Biblio

Cyber-Physical Power System (CPPS) is one of the most critical infrastructure systems due to deep integration between power grids and communication networks. In the power system, cascading failure is spreading more readily in CPPS, even leading to blackouts as well as there are new difficulties with the power system security simulation and faults brought by physical harm or network intrusions. The current study summarized the cross- integration of several fields such as computer and cyberspace security in terms of the robustness of Cyber-Physical Systems, viewed as Interconnected and secure network systems. Therefore, the security events that significantly influenced the power system were evaluated in this study, besides the challenges and future directions of power system security simulation technologies were investigated for posing both challenges and opportunities for simulation techniques of power system security like building a new power system to accelerate the transformation of the existing energy system to a clean, low-carbon, safe, and efficient energy system which is used to assure power system stability through fusion systems that combine the cyber-physical to integrate the battery power station, power generation and renewable energy resources through the internet with the cyber system that contains Smart energy system control and attacks.

Connected Autonomous Vehicle (CAV) applications have shown the promise of transformative impact on road safety, transportation experience, and sustainability. However, they open large and complex attack surfaces: an adversary can corrupt sensory and communication inputs with catastrophic results. A key challenge in development of security solutions for CAV applications is the lack of effective infrastructure for evaluating such solutions. In this paper, we address the problem by designing an automated, flexible evaluation infrastructure for CAV security solutions. Our tool, CAVELIER, provides an extensible evaluation architecture for CAV security solutions against compromised communication and sensor channels. The tool can be customized for a variety of CAV applications and to target diverse usage models. We illustrate the framework with a number of case studies for security resiliency evaluation in Cooperative Adaptive Cruise Control (CACC).

The modern networking world is being exposed to many risks more frequently every day. Most of systems strongly rely on remaining anonymous throughout the whole endpoint exploitation process. Covert channels represent risk since they ex-ploit legitimate communications and network protocols to evade typical filtering. This firewall avoidance sees covert channels frequently used for malicious communication of intruders with systems they compromised, and thus a real threat to network security. While there are commercial tools to safeguard computer networks, novel applications such as automotive connectivity and V2X present new challenges. This paper focuses on the analysis of the recent ways of using covert channels and detecting them, but also on the state-of-the-art possibilities of protection against them. We investigate observing the timing covert channels behavior simulated via injected ICMP traffic into standard network communications. Most importantly, we concentrate on enhancing firewall with detection and prevention of such attack built-in features. The main contribution of the paper is design for detection timing covert channel threats utilizing detection methods based on statistical analysis. These detection methods are combined and implemented in one program as a simple host-based intrusion detection system (HIDS). As a result, the proposed design can analyze and detect timing covert channels, with the addition of taking preventive measures to block any future attempts to breach the security of an end device.

Automatic Identification System (AIS) plays a leading role in maritime navigation, traffic control, local and global maritime situational awareness. Today, the reliable and secure AIS operation is threatened by probable cyber attacks such as imitation of ghost vessels, false distress or security messages, or fake virtual aids-to-navigation. We propose a method for ensuring the authentication and integrity of AIS messages based on the use of the Message Authentication Code scheme and digital watermarking (WM) technology to organize an additional tag transmission channel. The method provides full compatibility with the existing AIS functionality.

Software-Defined Networking (SDN) can be a good option to support Industry 4.0 (4IR) and 5G wireless networks. SDN can also be a secure networking solution that improves the security, capability, and programmability in the networks. In this paper, we present and analyze an SDN-based security architecture for 4IR with 5G. SDN is used for increasing the level of security and reliability of the network by suitably dividing the whole network into data, control, and applications planes. The SDN control layer plays a beneficial role in 4IR with 5G scenarios by managing the data flow properly. We also evaluate the performance of the proposed architecture in terms of key parameters such as data transmission rate and response time.

