Biblio

Microservices-based architectures gain more and more attention in industry and academia due to their tremendous advantages such as providing resiliency, scalability, composability, etc. To benefit from these advantages, a proper architectural design is very important. The decomposition model of services into microservices and the granularity of these microservices affect the different aspects of the system such as flexibility, maintainability, performance, and security. An inappropriate service decomposition into microservices (improper granularity) may increase the attack surface of the system and lower its security level. In this paper, first, we study the probability of compromising services before and after decomposition. Then we formulate the impacts of possible service decomposition models on confidentiality, integrity, and availability attributes of the system. To do so, we provide equations for measuring confidentiality, integrity, and availability risks of the decomposed services in the system. It is also shown that the number of entry points to the decomposed services and the size of the microservices affect the security attributes of the system. As a use case, we propose three different service decomposition models for the 5G NRF (Network Repository Function) and calculate the impacts of these decomposition models on the confidentiality, integrity, and availability of the system using the provided equations.

Safety and security of complex critical infrastructures is very important for economic, environmental and social reasons. The interdisciplinary and inter-system dependencies within these infrastructures introduce difficulties in the safety and security design. Late discovery of safety and security design weaknesses can lead to increased costs, additional system complexity, ineffective mitigation measures and delays to the deployment of the systems. Traditionally, safety and security assessments are handled using different methods and tools, although some concepts are very similar, by specialized experts in different disciplines and are performed at different system design life-cycle phases.The methodology proposed in this paper supports a concurrent safety and security Defense in Depth (DiD) assessment at an early design phase and it is designed to handle safety and security at a high level and not focus on specific practical technologies. It is assumed that regardless of the perceived level of security defenses in place, a determined (motivated, capable and/or well-funded) attacker can find a way to penetrate a layer of defense. While traditional security research focuses on removing vulnerabilities and increasing the difficulty to exploit weaknesses, our higher-level approach focuses on how the attacker's reach can be limited and to increase the system's capability for detection, identification, mitigation and tracking. The proposed method can assess basic safety and security DiD design principles like Redundancy, Physical separation, Functional isolation, Facility functions, Diversity, Defense lines/Facility and Computer Security zones, Safety classes/Security Levels, Safety divisions and physical gates/conduits (as defined by the International Atomic Energy Agency (IAEA) and international standards) concurrently and provide early feedback to the system engineer. A prototype tool is developed that can parse the exported project file of the interdisciplinary model. Based on a set of safety and security attributes, the tool is able to assess aspects of the safety and security DiD capabilities of the design. Its results can be used to identify errors, improve the design and cut costs before a formal human expert inspection. The tool is demonstrated on a case study of an early conceptual design of a complex system of a nuclear power plant.

In order to cope with the network attack of industrial control system, this paper proposes a quantifiable attack-defense tree model. In order to reduce the influence of subjective factors on weight calculation and the probability of attack events, the Fuzzy Analytic Hierarchy Process and the Attack-Defense Tree model are combined. First, the model provides a variety of security attributes for attack and defense leaf nodes. Secondly, combining the characteristics of leaf nodes, a fuzzy consistency matrix is constructed to calculate the security attribute weight of leaf nodes, and the probability of attack and defense leaf nodes. Then, the influence of defense node on attack behavior is analyzed. Finally, the network risk assessment of typical airport oil supply automatic control system has been undertaken as a case study using this attack-defense tree model. The result shows that this model can truly reflect the impact of defense measures on the attack behavior, and provide a reference for the network security scheme.

The defense-in-depth approach has been widely recommended for designing critical information infrastructure, however, the lack of holistic design guidelines makes it difficult for many organizations to adopt the concept. Therefore, this paper proposes a holistic architectural framework and guidelines based on ring-based nested network zones for designing such highly secured information systems. This novel security architectural framework and guidelines offer the overall structural design and implementation options for holistically designing the N-tier/shared nothing system architectures. The implementation options, e.g. for the zone's perimeters, are recommended to achieve different capability levels of security or to trade off among different required security attributes. This framework enables the adaptive capability suitable for different real-world contexts. This paper also proposes an attack-hops verification approach as a tool to evaluate the architectural design.

In most applications, security attributes are pretty difficult to meet but it becomes even a bigger challenge when talking about Grid Computing. To secure data passes in Grid Systems, we need a professional scheme that does not affect the overall performance of the grid system. Therefore, we previously developed a new security scheme “ULTRA GRIDSEC” that is used to accelerate the performance of the symmetric key encryption algorithms for both stream and block cipher encryption algorithms. The scheme is used to accelerate the security of data pass between elements of our newly developed pure peer-to-peer desktop grid framework, “HIMAN”. It also enhances the security of the encrypted data resulted from the scheme and prevents the problem of weak keys of the encryption algorithms. This paper covers the analysis and evaluation of this scheme showing the different factors affecting the scheme performance, and covers the efficiency of the scheme from the security prospective. The experimental results are highlighted for two types of encryption algorithms, TDES as an example for the block cipher algorithms, and RC4 as an example for the stream cipher algorithms. The scheme speeds up the former algorithm by 202.12% and the latter one by 439.7%. These accelerations are also based on the running machine's capabilities.

Trustworthiness is a paramount concern for users and customers in the selection of a software solution, specially in the context of complex and dynamic environments, such as Cloud and IoT. However, assessing and benchmarking trustworthiness (worthiness of software for being trusted) is a challenging task, mainly due to the variety of application scenarios (e.g., businesscritical, safety-critical), the large number of determinative quality attributes (e.g., security, performance), and last, but foremost, due to the subjective notion of trust and trustworthiness. In this paper, we present trustworthiness as a measurable notion in relative terms based on security attributes and propose an approach for the assessment and benchmarking of software. The main goal is to build a trustworthiness assessment model based on software metrics (e.g., Cyclomatic Complexity, CountLine, CBO) that can be used as indicators of software security. To demonstrate the proposed approach, we assessed and ranked several files and functions of the Mozilla Firefox project based on their trustworthiness score and conducted a survey among several software security experts in order to validate the obtained rank. Results show that our approach is able to provide a sound ranking of the benchmarked software.

In this paper, a new method for quantitative evaluation of the security of cyber-physical systems (CPSs) is proposed. The proposed method models the different classes of adversarial attacks against CPSs, including cross-domain attacks, i.e., cyber-to-cyber and cyber-to-physical attacks. It also takes the secondary consequences of attacks on CPSs into consideration. The intrusion process of attackers has been modeled using attack graph and the consequence estimation process of the attack has been investigated using process model. The security attributes and the special parameters involved in the security analysis of CPSs, have been identified and considered. The quantitative evaluation has been done using the probability of attacks, time-to-shutdown of the system and security risks. The validation phase of the proposed model is performed as a case study by applying it to a boiling water power plant and estimating the suitable security measures.