Visible to the public Biblio

Filters: Keyword is test-bed  [Clear All Filters]
2020-01-21
Azimi, Mahdi, Sami, Ashkan, Khalili, Abdullah.  2014.  A Security Test-Bed for Industrial Control Systems. Proceedings of the 1st International Workshop on Modern Software Engineering Methods for Industrial Automation. :26–31.

Industrial Control Systems (ICS) such as Supervisory Control And Data Acquisition (SCADA), Distributed Control Systems (DCS) and Distributed Automation Systems (DAS) control and monitor critical infrastructures. In recent years, proliferation of cyber-attacks to ICS revealed that a large number of security vulnerabilities exist in such systems. Excessive security solutions are proposed to remove the vulnerabilities and improve the security of ICS. However, to the best of our knowledge, none of them presented or developed a security test-bed which is vital to evaluate the security of ICS tools and products. In this paper, a test-bed is proposed for evaluating the security of industrial applications by providing different metrics for static testing, dynamic testing and network testing in industrial settings. Using these metrics and results of the three tests, industrial applications can be compared with each other from security point of view. Experimental results on several real world applications indicate that proposed test-bed can be successfully employed to evaluate and compare the security level of industrial applications.

2018-04-11
Kim, Y. S., Son, C. W., Lee, S. I..  2017.  A Method of Cyber Security Vulnerability Test for the DPPS and PMAS Test-Bed. 2017 17th International Conference on Control, Automation and Systems (ICCAS). :1749–1752.

Vulnerability analysis is important procedure for a cyber security evaluation process. There are two types of vulnerability analysis, which is an interview for the facility manager and a vulnerability scanning with a software tool. It is difficult to use the vulnerability scanning tool on an operating nuclear plant control system because of the possibility of giving adverse effects to the system. The purpose of this paper is to suggest a method of cyber security vulnerability test using the DPPS and PMAS test-bed. Based on functions of the test-bed, possible threats and vulnerabilities in terms of cyber security were analyzed. Attack trees and test scenarios could be established with the consideration of attack vectors. It is expected that this method can be helpful to implement adequate security controls and verify whether the security controls make adverse impact to the inherent functions of the systems.

2017-04-24
Tamrakar, Anjila, Russell, Justin D., Ahmed, Irfan, Richard, III, Golden G., Weems, Carl F..  2016.  SPICE: A Software Tool for Bridging the Gap Between End-user's Insecure Cyber Behavior and Personality Traits. Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. :124–126.

End users are prone to insecure cyber behavior that may lead them to compromise the integrity, availability or confidentiality of their computer systems. For instance, replying to a phishing email may compromise an end user's login credentials. Identifying tendency toward insecure cyber behavior is critically important to improve cyber security posture and thesis of this paper is that the susceptibility of end-users to be a victim of a cyber-attack may be predicted using personality traits such as trait anxiety and callousness. This paper presents an easily configurable, script-based software tool to explore the relationships between the personality traits and insecure cyber behaviors of end users. The software utilizes well-established cognitive methods (such as dot probe) to identify a number of personality traits for a user and further allows researchers to design and conduct experiments through customizable scripting to study the endusers' insecure cyber behaviors. The software also collects fine-grained data on users for analysis.