While the existence of many security elements in software can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impact of individual elements to a system. However, in cyber security we often lack ground truth (i.e., the ability to directly measure significance). In this work we propose to solve this by leveraging human expert opinion to provide ground truth. Experts are iteratively asked to compare pairs of security elements to determine their relative significance. On the back end our knowledge encoding tool performs a form of binary insertion sort on a set of security elements using each expert as an oracle for the element comparisons. The tool not only sorts the elements (note that equality may be permitted), but it also records the strength or degree of each relationship. The output is a directed acyclic ‘constraint’ graph that provides a total ordering among the sets of equivalent elements. Multiple constraint graphs are then unified together to form a single graph that is used to generate a scoring or prioritization system.For our empirical study, we apply this domain-agnostic measurement approach to generate scoring/prioritization systems in the areas of vulnerability scoring, privacy control prioritization, and cyber security control evaluation.

With the development of urbanization, the number of vehicles is gradually increasing, and vehicles are gradually developing in the direction of intelligence. How to ensure that the data of intelligent vehicles is not tampered in the process of transmission to the cloud is the key problem of current research. Therefore, we have established a data security transmission system based on blockchain. First, we collect and filter vehicle data locally, and then use blockchain technology to transmit key data. Through the smart contract, the key data is automatically and accurately transmitted to the surrounding node vehicles, and the vehicles transmit data to each other to form a transaction and spread to the whole network. The node data is verified through the node data consensus protocol of intelligent vehicle data security transmission system, and written into the block to form a blockchain. Finally, the vehicle user can query the transaction record through the vehicle address. The results show that we can safely and accurately transmit and query vehicle data in the blockchain database.

Edge detection is the key and difficult point of machine vision and image processing technology. The traditional edge detection algorithm is sensitive to noise and it is difficult to accurately extract the edge of the image, so the effect of image processing is not ideal. To solve this problem, people in the industry use the structural element features of morphological edge detection operator to extract the edge features of the image by carefully designing and combining the structural elements of different sizes and directions, so as to effectively ensure the integrity of edge information in all directions and eliminate large noise at the same time. This paper first introduces the traditional edge detection algorithms, then summarizes the edge detection algorithms based on mathematical morphology in recent years, finds that the selection of multi-scale and multi-directional structural elements is an important research direction, and finally discusses the development trend of mathematical morphology edge detection technology.

With the rapid development of the Internet of Things (IoT), a large amount of data is exchanged between various communicating devices. Since the data should be communicated securely between the communicating devices, the network security is one of the dominant research areas for the 6LoWPAN IoT applications. Meanwhile, 6LoWPAN devices are vulnerable to attacks inherited from both the wireless sensor networks and the Internet protocols. Thus intrusion detection systems have become more and more critical and play a noteworthy role in improving the 6LoWPAN IoT networks. However, most intrusion detection systems focus on the attacked areas in the IoT networks instead of precisely on certain IoT nodes. This may lead more resources to further detect the compromised nodes or waste resources when detaching the whole attacked area. In this paper, we therefore proposed a new precisional detection strategy for 6LoWPAN Networks, named as PDS-6LoWPAN. In order to validate the strategy, we evaluate the performance and applicability of our solution with a thorough simulation by taking into account the detection accuracy and the detection response time.

The spread of the Internet of Things (IoT) and cloud services leads to a request for secure communication between devices, known as zero-trust security. The authors have been developing CYber PHysical Overlay Network over Internet Communication (CYPHONIC) to realize secure end-to-end communication among devices. A device requires installing the client program into the devices to realize secure communication over our overlay network. However, some devices refuse additional installation of external programs due to the limitation of system and hardware resources or the effect on system reliability. We proposed new technology, a CYPHONIC adapter, to support these devices. Currently, the CYPHONIC adapter supports only IPv4 virtual addresses and needs to be compatible with general devices that use IPv6. This paper proposes the dual-stack CYPHONIC adapter supporting IPv4/IPv6 virtual addresses for general devices. The prototype implementation shows that the general device can communicate over our overlay network using both IP versions through the proposed CYPHONIC adapter.

