Biblio

With the construction of power information network, the power grid has built a security protection system based on boundary protection. However, with the continuous advancement of the construction of the power Internet of Things, a large number of power Internet of Things terminals need to connect to the power information network through the public network, which have an impact on the existing security protection system of the power grid. This article analyzes the characteristics of the border protection model commonly used in network security protection. Aiming at the lack of security protection capabilities of this model, a zero-trust security architecture-based power Internet of Things network security protection model is proposed. Finally, this article analyzes and studies the application of zero trust in the power Internet of Things.

The widely adopted dynamic line rating (DLR) mechanism can improve the operation efficiency for industrial and commercial power systems. However, the predicted environmental parameters used in DLR bring great uncertainty to transmission line capacity estimation and may introduce system security risk if over-optimistic estimation is adopted in the operation process, which could affect the electrical safety of industrial and commercial power systems in multiple cases. Therefore, it becomes necessary to establish a system operation security assessment model to reduce the risk and provide operational guidance to enhance electrical safety. This paper aims to solve the electrical safety problems caused by the transmission line under DLR mechanism. An operation security assessment method of transmission lines considering DLR uncertainty is proposed to visualize the safety margin under the given operation strategy and optimally setting transmission line capacity while taking system safety into account. With the help of robust optimization (RO) techniques, the uncertainty is characterized and a risk-averse transmission line rating guidance can be established to determine the safety margin of line capacity for system operation. In this way, the operational security for industrial and commercial power systems can be enhanced by reducing the unsafe conditions while the operational efficiency benefit provided by DLR mechanism still exist.

Differential evolution algorithm is an efficient computational method that uses population crossover and variation to achieve high-quality solutions. The algorithm is simple in principle and fast in solving global solutions, so it has been widely used in complex optimization problems. In this paper, we applied the differential evolution algorithm to a time-delay dynamic system for microbial fermentation of 1,3-propanediol and obtained an average error of 22.67% comparing to baseline error of 48.53%.

In this study, we prove strong stability for a typical time-varying nonlinear dynamic system in batch culture, which is hard to obtain analytical solutions and equilibrium points. To this end, firstly, we construct a linear variational system to the nonlinear dynamic system. Secondly, we give a proof that the fundamental matrix solution to this dynamic system is bounded. Combined with the above two points, the strong stability for the nonlinear dynamic system is proved.

Ubiquitous Electric Internet of Things (UEIoT) is the next generation electrical energy networks. The distributed and open structure of UEIoT is weak and vulnerable to security threats. To solve the security problem of UEIoT terminal, in this paper, the interaction between smart terminals and the malicious attackers in UEIoT as a differential game is investigated. A complex decision-making process and interactions between the smart terminal and attackers are analyzed. Through derivation and analysis of the model, an algorithm for the optimal defense strategy of UEIoT is designed. The results lay a theoretical foundation, which can support UEIoT make a dynamic strategy to improve the defensive ability.

Continuous Integration (CI) and Continuous Delivery (CD) have become a well-known practice in DevOps to ensure fast delivery of new features. This is achieved by automatically testing and releasing new software versions, e.g. multiple times per day. However, classical security management techniques cannot keep up with this quick Software Development Life Cycle (SDLC). Nonetheless, guaranteeing high security quality of software systems has become increasingly important. The new trend of DevSecOps aims to integrate security techniques into existing DevOps practices. Especially, the automation of security testing is an important area of research in this trend. Although plenty of literature discusses security testing and CI/CD practices, only a few deal with both topics together. Additionally, most of the existing works cover only static code analysis and neglect dynamic testing methods. In this paper, we present an approach to integrate three automated dynamic testing techniques into a CI/CD pipeline and provide an empirical analysis of the introduced overhead. We then go on to identify unique research/technology challenges the DevSecOps communities will face and propose preliminary solutions to these challenges. Our findings will enable informed decisions when employing DevSecOps practices in agile enterprise applications engineering processes and enterprise security.

This work introduces methods that unlock a series of applications for decision trees and neural networks in power system optimization. Capturing constraints that were impossible to capture before in a scalable way, we use decision trees (or neural networks) to extract an accurate representation of the non-convex feasible region which is characterized by both algebraic and differential equations. Applying an exact transformation, we convert the information encoded in the decision trees and the neural networks to linear decision rules that we incorporate as conditional constraints in an optimization problem (MILP or MISOCP). Our approach introduces a framework to unify security considerations with electricity market operations, capturing not only steady-state but also dynamic stability constraints in power system optimization, and has the potential to eliminate redispatching costs, leading to savings of millions of euros per year.

In this extended abstract, we outline an approach for security certification of products or services for modern commercial systems that are characterized by agile development, the integration of development and operations, and high dynamics of system features and structures. The proposed scheme rather evaluates the processes applied in development and operations than investigates into the validity of the product properties itself. We argue that the resulting claims are still suitable to increase the confidence in the security of products and services resulting from such processes.

