual world does not observe national borders, has no uniform legal system, and does not have a common perception of security and privacy issues. It is however, relatively homogenous in terms of technology.A cyberattack on an energy delivery system can have significant impacts on the availability of a system to perform critical functions as well as the integrity of the system and the confidentiality of sensitive information.
Xu, Shouhuai.  2014.  Cybersecurity Dynamics. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :14:1–14:2.

We explore the emerging field of Cybersecurity Dynamics, a candidate foundation for the Science of Cybersecurity.

Rajamäki, J., Nevmerzhitskaya, J., Virág, C..  2018.  Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF). 2018 IEEE Global Engineering Education Conference (EDUCON). :2042—2046.

Healthcare is a vital component of every nation's critical infrastructure, yet it is one of the most vulnerable sector for cyber-attacks. To enforce the knowledge on information security processes and data protection procedures, educational and training schemes should be establishedfor information technology (IT) staff working in healthcare settings. However, only training IT staff is not enough, as many of cybersecurity threats are caused by human errors or lack of awareness. Current awareness and training schemes are often implemented in silos, concentrating on one aspect of cybersecurity at a time. Proactive Resilience Educational Framework (Prosilience EF) provides a holistic cyber resilience and security framework for developing and delivering a multilateral educational and training scheme based on a proactive approach to cybersecurity. The framework is built on the principle that education and training must be interactive, guided, meaningful and directly relevant to the user' operational environment. The framework addresses capacity mapping, cyber resilience level measuring, utilizing available and mapping missing resources, adaptive learning technologies and dynamic content delivery. Prosilience EF launches an iterative process of awareness and training development with relevant stakeholders (end users - hospitals, healthcare authorities, cybersecurity training providers, industry members), evaluating the framework via joint exercises/workshops andfurther developing the framework.

Lukowiak, Marcin, Radziszowski, Stanisław, Vallino, James, Wood, Christopher.  2014.  Cybersecurity Education: Bridging the Gap Between Hardware and Software Domains. Trans. Comput. Educ.. 14:2:1–2:20.

With the continuous growth of cyberinfrastructure throughout modern society, the need for secure computing and communication is more important than ever before. As a result, there is also an increasing need for entry-level developers who are capable of designing and building practical solutions for systems with stringent security requirements. This calls for careful attention to algorithm choice and implementation method, as well as trade-offs between hardware and software implementations. This article describes motivation and efforts taken by three departments at Rochester Institute of Technology (Computer Engineering, Computer Science, and Software Engineering) that were focused on creating a multidisciplinary course that integrates the algorithmic, engineering, and practical aspects of security as exemplified by applied cryptography. In particular, the article presents the structure of this new course, topics covered, lab tools and results from the first two spring quarter offerings in 2011 and 2012.

Thomas, L. J., Balders, M., Countney, Z., Zhong, C., Yao, J., Xu, C..  2019.  Cybersecurity Education: From Beginners to Advanced Players in Cybersecurity Competitions. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :149—151.

Cybersecurity competitions have been shown to be an effective approach for promoting student engagement through active learning in cybersecurity. Players can gain hands-on experience in puzzle-based or capture-the-flag type tasks that promote learning. However, novice players with limited prior knowledge in cybersecurity usually found difficult to have a clue to solve a problem and get frustrated at the early stage. To enhance student engagement, it is important to study the experiences of novices to better understand their learning needs. To achieve this goal, we conducted a 4-month longitudinal case study which involves 11 undergraduate students participating in a college-level cybersecurity competition, National Cyber League (NCL) competition. The competition includes two individual games and one team game. Questionnaires and in-person interviews were conducted before and after each game to collect the players' feedback on their experience, learning challenges and needs, and information about their motivation, interests and confidence level. The collected data demonstrate that the primary concern going into these competitions stemmed from a lack of knowledge regarding cybersecurity concepts and tools. Players' interests and confidence can be increased by going through systematic training.

Schwab, Stephen, Kline, Erik.  2019.  Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :94–102.
Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.
Bertino, E., Hartman, N. W..  2015.  Cybersecurity for product lifecycle management a research roadmap. 2015 IEEE International Conference on Intelligence and Security Informatics (ISI). :114–119.

This paper introduces a research agenda focusing on cybersecurity in the context of product lifecycle management. The paper discusses research directions on critical protection techniques, including protection techniques from insider threat, access control systems, secure supply chains and remote 3D printing, compliance techniques, and secure collaboration techniques. The paper then presents an overview of DBSAFE, a system for protecting data from insider threat.