Biblio

With the advent of massive machine type of communications, security protection becomes more important than ever. Efforts have been made to impose security protection capability to physical-layer signal design, so called physical-layer security (PLS). The purpose of this paper is to evaluate the performance of PLS schemes for a multi-input-multi-output (MIMO) systems with space-time block coding (STBC) under imperfect channel estimation. Three PLS schemes for STBC schemes are modeled and their bit error rate (BER) performances are evaluated under various channel estimation error environments, and their performance characteristics are analyzed.

The Time-Triggered Architecture (TTA) presents a blueprint for building safe and real-time constrained distributed systems, based on a set of orthogonal concepts that make extensive use of the availability of a globally consistent notion of time and a priori knowledge of events. Although the TTA tolerates arbitrary failures of any of its nodes by architectural means (active node replication, a membership service, and bus guardians), the design of these means considers only accidental faults. However, distributed safety- and real-time critical systems have been emerging into more open and interconnected systems, operating autonomously for prolonged times and interfacing with other possibly non-real-time systems. Therefore, the existence of vulnerabilities that adversaries may exploit to compromise system safety cannot be ruled out. In this paper, we discuss potential targeted attacks capable of bypassing TTA's fault-tolerance mechanisms and demonstrate how two well-known recovery techniques - proactive and reactive rejuvenation - can be incorporated into TTA to reduce the window of vulnerability for attacks without introducing extensive and costly changes.

Due to the widespread use of the Internet of Things (IoT) in recent years, the need for IoT technologies to handle communications with the rest of the globe has grown dramatically. Wireless sensor networks (WSNs) play a vital role in the operation of the IoT. The creation of Internet of Things operating systems (OS), which can handle the newly constructed IoT hardware, as well as new protocols and procedures for all communication levels, all of which are now in development, will pave the way for the future. When compared to other devices, these gadgets require a comparatively little amount of electricity, memory, and other resources. This has caused the scientific community to become more aware of the relevance of IoT device operating systems as a result of their findings. These devices may be made more versatile and powerful by including an operating system that contains real-time capabilities, kernel, networking, and other features, among other things. IEEE 802.15.4 networks are linked together using IPv6, which has a wide address space and so enables more devices to connect to the internet using the 6LoWPAN protocol. It is necessary to address some privacy and security issues that have arisen as a result of the widespread use of the Internet, notwithstanding the great benefits that have resulted. For the Internet of Things operating systems, this research has provided a network security architecture that ensures secure communication by utilizing the Cooja network simulator in combination with the Contiki operating system and demonstrate and explained how the nodes can protect from the network layer and physical layer attacks. Also, this research has depicted the energy consumption results of each designated node type during the authentication and communication process. Finally, proposed a few further improvements for the architecture which will enhance the network layer protection.

This paper proposes a logic-based machine learning approach called Acuity which is designed to facilitate user-guided elucidation of novel phenomena from evidence sparsely distributed across large volumes of linked relational data. The work builds on systems from the field of Inductive Logic Programming (ILP) by introducing a suite of new techniques for interacting with domain experts and data sources in a way that allows complex logical reasoning to be strategically exploited on large real-world databases through intuitive hypothesis-shaping and data-caching functionality. We propose two methods for rebutting or shaping candidate hypotheses and two methods for querying or importing relevant data from multiple sources. The benefits of Acuity are illustrated in a proof-of-principle case study involving a retrospective analysis of the CryptoWall ransomware attack using data from a cyber security testbed comprising a small business network and an infected laptop.

Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

The Industrial Internet of Things is expected to attract significant investments for Industry 4.0. In this new environment, the blockchain has immediate potential in industrial applications, providing unchanging, traceable and auditable access control. However, recent work and present in blockchain literature are based on a cloud infrastructure that requires significant investments. Furthermore, due to the placement and distance of the cloud infrastructure to industrial control devices, such approaches present a communication latency that can compromise the strict deadlines for accessing and communicating with this device. In this context, this article presents a blockchain-based access control architecture, which is deployed directly to edge devices positioned close to devices that need access control. Performance assessments of the proposed approach were carried out in practice in an industrial mining environment. The results of this assessment demonstrate the feasibility of the proposal and its performance compared to cloud-based approaches.