Recently, as the use of Internet of Things (IoT) devices has expanded, security issues have emerged. As a solution to the IoT security problem, PUF (Physical Unclonable Function) technology has been proposed, and research on key generation or device authentication using it has been actively conducted. In this paper, we propose a method to apply PUF-based device authentication technology to the Open Connectivity Foundation (OCF) open platform. The proposed method can greatly improve the security level of IoT open platform by utilizing PUF technology.

At present, pavement crack detection mainly depends on manual survey and semi-automatic detection. In the process of damage detection, it will inevitably be subject to the subjective influence of inspectors and require a lot of identification time. Therefore, this paper proposes the research and implementation of artificial intelligence real-time recognition method of crack edge based on zynq, which combines edge calculation technology with deep learning, The improved ipd-yolo target detection network is deployed on the zynq zu2cg edge computing development platform. The mobilenetv3 feature extraction network is used to replace the cspdarknet53 feature extraction network in yolov4, and the deep separable convolution is used to replace the conventional convolution. Combined with the advantages of the deep neural network in the cloud and edge computing, the rock fracture detection oriented to the edge computing scene is realized. The experimental results show that the accuracy of the network on the PID data set The recall rate and F1 score have been improved to better meet the requirements of real-time identification of rock fractures.

Information security construction is a social issue, and the most urgent task is to do an excellent job in information risk assessment. The bayesian neural network currently plays a vital role in enterprise information security risk assessment, which overcomes the subjective defects of traditional assessment results and operates efficiently. The risk quantification method based on fuzzy theory and Bayesian regularization BP neural network mainly uses fuzzy theory to process the original data and uses the processed data as the input value of the neural network, which can effectively reduce the ambiguity of language description. At the same time, special neural network training is carried out for the confusion that the neural network is easy to fall into the optimal local problem. Finally, the risk is verified and quantified through experimental simulation. This paper mainly discusses the problem of enterprise information security risk assessment based on a Bayesian neural network, hoping to provide strong technical support for enterprises and organizations to carry out risk rectification plans. Therefore, the above method provides a new information security risk assessment idea.

Using multi-UAV systems to accomplish both civil and military missions is becoming a popular trend. With the development of software and hardware technologies, Unmanned aerial vehicles (UAVs) are now able to operate autonomously at edge. However, the remote control of manned systems, e.g., ground control station (GCS), remains essential to mission success, and the system's control and non-payload communication (CNPC) are facing severe cyber threats caused by smart attacks. To avoid hijacking, in this paper, we propose a secure mechanism that reduces such security risks for multi-UAV systems. We introduce friendly jamming from UAVs to block eavesdropping on the remote control channel. The trade-off between security and energy consumption is optimized by three approaches designed for UAV and GCS under algorithms of different complexities. Numerical results show the approach efficiency under different mission conditions and security demands, and demonstrate the features of the proposed mechanism for various scenarios.

A huge number of cloud users and cloud providers are threatened of security issues by cloud computing adoption. Cloud computing is a hub of virtualization that provides virtualization-based infrastructure over physically connected systems. With the rapid advancement of cloud computing technology, data protection is becoming increasingly necessary. It's important to weigh the advantages and disadvantages of moving to cloud computing when deciding whether to do so. As a result of security and other problems in the cloud, cloud clients need more time to consider transitioning to cloud environments. Cloud computing, like any other technology, faces numerous challenges, especially in terms of cloud security. Many future customers are wary of cloud adoption because of this. Virtualization Technologies facilitates the sharing of recourses among multiple users. Cloud services are protected using various models such as type-I and type-II hypervisors, OS-level, and unikernel virtualization but also offer a variety of security issues. Unfortunately, several attacks have been built in recent years to compromise the hypervisor and take control of all virtual machines running above it. It is extremely difficult to reduce the size of a hypervisor due to the functions it offers. It is not acceptable for a safe device design to include a large hypervisor in the Trusted Computing Base (TCB). Virtualization is used by cloud computing service providers to provide services. However, using these methods entails handing over complete ownership of data to a third party. This paper covers a variety of topics related to virtualization protection, including a summary of various solutions and risk mitigation in VMM (virtual machine monitor). In this paper, we will discuss issues possible with a malicious virtual machine. We will also discuss security precautions that are required to handle malicious behaviors. We notice the issues of investigating malicious behaviors in cloud computing, give the scientific categorization and demonstrate the future headings. We've identified: i) security specifications for virtualization in Cloud computing, which can be used as a starting point for securing Cloud virtual infrastructure, ii) attacks that can be conducted against Cloud virtual infrastructure, and iii) security solutions to protect the virtualization environment from DDOS attacks.