Dealing with algorithms, which process large amount of similar data by using significant number of small and various sizes of memory allocation/de-allocation in a dynamic yet deterministic way, is an important issue for soft real-time systems designs. In order to improve the response time, efficiency and security of this kind of processing, we propose a software-based memory management method based on hierarchy of shared memory pools, which could be used to replace standard heap management mechanism of the operating system for some cases. Implementation of this memory management scheme can allocate memory through processing allocation/de-allocation requests of required space. Lockable implementation of this model can safely deal with the multi-threaded concurrent access. We also provide the results of experiments, according to which response time of test systems with soft time-bounded execution demand were considerably improved.

Dynamic security assessment (DSA) is to ensure the power system being operated under a secure condition that can withstand potential contingencies. DSA normally proceeds periodically on a 5 to 15 minutes basis, where the system security condition over a complete time interval is merely determined upon the system snapshot captured at the beginning of the interval. With high wind power penetration, the minute-to-minute variations of wind power can lead to more volatile power system states within a single DSA time interval. This paper investigates the intra-interval variation (IIV) phenomenon in power system online DSA and analyze whether the IIV problem is deserved attention in future DSA research and applications. An IIV-contaminated testing environment based on hierarchical Monte-Carlo simulation is developed to evaluate the practical IIV impacts on power system security and DSA performance. The testing results show increase in system insecurity risk and significant degradation in DSA accuracy in presence of IIV. This result draws attention to the IIV phenomenon in DSA of wind-energy power systems and calls for more robust DSA approach to mitigate the IIV impacts.

Existing security models are highly linear and fail to capture the rich interactions that occur across security technology, infrastructure, cybersecurity, and human/organizational components. In this work, we will leverage insights from resilience science, complex system theory, and network theory to develop a next-generation security model based on these interactions to address challenges in complex, nonlinear risk environments and against innovative and disruptive technologies. Developing such a model is a key step forward toward a dynamic security paradigm (e.g., shifting from detection to anticipation) and establishing the foundation for designing next-generation physical security systems against evolving threats in uncontrolled or contested operational environments.

In this paper, we highlight a fundamental vulnerability associated with the widely adopted “Just Tap” push-based authentication in the face of a concurrency attack, and propose the method REPLICATE, a redesign to counter this vulnerability. In the concurrency attack, the attacker launches the login session at the same time the user initiates a session, and the user may be fooled, with high likelihood, into accepting the push notification which corresponds to the attacker's session, thinking it is their own. The attack stems from the fact that the login notification is not explicitly mapped to the login session running on the browser in the Just Tap approach. REPLICATE attempts to address this fundamental flaw by having the user approve the login attempt by replicating the information presented on the browser session over to the login notification, such as by moving a key in a particular direction, choosing a particular shape, etc. We report on the design and a systematic usability study of REPLICATE. Even without being aware of the vulnerability, in general, participants placed multiple variants of REPLICATE in competition to the Just Tap and fairly above PIN-based authentication.

Non-interference is a program property that ensures the absence of information leaks. In the context of programming languages, there exist two common approaches for establishing non-interference: type systems and program logics. Type systems provide strong automation (by means of type checking), but they are inherently restrictive in the kind of programs they support. Program logics support challenging programs, but they typically require significant human assistance, and cannot handle modules or higher-order programs.To connect these two approaches, we present SeLoC—a separation logic for non-interference, on top of which we build a type system using the technique of logical relations. By building a type system on top of separation logic, we can compositionally verify programs that consist of typed and untyped parts. The former parts are verified through type checking, while the latter parts are verified through manual proof.The core technical contribution of SeLoC is a relational form of weakest preconditions that can track information flow using separation logic resources. SeLoC is fully machine-checked, and built on top of the Iris framework for concurrent separation logic in Coq. The integration with Iris provides seamless support for fine-grained concurrency, which was beyond the reach of prior type systems and program logics for non-interference.

Smart Contracts based cryptocurrencies such as Ethereum are becoming increasingly popular in various domains: but with this increase in popularity comes a significant decrease in throughput and efficiency. Smart Contracts are executed by every miner in the system serially without any parallelism, both inter and intra-Smart Contracts. Such a serial execution inhibits the scalability required to obtain extremely high throughput pertaining to computationally intensive tasks deployed with such Smart Contracts. While significant advancements have been made in the field of concurrency, from GPU architectures that enable massively parallel computation to tools such as MapRe-duce that distributed computing to several nodes connected in the system to achieve higher performance in distributed systems, none are incorporated in blockchain-based distributed computing. The team proposes a novel blockchain that allows public nodes in a permission-independent blockchain to deploy and run Smart Contracts that provide concurrency-related functionalities within the Smart Contract framework. In this paper, the researchers present “ConCurrency,” a blockchain network capable of handling big data-based computations. The technique is based on currently used distributed system paradigms, such as MapReduce, while also allowing for fundamental parallelly computable problems. Concurrency is achieved using a sharding protocol incorporated with consensus mechanisms to ensure high scalability, high reliability, and better efficiency. A detailed methodology and a comprehensive analysis of the proposed blockchain further indicate a significant increase in throughput for parallelly computable tasks, as detailed in this paper.

