Biblio
This exploratory investigation aims to discuss current status and challenges, especially in aspect of security and trust problems, of digital supply chain management system with applying some advanced information technologies, such as Internet of Things, cloud computing and blockchain, for improving various system performance and properties, i.e. transparency, visibility, accountability, traceability and reliability. This paper introduces the general histories and definitions, in terms of information science, of the supply chain and relevant technologies which have been applied or are potential to be applied on supply chain with purpose of lowering cost, facilitating its security and convenience. It provides a comprehensive review of current relative research work and industrial cases from several famous companies. It also illustrates requirements or performance of digital supply chain system, security management and trust issues. Finally, this paper concludes several potential or existing security issues and challenges which supply chain management is facing.
In the era of mass agriculture to keep up with the increasing demand for food production, advanced monitoring systems are required in order to handle several challenges such as perishable products, food waste, unpredictable supply variations and stringent food safety and sustainability requirements. The evolution of Internet of Things have provided means for collecting, processing, and communicating data associated with agricultural processes. This have opened several opportunities to sustain, improve productivity and reduce waste in every step in the food supply chain system. On the hand, this resulted in several new challenges, such as, the security of the data, recording and representation of data, providing real time control, reliability of the system, and dealing with big data. This paper proposes an architecture for security of big data in the agricultural supply chain management system. This can help in reducing food waste, increasing the reliability of the supply chain, and enhance the performance of the food supply chain system.
At the time of more and more devices being connected to the internet, personal and sensitive information is going around the network more than ever. Thus, security and privacy regarding IoT communications, devices, and data are a concern due to the diversity of the devices and protocols used. Since traditional security mechanisms cannot always be adequate due to the heterogeneity and resource limitations of IoT devices, we conclude that there are still several improvements to be made to the 2nd line of defense mechanisms like Intrusion Detection Systems. Using a collection of IP flows, we can monitor the network and identify properties of the data that goes in and out. Since network flows collection have a smaller footprint than packet capturing, it makes it a better choice towards the Internet of Things networks. This paper aims to study IP flow properties of certain network attacks, with the goal of identifying an attack signature only by observing those properties.
The smart grid aims to improve the efficiency, reliability and safety of the electric system via modern communication system, it's necessary to utilize cloud computing to process and store the data. In fact, it's a promising paradigm to integrate smart grid into cloud computing. However, access to cloud computing system also brings data security issues. This paper focuses on the protection of user privacy in smart meter system based on data combination privacy and trusted third party. The paper demonstrates the security issues for smart grid communication system and cloud computing respectively, and illustrates the security issues for the integration. And we introduce data chunk storage and chunk relationship confusion to protect user privacy. We also propose a chunk information list system for inserting and searching data.
Despite the benefits offered by smart grids, energy producers, distributors and consumers are increasingly concerned about possible security and privacy threats. These threats typically manifest themselves at runtime as new usage scenarios arise and vulnerabilities are discovered. Adaptive security and privacy promise to address these threats by increasing awareness and automating prevention, detection and recovery from security and privacy requirements' failures at runtime by re-configuring system controls and perhaps even changing requirements. This paper discusses the need for adaptive security and privacy in smart grids by presenting some motivating scenarios. We then outline some research issues that arise in engineering adaptive security. We particularly scrutinize published reports by NIST on smart grid security and privacy as the basis for our discussions.
Privacy has become a critical topic in the engineering of electric systems. This work proposes an approach for smart-grid-specific privacy requirements engineering by extending previous general privacy requirements engineering frameworks. The proposed extension goes one step further by focusing on privacy in the smart grid. An alignment of smart grid privacy requirements, dependability issues and privacy requirements engineering methods is presented. Starting from this alignment a Threat Tree Analysis is performed to obtain a first set of generic, high level privacy requirements. This set is formulated mostly on the data instead of the information level and provides the basis for further project-specific refinement.