To conceive a CPS is a complex and multidisciplinary endeavour involving different stakeholders, potentially using a plethora of different languages to describe their views of the system at different levels of abstraction. Model-Driven Engineering comes, precisely, as a methodological approach to tackle the complexity of systems development with models as first-class citizens in the development process. The measure of realism of these models with respect to the real (sub)system is called fidelity. Usually, different models with different fidelity are then developed during the development process. Additionally, it is very common that the development process of CPS includes an incremental (and collaborative) use of simulations to study the behaviour emerging from the heterogeneous models of the system. Currently, the different models, with different fidelity, are managed in an ad hoc manner. Consequently, when a (Co)simulation is used to study a specific property of the system, the choice of the different models and their setup is made manually in a non-tractable way. In this paper we propose a structured new vision to CPS development, where the notion of simulation goal and multi-fidelity simulation unit are first-class citizens. The goal is to make a clear link between the system requirements, the system properties, the simulation goal and the multi-fidelity simulation unit. The outcome of this framework is a way to automatically determine the model at an adequate fidelity level suitable for answering a specific simulation goal.

Security is the key concern, which allows safe communication between any two mobile nodes in an unfavorable environment. Wireless Ad Hoc can be unsecured against attacks by means of malicious nodes. Hence this study assesses the influence of wormhole attacks on Mobile Ad Hoc network (MANET) system that is evaluated and validated based on the QualNet simulator. The MANET performance is investigated utilizing the wormhole attacks. The simulation is performed on Mobile node's network layer and data link layer in the WANET (wireless Ad Hoc network). The MANET performance was examined using “what-if” analyses too. Results showed that for security purposes, it is indeed necessary to assess the Mobile Ad Hoc node deployment.

Privacy-preserving frequency computation is critical to privacy-preserving data mining in 2-Part Fully Distributed Setting (such as association rule analysis, clustering, and classification analysis) and has been investigated in many researches. However, these solutions are based on the Elgamal Cryptosystem, making computation and communication efficiency low. Therefore, this paper proposes an improved protocol using an Elliptic Curve Cryptosystem. The theoretical and experimental analysis shows that the proposed method is effective in both computing and communication compared to other methods.

Insider attacks is a well-known problem acknowledged as a threat as early as 1980s. The threat is attributed to legitimate users who take advantage of familiarity with the computational environment and abuse their privileges, can easily cause significant damage or losses. In this paper, we present an active defense model and framework of insider threat detection and sense. Firstly, we describe the hierarchical framework which deal with insider threat from several aspects, and subsequently, show a hierarchy-mapping based insider threats model, the kernel of the threats detection, sense and prediction. The experiments show that the model and framework could sense the insider threat in real-time effectively.

This work describes a top down systems security requirements analysis approach for understanding and eliciting security requirements for a notional small unmanned aerial system (SUAS). More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements. The effort employs STPA-Sec on a notional SUAS system case study to detail the development of functional-level security requirements, design-level engineering considerations, and architectural-level security specification criteria early in the system life cycle when the solution trade-space is largest rather than merely examining components and adding protections during system operation or sustainment. These details were elaborated during a semester independent study research effort by two United States Air Force Academy Systems Engineering cadets, guided by their instructor and a series of working group sessions with UAS operators and subject matter experts. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence.

A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent intruder attacks. In this paper we focus on the architecture modeling of PPS to support the communication among stakeholders, analysis and guiding the systems development activities. A common practice for modeling architecture is by using an architecture framework that defines a coherent set of viewpoints. Existing systems engineering modeling approaches appear to be too general and fail to address the domain-specific aspects of PPSs. On the other hand, no dedicated architecture framework approach has been provided yet to address the specific concerns of PPS. In this paper, we present an architecture framework for PPS (PPSAF) that has been developed in a real industrial context focusing on the development of multiple PPSs. The architecture framework consists of six coherent set of viewpoints including facility viewpoint, threats and vulnerabilities viewpoint, deterrence viewpoint, detection viewpoint, delay viewpoint, and response viewpoint. We illustrate the application of the architecture framework for the design of a PPS architecture of a building.