The fifth-generation (5G) standard is the last telecommunication technology, widely considered to have the most important characteristics in the future network industry. The 5G system infrastructure contains three principle interfaces, each one follows a set of protocols defined by the 3rd Generation Partnership Project group (3GPP). For the next generation network, 3GPP specified two authentication methods systematized in two protocols namely 5G Authentication and Key Agreement (5G-AKA) and Extensible Authentication Protocol (EAP). Such protocols are provided to ensure the authentication between system entities. These two protocols are critical systems, thus their reliability and correctness must be guaranteed. In this paper, we aim to formally re-examine 5G-AKA protocol using micro Common Representation Language 2 (mCRL2) language to verify such a security protocol. The mCRL2 language and its associated toolset are formal tools used for modeling, validation, and verification of concurrent systems and protocols. In this context, the authentication protocol 5G-AKA model is built using Algebra of Communication Processes (ACP), its properties are specified using Modal mu-Calculus and the properties analysis exploits Model-Checker provided with mCRL2. Indeed, we propose a new mCRL2 model of 3GPP specification considering 5G-AKA protocol and we specify some properties that describe necessary requirements to evaluate the correctness of the protocol where the parsed properties of Deadlock Freedom, Reachability, Liveness and Safety are positively assessed.

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal and external timing attacks. Inspired by previous works that use classical Hoare style proof systems for establishing correctness of distributed (real-time) programs, in this paper, we describe a method for finding information leaks in concurrent programs through the introduction of leaky assertions at observable program points. Specifying leaky assertions akin to classic assertions, we demonstrate how information leaks can be detected in a concurrent context. To our knowledge, this is the first such work that enables integration of different notions of non-interference used in functional and security context. While the approach is sound and relatively complete in the classic sense, it enables the use of algorithmic techniques that enable programmers to come up with leaky assertions that enable checking for information leaks in sensitive applications.

In order to solve the problem of data analysis and application caused by the inefficient integration of hardware and software compatibility of hardware in the Internet of things, this paper proposes and designs a C/S framework communication system based on task driven and multi-user authority. By redefining the relationship between users and hardware and adopting the matching framework for different modules, the system realizes the high concurrent and complex data efficient collaborative processing between software and hardware. Finally, by testing and verifying the functions of the system, the communication system effectively realizes the functions of data processing between software and hardware, and achieves the expected results.

A number of approaches have been developed for analysing information flow in concurrent programs in a compositional manner, i.e., in terms of one thread at a time. Early approaches modelled the behaviour of a given thread's environment using simple read and write permissions on variables, or by associating specific behaviour with whether or not locks are held. Recent approaches allow more general representations of environmental behaviour, increasing applicability. This, however, comes at a cost. These approaches analyse the code in a forwards direction, from the start of the program to the end, constructing the program's entire state after each instruction. This process needs to take into account the environmental influence on all shared variables of the program. When environmental influence is modelled in a general way, this leads to increased complexity, hindering automation of the analysis. In this paper, we present a compositional information flow analysis for concurrent systems which is the first to support a general representation of environmental behaviour and be automated within a theorem prover. Our approach analyses the code in a backwards direction, from the end of the program to the start. Rather than constructing the entire state at each instruction, it generates only the security-related proof obligations. These are, in general, much simpler, referring to only a fraction of the program's shared variables and thus reducing the complexity introduced by environmental behaviour. For increased applicability, our approach analyses value-dependent information flow, where the security classification of a variable may depend on the current state. The resulting logic has been proved sound within the theorem prover Isabelle/HOL.

In the ever evolving Internet threat landscape, Distributed Denial-of-Service (DDoS) attacks remain a popular means to invoke service disruption. DDoS attacks, however, have evolved to become a tool of deceit, providing a smokescreen or distraction while some other underlying attack takes place, such as data exfiltration. Knowing the intent of a DDoS, and detecting underlying attacks which may be present concurrently with it, is a challenging problem. An entity whose network is under a DDoS attack may not have the support personnel to both actively fight a DDoS and try to mitigate underlying attacks. Therefore, any system that can detect such underlying attacks should do so only with a high degree of confidence. Previous work utilizing flow aggregation techniques with multi-class anomaly detection showed promise in both DDoS detection and detecting underlying attacks ongoing during an active DDoS attack. In this work, we head in the opposite direction, utilizing flow segmentation and concurrent flow feature aggregation, with the primary goal of greatly reduced detection times of both DDoS and underlying attacks. Using the same multi-class anomaly detection approach, we show greatly improved detection times with promising detection performance.