The smart grid changes the way energy is produced and distributed. In addition both, energy and information is exchanged bidirectionally among participating parties. Therefore heterogeneous systems have to cooperate effectively in order to achieve a common high-level use case, such as smart metering for billing or demand response for load curtailment. Furthermore, a substantial amount of personal data is often needed for achieving that goal. Capturing and processing personal data in the smart grid increases customer concerns about privacy and in addition, certain statutory and operational requirements regarding privacy aware data processing and storage have to be met. An increase of privacy constraints, however, often limits the operational capabilities of the system. In this paper, we present an approach that automates the process of finding an optimal balance between privacy requirements and operational requirements in a smart grid use case and application scenario. This is achieved by formally describing use cases in an abstract model and by finding an algorithm that determines the optimum balance by forward mapping privacy and operational impacts. For this optimal balancing algorithm both, a numeric approximation and - if feasible - an analytic assessment are presented and investigated. The system is evaluated by applying the tool to a real-world use case from the University of Southern California (USC) microgrid.
This paper proposes a lightweight and privacy-preserving data aggregation scheme for dynamic electricity pricing based billing in smart grids using the concept of single-pass authenticated encryption (AE). Unlike existing literature that only considers static pricing, to the best of our knowledge, this is the first paper to address privacy under dynamic pricing.
Protecting energy consumers's data and privacy is a key factor for the further adoption and diffusion of smart grid technologies and applications. However, current smart grid initiatives and implementations around the globe tend to either focus on the need for technical security to the detriment of privacy or consider privacy as a feature to add after system design. This paper aims to contribute towards filling the gap between this fact and the accepted wisdom that privacy concerns should be addressed as early as possible (preferably when modeling system's requirements). We present a methodological framework for tackling privacy concerns throughout all phases of the smart grid system development process. We describe methods and guiding principles to help smart grid engineers to elicit and analyze privacy threats and requirements from the outset of the system development, and derive the best suitable countermeasures, i.e. privacy enhancing technologies (PETs), accordingly. The paper also provides a summary of modern PETs, and discusses their context of use and contributions with respect to the underlying privacy engineering challenges and the smart grid setting being considered.
The increasing demand and the use of mobile ad hoc network (MANET) in recent days have attracted the attention of researchers towards pursuing active research work largely related to security attacks in MANET. Gray hole attack is one of the most common security attacks observed in MANET. The paper focuses on gray hole attack analysis in Ad hoc on demand distance vector(AODV) routing protocol based MANET with reliability as a metric. Simulation is performed using ns-2.35 simulation software under varying number of network nodes and varying number of gray hole nodes. Results of simulation indicates that increasing the number of gray hole node in the MANET will decrease the reliability of MANET.
Software metrics help developers discover and fix mistakes. However, despite promising empirical evidence, vulnerability discovery metrics are seldom relied upon in practice. In prior research, the effectiveness of these metrics has typically been expressed using precision and recall of a prediction model that uses the metrics as explanatory variables. These prediction models, being black boxes, may not be perceived as useful by developers. However, by systematically interpreting the models and metrics, we can provide developers with nuanced insights about factors that have led to security mistakes in the past. In this paper, we present a preliminary approach to using vulnerability discovery metrics to provide insightful feedback to developers as they engineer software. We collected ten metrics (churn, collaboration centrality, complexity, contribution centrality, nesting, known offender, source lines of code, \# inputs, \# outputs, and \# paths) from six open-source projects. We assessed the generalizability of the metrics across two contextual dimensions (application domain and programming language) and between projects within a domain, computed thresholds for the metrics using an unsupervised approach from literature, and assessed the ability of these unsupervised thresholds to classify risk from historical vulnerabilities in the Chromium project. The observations from this study feeds into our ongoing research to automatically aggregate insights from the various analyses to generate natural language feedback on security. We hope that our approach to generate automated feedback will accelerate the adoption of research in vulnerability discovery metrics.
Nowadays, communication networks have a high relevance in any field. Because of this, it is necessary to maintain them working properly and with an adequate security level. In many fields, and in anomaly detection in communication networks in particular, it results really convenient the use of early detection methods. Therefore, adequate metrics must be defined to allow the correct evaluation of methods applied in relation to time delay in the detection. In this thesis the definition of time-aware metrics for early detection anomaly techniques evaluation.
How to evaluate software reliability based on historical data of embedded software projects is one of the problems we have to face in practical engineering. Therefore, we establish a software reliability evaluation model based on code metrics. This evaluation technique requires the aggregation of software code metrics into project metrics. Statistical value methods, metric distribution methods, and econometric methods are commonly-used aggregation methods. What are the differences between these methods in the software reliability evaluation process, and which methods can improve the accuracy of the reliability assessment model we have established are our concerns. In view of these concerns, we conduct an empirical study on the application of software code metric aggregation methods based on actual projects. We find the distribution of code metrics for the projects under study. Using these distribution laws, we optimize the aggregation method of code metrics and improve the accuracy of the software reliability evaluation model.