This work presents the results of the Multi-Robot System designing that works on the basis of Swarm Intelligence models and is used to search for optimal solutions. The process of searching for optimal solutions is performed based on a field of gradient vectors that can be generated by ionizing radiation sources, radio-electro-magnetic devices, temperature generating sources, etc. The concept of the operation System is based on the distribution in the search space of a multitude of Mobile Robots that form a Mesh network between them. Each Mobile Robot has a set of ultrasonic sensors for excluding the collisions with obstacles, two sensors for identifying the gradient vector of the analyzed field, resources for wireless storage, processing and communication. The direction of the Mobile Robot movement is determined by the rotational speed of two DC motors which is calculated based on the models of Artificial Neural Networks. Gradient vectors generated by all Mobile Robots in the system structure are used to calculate the movement direction.

The Department of Defense (DoD) manages capabilities through the Joint Interoperability and Capability Development System (JCIDS) process. As part of this process, sponsors develop a series of DoD Architecture Framework (DoDAF) products to assist analysts understand the proposed capability and how it fits into the broader network of DoD legacy systems and systems under development. However, the Joint Staff, responsible for executing the JCIDS process, often analyzes these architectures in isolation without considering the broader network of systems. DoD leadership, the Government Accountability Organization, and others have noted the lack of the DoD's ability to manage the broader portfolio of capabilities in various reports and papers. Several efforts have proposed merging DoDAF architecture into a larger meta-architecture based on individual system architectures. This paper specifically targets the Systems View 3 (SV-3), System-to-system matrix, as an opportunity to merge multiple DoDAF architecture views into a network of system and understand the potential benefits associated with analyzing a broader perspective. The goal of merging multiple SV-3s is to better understand the interoperability of a system within the network of DoD systems as network metrics may provide insights into the relative interoperability of a DoD system. Currently, the DoD's definition of interoperability focuses on the system or capability's ability to enter and operate within the DoD Information Network (DoDIN); however, this view limits the definition of interoperability as it focuses solely on information flows and not resource flows or physical connections that should be present in a SV-3. The paper demonstrates the importance of including all forms of connections between systems in a network by comparing network metrics associated with the different types of connections. Without a complete set of DoDAF architectures for each system within the DoD and based on the potential classification of these products, the paper collates data that should be included in an SV-3 from open source, unclassified references to build the overall network of DoD systems. From these sources, a network of over 300 systems with almost 1000 connections emerges based on the documented information, resource, and physical connections between these legacy and planned DoD systems. With this network, the paper explores the quantification of individual system's interoperability through the application of nodal and network metrics from social network analysis (SNA). A SNA perspective on a network of systems provides additional insights beyond traditional network analysis because of the emphasis on the importance of nodes, systems, in the network as well as the relationship, connections, between the nodes. Finally, the paper proposes future work to explore the quantification of additional attributes of systems as well as a method for further validating the findings.

This paper describes multiple system security engineering techniques for assessing system security vulnerabilities and discusses the application of these techniques at different system maturity points. The proposed vulnerability assessment approach allows a systems engineer to identify and assess vulnerabilities early in the life cycle and to continually increase the fidelity of the vulnerability identification and assessment as the system matures.

The research question of this study is: How Integration Readiness Level (IRL) metrics can be understood and realized in the domain of border control information systems. The study address to the IRL metrics and their definition, criteria, references, and questionnaires for validation of border control information systems in case of the shared maritime situational awareness system. The target of study is in improvements of ways for acceptance, operational validation, risk assessment, and development of sharing mechanisms and integration of information systems and border control information interactions and collaboration concepts in Finnish national and European border control domains.
 

The objective of this paper is to explore the current notions of systems and “System of Systems” and establish the case for quantitative characterization of their structural, behavioural and contextual facets that will pave the way for further formal development (mathematical formulation). This is partly driven by stakeholder needs and perspectives and also in response to the necessity to attribute and communicate the properties of a system more succinctly, meaningfully and efficiently. The systematic quantitative characterization framework proposed will endeavor to extend the notion of emergence that allows the definition of appropriate metrics in the context of a number of systems ontologies. The general characteristic and information content of the ontologies relevant to system and system of system will be specified but not developed at this stage. The current supra-system, system and sub-system hierarchy is also explored for the formalisation of a standard notation in order to depict a relative scale and order and avoid the seemingly arbitrary attributions.