Mobile devices have been widely used to deploy security-sensitive applications such as mobile payments, mobile offices etc. SM2 digital signature technology is critical in these applications to provide the protection including identity authentication, data integrity, action non-repudiation. Since mobile devices are prone to being stolen or lost, several server-aided SM2 cooperative signature schemes have been proposed for the mobile scenario. However, existing solutions could not well fit the high-concurrency scenario which needs lightweight computation and communication complexity, especially for the server sides. In this paper, we propose a SM2 cooperative signature algorithm (SM2-CSA) for the high-concurrency scenario, which involves only one-time client-server interaction and one elliptic curve addition operation on the server side in the signing procedure. Theoretical analysis and practical tests shows that SM2-CSA can provide better computation and communication efficiency compared with existing schemes without compromising the security.

This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.

Making use of spectrally diverse communications links to re-route traffic in response to dynamic environments to manage network bottlenecks has become essential in order to guarantee message delivery across heterogeneous networks. We propose an innovative, proactive Congestion Aware Intent-Based Routing (CONAIR) architecture that can select among available communication link resources based on quality of service (QoS) metrics to support continuous information exchange between networked participants. The CONAIR architecture utilizes a Network Controller (NC) and artificial intelligence (AI) to re-route traffic based on traffic priority, fundamental to increasing end user quality of experience (QoE) and mission effectiveness. The CONAIR architecture provides network behavior prediction, and can mitigate congestion prior to its occurrence unlike traditional static routing techniques, e.g. Open Shortest Path First (OSPF), which are prone to congestion due to infrequent routing table updates. Modeling and simulation (M&S) was performed on a multi-hop network in order to characterize the resiliency and scalability benefits of CONAIR over OSPF routing-based frameworks. Results demonstrate that for varying traffic profiles, packet loss and end-to-end latency is minimized.

In this paper, we investigate how to automatically persist versioned data structures in distributed settings (e.g. cloud + edge) using append-only storage. By doing so, we facilitate resiliency by enabling program state to survive program activations and termination, and program-level data structures and their version information to be accessed programmatically by multiple clients (for replay, provenance tracking, debugging, and coordination avoidance, and more). These features are useful in distributed, failure-prone contexts such as those for heterogeneous and pervasive Internet of Things (IoT) deployments. We prototype our approach within an open-source, distributed operating system for IoT. Our results show that it is possible to achieve algorithmic complexities similar to those of in-memory versioning but in a distributed setting.

As Edge deployments move closer towards the end devices, low latency communication among Edge aware applications is one of the key tenants of Edge service offerings. In order to simplify application development, service mesh architectures have emerged as the evolutionary architectural paradigms for taking care of bulk of application communication logic such as health checks, circuit breaking, secure communication, resiliency (among others), thereby decoupling application logic with communication infrastructure. The latency to throughput ratio needs to be measurable for high performant deployments at the Edge. Providing benchmark data for various edge deployments with Bare Metal and virtual machine-based scenarios, this paper digs into architectural complexities of deploying service mesh at edge environment, performance impact across north-south and east-west communications in and out of a service mesh leveraging popular open-source service mesh Istio/Envoy using a simple on-prem Kubernetes cluster. The performance results shared indicate performance impact of Kubernetes network stack with Envoy data plane. Microarchitecture analyses indicate bottlenecks in Linux based stacks from a CPU micro-architecture perspective and quantify the high impact of Linux's Iptables rule matching at scale. We conclude with the challenges in multiple areas of profiling and benchmarking requirement and a call to action for deploying a service mesh, in latency sensitive environments at Edge.

In many distributed learning setups such as federated learning, client nodes at the edge use individually collected data to compute the local gradients and send them to a central master server, and the master aggregates the received gradients and broadcasts the aggregation to all clients with which the clients can update the global model. As straggling communication links could severely affect the performance of distributed learning system, Prakash et al. proposed to utilize helper nodes and coding strategy to achieve resiliency against straggling client-to-helpers links. In this paper, we propose two coding schemes: repetition coding (RC) and MDS coding both of which enable the clients to update the global model in the presence of only helpers but without the master. Moreover, we characterize the uplink and downlink communication loads, and prove the tightness of uplink communication load. Theoretical tradeoff between uplink and downlink communication loads is established indicating that larger uplink communication load could reduce downlink communication load. Compared to Prakash's schemes which require a master to connect with helpers though noiseless links, our scheme can even reduce the communication load in the absence of master when the number of clients and helpers is relatively large compared to the number of straggling links.