The digital transformation brought on by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles necessary to enable 5G to achieve its promise. 5G trustworthiness highlights the importance of embedding security capabilities from the very beginning while the 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the different layers of 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture within a risk-management framework that takes into account the evolving security-threats landscape. 5G presents a typical use-case of wireless communication and computer networking convergence, where 5G fundamental building blocks include components such as Software Defined Networks (SDN), Network Functions Virtualization (NFV) and the edge cloud. This convergence extends many of the security challenges and opportunities applicable to SDN/NFV and cloud to 5G networks. Thus, 5G security needs to consider additional security requirements (compared to previous generations) such as SDN controller security, hypervisor security, orchestrator security, cloud security, edge security, etc. At the same time, 5G networks offer security improvement opportunities that should be considered. Here, 5G architectural flexibility, programmability and complexity can be harnessed to improve resilience and reliability. The working group scope fundamentally addresses the following: •5G security considerations need to overlay and permeate through the different layers of the 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture including a risk management framework that takes into account the evolving security threats landscape. •5G exemplifies a use-case of heterogeneous access and computer networking convergence, which extends a unique set of security challenges and opportunities (e.g., related to SDN/NFV and edge cloud, etc.) to 5G networks. Similarly, 5G networks by design offer potential security benefits and opportunities through harnessing the architecture flexibility, programmability and complexity to improve its resilience and reliability. •The IEEE FNI security WG's roadmap framework follows a taxonomic structure, differentiating the 5G functional pillars and corresponding cybersecurity risks. As part of cross collaboration, the security working group will also look into the security issues associated with other roadmap working groups within the IEEE Future Network Initiative.

Mobile terminals especially smartphones are changing people's work and life style. For example, mobile payments are experiencing rapid growth as consumers use mobile terminals as part of lifestyles. However, security is a big challenge for mobile application services. In order to reduce security risks, mobile terminal security assessment should be conducted before providing application services. An approach of comprehensive security assessment is proposed in this paper by defining security metrics with the corresponding scores and determining the relative weights of security metrics based on the analytical hierarchy process (AHP). Overall security assessment of Android-based mobile terminals is implemented for mobile payment services with payment fraud detection accuracy of 89%, which shows that the proposed approach of security assessment is reasonable.

In this paper we consider cyber security requirements of the smart buildings. We identify cyber risks, threats, attack scenarios, security objectives and related security controls. The work was done as a part of a smart building design and construction work. From the controls identified w e concluded security practices for engineering-in smart buildings security. The paper provides an idea toward which system security engineers can strive in the basic design and implementation of the most critical components of the smart buildings. The intent of the concept is to help practitioners to avoid ad hoc approaches in the development of security mechanisms for smart buildings with shared space.

The Robotic Operating System (ROS) is a popular framework for robotics research and development. It's a system that provides hardware abstraction with low-level device management to handle communications and services. ROS is a distributed system, which allows various nodes in a network to communicate using a method such as message passing. When integrating systems using ROS, it is vital to consider the security and privacy of the data and information shared across ROS nodes, which is considered to be one of the most challenging aspects of ROS systems. The goal of this study is to examine the ROS architecture, primary components, and versions, as well as the types of vulnerabilities that might compromise the system. In order to achieve the CIA's three fundamental security criteria on a ROS-based platform, we categorized these vulnerabilities and looked into various security solutions proposed by researchers. We provide a comparative analysis of the ROS-related security solutions, the security threats and issues they addressed, the targeted architecture of the protection or defense system, the solution's evaluation methodology and the evaluation metric, and the limitations that might be viewed as unresolved issues for the future course of action. Finally, we look into future possibilities and open challenges to assist researchers to develop more secure and efficient ROS systems.