Software integration in modern vehicles is continuously expanding. This is due to the fact that vehicle manufacturers are always trying to enhance and add more innovative and competitive features that may rely on complex software functionalities. However, these features come at a cost. They amplify the security vulnerabilities in vehicles and lead to more security issues in today's automobiles. As a result, the need for identifying vulnerable components in a vehicle software system has become crucial. Security experts need to know which components of the vehicle software system can be exploited for attacks and should focus their testing and inspection efforts on it. Nevertheless, it is a challenging and costly task to identify these weak components in a vehicle's system. In this paper, we propose some security vulnerability metrics for connected vehicles that aim to assist software testers during the development life-cycle in order to identify the frail links that put the vehicle at highsecurity risks. Vulnerable function assessment can give software testers a good idea about which components in a connected vehicle need to be prioritized in order to mitigate the risk and hence secure the vehicle. The proposed metrics were applied to OpenPilot - a software that provides Autopilot feature - and has been integrated with 48 different vehicles.. The application shows how the defined metrics can be effectively used to quantitatively measure the vulnerabilities of a vehicle software system.
The purpose of this paper is to analyze all Cloud based Service Models, Continuous Integration, Deployment and Delivery process and propose an Automated Continuous Testing and testing as a service based TestBot and metrics dashboard which will be integrated with all existing automation, bug logging, build management, configuration and test management tools. Recently cloud is being used by organizations to save time, money and efforts required to setup and maintain infrastructure and platform. Continuous Integration and Delivery is in practice nowadays within Agile methodology to give capability of multiple software releases on daily basis and ensuring all the development, test and Production environments could be synched up quickly. In such an agile environment there is need to ramp up testing tools and processes so that overall regression testing including functional, performance and security testing could be done along with build deployments at real time. To support this phenomenon, we researched on Continuous Testing and worked with industry professionals who are involved in architecting, developing and testing the software products. A lot of research has been done towards automating software testing so that testing of software product could be done quickly and overall testing process could be optimized. As part of this paper we have proposed ACT TestBot tool, metrics dashboard and coined 4S quality metrics term to quantify quality of the software product. ACT testbot and metrics dashboard will be integrated with Continuous Integration tools, Bug reporting tools, test management tools and Data Analytics tools to trigger automation scripts, continuously analyze application logs, open defects automatically and generate metrics reports. Defect pattern report will be created to support root cause analysis and to take preventive action.
Cloud Management Platforms (CMP) have been developed in recent years to set up cloud computing architecture. Infrastructure-as-a-Service (IaaS) is a cloud-delivered model designed by the provider to gather a set of IT resources which are furnished as services for user Virtual Machine Image (VMI) provisioning and management. Openstack is one of the most useful CMP which has been developed for industry and academic researches to simulate IaaS classical processes such as launch and store user VMI instance. In this paper, the main purpose is to adopt a security policy for a secure launch user VMI across a trust cloud environment founded on a combination of enhanced TPM remote attestation and cryptographic techniques to ensure confidentiality and integrity of user VMI requirements.
In Infrastructure-as-a-Service clouds, there exist many virtual machines (VMs) that are not used for a long time. For such VMs, many vulnerabilities are often found in installed software while VMs are suspended. If security updates are applied to such VMs after the VMs are resumed, the VMs easily suffer from attacks via the Internet. To solve this problem, offline update of VMs has been proposed, but some approaches have to permit cloud administrators to resume users' VMs. The others are applicable only to completely stopped VMs and often corrupt virtual disks if they are applied to suspended VMs. In addition, it is sometimes difficult to accurately emulate security updates offline. In this paper, we propose OUassister, which enables consistent offline update of suspended VMs. OUassister emulates security updates of VMs offline in a non-intrusive manner and applies the emulation results to the VMs online. This separation prevents virtual disks of even suspended VMs from being corrupted. For more accurate emulation of security updates, OUassister provides an emulation environment using a technique called VM introspection. Using this environment, it automatically extracts updated files and executed scripts. We have implemented OUassister in Xen and confirmed that the time for critical online update was largely reduced.
