Biblio

Filters: Author is Abbas, H.  [Clear All Filters]
2021-03-30
Abbas, H., Suguri, H., Yan, Z., Allen, W., Hei, X. S..  2020.  IEEE Access Special Section: Security Analytics and Intelligence for Cyber Physical Systems. IEEE Access. 8:208195—208198.

A Cyber Physical System (CPS) is a smart network system with actuators, embedded sensors, and processors to interact with the physical world by guaranteeing the performance and supporting real-time operations of safety critical applications. These systems drive innovation and are a source of competitive advantage in today’s challenging world. By observing the behavior of physical processes and activating actions, CPS can alter its behavior to make the physical environment perform better and more accurately. By definition, CPS basically has two major components including cyber systems and physical processes. Examples of CPS include autonomous transportation systems, robotics systems, medical monitoring, automatic pilot avionics, and smart grids. Advances in CPS will empower scalability, capability, usability, and adaptability, which will go beyond the simple systems of today. At the same time, CPS has also increased cybersecurity risks and attack surfaces. Cyber attackers can harm such systems from multiple sources while hiding their identities. As a result of sophisticated threat matrices, insufficient knowledge about threat patterns, and industrial network automation, CPS has become extremely insecure. Since such infrastructure is networked, attacks can be prompted easily without much human participation from remote locations, thereby making CPS more vulnerable to sophisticated cyber-attacks. In turn, large-scale data centers managing a huge volume of CPS data become vulnerable to cyber-attacks. To secure CPS, the role of security analytics and intelligence is significant. It brings together huge amounts of data to create threat patterns, which can be used to prevent cyber-attacks in a timely fashion. The primary objective of this Special Section in IEEE A CCESS is to collect a complementary and diverse set of articles, which demonstrate up-to-date information and innovative developments in the domain of security analytics and intelligence for CPS.

2021-01-28
Siddiquie, K., Shafqat, N., Masood, A., Abbas, H., Shahid, W. b.  2020.  Profiling Vulnerabilities Threatening Dual Persona in Android Framework. 2019 International Conference on Advances in the Emerging Computing Technologies (AECT). :1—6.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

2018-05-09
Javed, B., Iqbal, M. W., Abbas, H..  2017.  Internet of things (IoT) design considerations for developers and manufacturers. 2017 IEEE International Conference on Communications Workshops (ICC Workshops). :834–839.

IoT (Internet of Things) is a network of interconnected devices, designed to collect and exchange data which can then turn it into information, eventually into wisdom. IoT is a region where digital world converges with physical world. With the evolution of IoT, it is expected to create substantial impact on human lives. IoT ecosystem produces and exchanges sizeable data due to which IoT becomes an attractive target for adversary. The large-scale interconnectivity leads to various potential risk related to information security. Security assurance in IoT ecosystem is one of the major challenges to address. In this context, embedded security becomes a key issue in IoT devices which are constrained in terms of processing, power, memory and bandwidth. The focus of this paper is on the recommended design considerations for constrained IoT devices with the objective to achieve security by default. Considering established set of protocols along with best practices during design and development stage can address majority of security challenges.