وبلاگ بلیان

Computer Security : ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14{u2013}18, 2020, Revised Selected Papers

معرفی کتاب «Computer Security : ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14{u2013}18, 2020, Revised Selected Papers» نوشتهٔ Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Stefanos Gritzalis, Weizhi Meng, Steven Furnell، منتشرشده توسط نشر Springer International Publishing : Imprint : Springer در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in Guildford, UK, in September 2020 in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020. Due to COVID-19 pandemic the conference was held virtually The CyberICPS Workshop received 21 submissions from which 5 full papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyberattacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 4 full papers out of 7 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance. From the ADIoT Workshop 2 full papers and 2 short papers out of 12 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms. CyberICPS 2020 Preface CyberICPS 2020 Organization SECPRE 2020 Preface SECPRE 2020 Organization ADIoT 2020 Preface ADIoT 2020 Organization Contents CyberICPS Workshop Integrated Analysis of Safety and Security Hazards in Automotive Systems 1 Introduction 2 Related Work 3 Modeling 4 Formalization 4.1 Markov Decision Processes 5 Automating the Risk Analysis 5.1 HSM Integration 5.2 Infotainment Dependency 5.3 Redundant AI Sensors 5.4 Scalability 6 Conclusion and Future Work References Attack Path Analysis for Cyber Physical Systems 1 Introduction 2 Related Work 3 Discovering and Analyzing Attack Paths 3.1 Problem Formulation 3.2 Components of the Proposed Method 3.3 Input Data 3.4 The Proposed Method 3.5 Characteristics of the Method 4 Attacks Against the Navigational CPSs of the C-ES 5 Conclusions References Identifying and Analyzing Implicit Interactions in a Wastewater Dechlorination System 1 Introduction 2 Modeling and Analysis Approaches 2.1 System Modeling Approach 2.2 Approach for Identifying Implicit Interactions 2.3 Approach for Analyzing Implicit Interactions 2.4 Tool Support 3 System Modeling and Specification 3.1 Wastewater Dechlorination System Description 3.2 C2KASpecification of the WDS 3.3 Intended System Interactions 4 Identification and Analysis of Implicit Interactions 4.1 Identification of Implicit Interactions 4.2 Severity Analysis of Implicit Interactions 4.3 Exploitability Analysis of Implicit Interactions 4.4 Additional Observations 5 Validation of the Model and Analysis Results 5.1 Model Validation 5.2 Domain Expert Questionnaire 5.3 Questionnaire Results 6 Lessons Learned 7 Related Work 8 Concluding Remarks References A Survey of Cryptography-Based Authentication for Smart Grid Communication 1 Introduction 2 Related Work 3 Smart Grid Cryptography 3.1 Overview of Cryptography Schemes 4 Literature Overview 4.1 Elliptic Curve Cryptography 4.2 Literature Overview of ECC Algorithms for Smart Grid 5 Comparison of Cryptography Schemes for Smart Grids 5.1 Comparison of Security Properties of Cryptography Schemes 5.2 Performance Analysis of Cryptography Schemes 6 Limitations 7 Conclusion and Future Work References Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment 1 Introduction 1.1 The Need for Secure Coding Awareness 1.2 Standards, Industry, and Academic Efforts 1.3 Automatic Challenge Evaluation 1.4 Contributions of This Work 1.5 Paper Outline 2 Related Work 3 Sifu Platform 3.1 Problem Statement 3.2 Code-Entry Challenge Platform Architecture 4 Results 4.1 Challenge Feedback 4.2 Sifu Survey 4.3 Threats to Validity 5 Conclusions References IoT Vulnerability Scanning: A State of the Art 1 Introduction 2 Vulnerability Scanning: State-of-the-Art 2.1 Scanning Goals 2.2 Scanning Space 2.3 Scanning Challenges 2.4 Scanning Process 3 Nordic IoT and IIoT Telescope: Empirical Study 3.1 Nordic Connectivity 3.2 Vulnerability Scanning 4 Conclusion References Learning from Vulnerabilities - Categorising, Understanding and Detecting Weaknesses in Industrial Control Systems 1 Introduction 2 Connecting Sources of Data for Vulnerability Insights 3 Understanding and Classifying Vulnerabilities 4 Validating Our Categories and Detection Methods 5 Conclusion References Self Adaptive Privacy in Cloud Computing Environments: Identifying the Major Socio-Technical Concepts 1 Introduction 2 Self-adaptive Privacy Within Cloud Computing Environments (CCE) 3 Exploring Socio-technical Aspects 3.1 Users’ Social Aspects 3.2 Exploring Technical Privacy Aspects 