In Cloud Computing Environment, using only static security measures didn't mitigate the attack considerably. Hence, deployment of sophisticated methods by the attackers to understand the network topology of complex network makes the task easier. For this reason, the use of dynamic security measure as virtual machine (VM) migration increases uncertainty to locate a virtual machine in a dynamic attack surface. Although this, not all VM's migration enhances security. Indeed, the destination server to host the VM should be selected precisely in order to avoid externality and attack at the same time. In this paper, we model migration in cloud environment by using continuous Markov Chain. Then, we analyze the probability of a VM to be compromised based on the destination server parameters. Finally, we provide some numerical results to show the effectiveness of our approach in term of avoiding intrusion.
Network Function Virtualization (NFV) is an implementation of cloud computing that leverages virtualization technology to provide on-demand network functions such as firewalls, domain name servers, etc., as software services. One of the methods that help us understand the design and implementation process of such a new system in an abstract way is architectural modeling. Architectural modeling can be presented through UML diagrams to show the interaction between different components and its stakeholders. Also, it can be used to analyze the security threats and the possible countermeasures to mitigate the threats. In this paper, we show some of the possible threats that may jeopardize the security of NFV. We use misuse patterns to analyze misuses based on privilege escalation and VM escape threats. The misuse patterns are part of an ongoing catalog, which is the first step toward building a security reference architecture for NFV.
Monitoring kernel object modification of virtual machine is widely used by virtual-machine-introspection-based security monitors to protect virtual machines in cloud computing, such as monitoring dentry objects to intercept file operations, etc. However, most of the current virtual machine monitors, such as KVM and Xen, only support page-level monitoring, because the Intel EPT technology can only monitor page privilege. If the out-of-virtual-machine security tools want to monitor some kernel objects, they need to intercept the operation of the whole memory page. Since there are some other objects stored in the monitored pages, the modification of them will also trigger the monitor. Therefore, page-level memory monitor usually introduces overhead to related kernel services of the target virtual machine. In this paper, we propose a low-overhead kernel object monitoring approach to reduce the overhead caused by page-level monitor. The core idea is to migrate the target kernel objects to a protected memory area and then to monitor the corresponding new memory pages. Since the new pages only contain the kernel objects to be monitored, other kernel objects will not trigger our monitor. Therefore, our monitor will not introduce runtime overhead to the related kernel service. The experimental results show that our system can monitor target kernel objects effectively only with very low overhead.
The failure prediction method of virtual machines (VM) guarantees reliability to cloud platforms. However, the uncertainty of VM security state will affect the reliability and task processing capabilities of the entire cloud platform. In this study, a failure prediction method of VM based on AdaBoost-Hidden Markov Model was proposed to improve the reliability of VMs and overall performance of cloud platforms. This method analyzed the deep relationship between the observation state and the hidden state of the VM through the hidden Markov model, proved the influence of the AdaBoost algorithm on the hidden Markov model (HMM), and realized the prediction of the VM failure state. Results show that the proposed method adapts to the complex dynamic cloud platform environment, can effectively predict the failure state of VMs, and improve the predictive ability of VM security state.
With the ever so growing boundaries for security in the cloud, it is necessary to develop ways to prevent from total cloud server failure. In this paper, we try to design a Game Strategy Block that sets up rules for security based on a tower defence game to secure the hypervisor from potential threats. We also try to define a utility function named the Virtual Machine Vitality Measure (VMVM) that could enlighten on the status of the virtual machines on the virtual environment.
Cloud Computing as of large is evolving at a faster pace with an ever changing set of cloud services. The amenities in the cloud are all enabled with respect to the public cloud services in their own enormous domain aspects commercially, which tend to be more insecure. These cloud services should be thus protected and secured which is very vital to the cloud infrastructures. Therefore, in this research work, we have identified security features with a self-heal approach that could be rendered on the infrastructure as a service (IaaS) in a private cloud environment. We have investigated the attack model from the virtual machine snapshots and have analyzed based on the supervised machine learning techniques. The virtual machines memory snapshots API call sequences are considered as input for the supervised and unsupervised machine learning algorithms to classify the attacked and the un-attacked virtual machine memory snapshots. The obtained set of the attacked virtual machine memory snapshots are given as input to the self-heal algorithm which is enabled to retrieve back the functionality of the virtual machines. Our method of detecting the malware attains about 93% of accuracy with respect to the virtual machine snapshots.