Python continues to be one of the most popular programming languages and has been used in many safety-critical fields such as medical treatment, autonomous driving systems, and data science. These fields put forward higher security requirements to Python ecosystems. However, existing studies on machine learning systems in Python concentrate on data security, model security and model privacy, and just assume the underlying Python virtual machines (PVMs) are secure and trustworthy. Unfortunately, whether such an assumption really holds is still unknown.This paper presents, to the best of our knowledge, the first and most comprehensive empirical study on the security of CPython, the official and most deployed Python virtual machine. To this end, we first designed and implemented a software prototype dubbed PVMSCAN, then use it to scan the source code of the latest CPython (version 3.10) and other 10 versions (3.0 to 3.9), which consists of 3,838,606 lines of source code. Empirical results give relevant findings and insights towards the security of Python virtual machines, such as: 1) CPython virtual machines are still vulnerable, for example, PVMSCAN detected 239 vulnerabilities in version 3.10, including 55 null dereferences, 86 uninitialized variables and 98 dead stores; Python/C API-related vulnerabilities are very common and have become one of the most severe threats to the security of PVMs: for example, 70 Python/C API-related vulnerabilities are identified in CPython 3.10; 3) the overall quality of the code remained stable during the evolution of Python VMs with vulnerabilities per thousand line (VPTL) to be 0.50; and 4) automatic vulnerability rectification is effective: 166 out of 239 (69.46%) vulnerabilities can be rectified by a simple yet effective syntax-directed heuristics.We have reported our empirical results to the developers of CPython, and they have acknowledged us and already confirmed and fixed 2 bugs (as of this writing) while others are still being analyzed. This study not only demonstrates the effectiveness of our approach, but also highlights the need to improve the reliability of infrastructures like Python virtual machines by leveraging state-of-the-art security techniques and tools.

In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding secu-rity to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtieBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.

Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29% of students’ solutions do not seem suitable for real-world implementation, 76.9% of the developed solutions showed a sufficient degree of creativity.

Android controls the majority of the global OS market. Android Open Source Project (AOSP) is a very complex system with many layers including the apps, the Application Framework, the middle-ware, the customized Linux kernel, and the trusted components. Although security is implemented in every layer, the Application Framework forms an important of the attack surface due to managing the user interface and permissions. Android security has evolved over the years. The security flaws that have been found in the Application Framework led to a redesign of Android permissions. Part of this evolution includes fixes to the vulnerabilities that are publicly released in the monthly Android security bulletins. In this study, we analyze the CVEs listed in the Android security bulletin within the last 6 years. We focus on the Android application framework and investigate several research questions relating to 1) the security relevant components, 2) the type and amount of testing information for the security patches, and 3) the adequacy of the tests designed to test these patches. Our findings indicate that Android security testing practices can be further improved by designing security bulletin update specific tests, and by improving code coverage of patched files.

The Domain Name System (DNS) is critical to Internet communications. EDNS Client Subnet (ECS), a DNS extension, allows recursive resolvers to include client subnet information in DNS queries to improve CDN end-user mapping, extending the visibility of client information to a broader range. Major content delivery network (CDN) vendors, content providers (CP), and public DNS service providers (PDNS) are accelerating their IPv6 infrastructure development. With the increasing deployment of IPv6-enabled services and DNS being the most foundational system of the Internet, it becomes important to analyze the behavioral and privacy status of IPv6 resolvers. However, there is a lack of research on ECS for IPv6 DNS resolvers.In this paper, we study the ECS deployment and compliance status of IPv6 resolvers. Our measurement shows that 11.12% IPv6 open resolvers implement ECS. We discuss abnormal noncompliant scenarios that exist in both IPv6 and IPv4 that raise privacy and performance issues. Additionally, we measured if the sacrifice of clients’ privacy can enhance IPv6 CDN performance. We find that in some cases ECS helps end-user mapping but with an unnecessary privacy loss. And even worse, the exposure of client address information can sometimes backfire, which deserves attention from both Internet users and PDNSes.