4 Self Adaptive Privacy Concepts Within CCE 4.1 Social Layer: 4.2 Software Layer: 4.3 Infrastructure Layer: 4.4 Layers’ Interrelation: 5 Conclusion and the Future References SECPRE Workshop Definition and Verification of Security Configurations of Cyber-Physical Systems 1 Introduction 2 Related Work 2.1 Cybersecurity and Feature Model Analysis 2.2 Ontologies and Security Requirements for Cybersecurity 3 Case Study of a Cyber-Physical System 4 Security Requirements for Cyber-Physical Systems 4.1 Representation of Security Requirements in JSON 4.2 Security Requirements for the Case Study 5 Verification of CPS Security Requirements by Using Feature Models 5.1 Feature Models 5.2 Catalogue of Feature Models for CPS 5.3 Verification Examples for the Case Study 6 Conclusion and Future Work References GDPR Compliance: Proposed Guidelines for Cloud-Based Health Organizations 1 Introduction 2 Challenges Faced by Organizations During GDPR Compliance 2.1 Principles Relating to Processing of Personal Data in GDPR 2.2 Other Security Aspects 3 Changes Introduced by the GDPR 3.1 Records of Processing Activities 3.2 Territorial Scope-Third Country Data Transfers 3.3 Data Protection Impact Assessment (DPIA) 3.4 Subjects’ Rights 3.5 Data Breach Notification 3.6 Data Protection Officer 3.7 Penalties 3.8 Controllers and Processors 3.9 Consent 3.10 Data Protection by Design and by Default 4 Key Aspects of the GDPR of Particular Relevance to Healthcare 4.1 Security 4.2 Request (Explicit) Consent 4.3 Change in the Way Medical Results Are Obtained 4.4 Strengthening of Data Subjects’ Rights 4.5 GDPR Roles 4.6 Security and Privacy Policies 5 Basis Tasks that Health Organizations Should Do for the Compliance with GDPR 5.1 Identify Categories of Subjects and Personal Data 5.2 Identification of Personal Data Sources and of Purpose of Processing 5.3 Selection and Determination of the Legal Basis for Each Processing of Personal Data 5.4 Determining the Period Personal Data Are Maintained 5.5 Special Actions for Compliance with the GDPR 6 Conclusions References Aligning the Concepts of Risk, Security and Privacy Towards the Design of Secure Intelligent Transport Systems 1 Introduction 2 Literature Review 3 Background Analysis 3.1 Risk Analysis 3.2 Security Requirements Engineering Analysis 3.3 Privacy Requirements Engineering Analysis 4 Concept Alignment 5 Conclusions References Identifying Implicit Vulnerabilities Through Personas as Goal Models 1 Introduction 2 Related Work 2.1 Finding Vulnerabilities Using Social Goal Modelling 2.2 Personas for Security 2.3 IRIS and CAIRIS 3 Approach 3.1 Conceptual Model 3.2 Modelling User Goal Contributions 3.3 Identifying Implicit Vulnerabilities 3.4 Tool-Support 4 Case Study 4.1 ACME Water Security Policy 4.2 User Goal Model Creation 4.3 ICT Awareness Implicit Vulnerabilities 4.4 Validating Vulnerabilities with Implicit Vulnerabilities 5 Discussion and Limitations 6 Conclusion References ADIoT Workshop Cooperative Speed Estimation of an RF Jammer in Wireless Vehicular Networks 1 Introduction 2 Related Work 3 System Model and Assumptions 3.1 Considered Channel Models 3.2 Jammer Behavior 4 Joint Data and Jamming Signal Estimation 4.1 MSE Derivation 5 Jammer Speed Estimation 6 Numerical and Simulation Results for AWGN and Rayleigh Channels 6.1 Results for an AWGN Channel 6.2 Results for Rayleigh Fading Channel 6.3 Results for MSE Vs z2 7 Simulation Results for Vehicular Channel 7.1 Cooperative Jammer Speed Estimation Results 8 Conclusions A Appendix References Extended Abstract: Towards Physical-Layer Authentication for Backscatter Devices 1 Introduction 2 Background 3 Related Work 4 Design Issues 4.1 Overview 4.2 Message Authentication Code 4.3 Preliminary Reliability Analysis 4.4 MAC Implementation 5 First Prototype 6 Discussion 7 Conclusions References P2Onto: Making Privacy Policies Transparent 1 Introduction 2 Related Works 3 Methodology 3.1 P2Onto Ontology 3.2 Mapping of the Policy Text into P2Oto Concepts 3.3 Privacy Rule Construction 4 Usage Scenario and Discussion 5 Conclusions References Extended Abstract - Transformers: Intrusion Detection Data in Disguise 1 Introduction 2 Background and Related Work 3 Context and Context Awareness 3.1 Definitions 3.2 Context and Context Awareness for IoT IDS 4 Situation and Situational Awareness 4.1 Definitions 4.2 Situation and Situational Awareness for IoT IDS 5 Comparison 6 Conclusion References Author Index
دانلود کتاب Computer Security : ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14{u2013}18, 2020, Revised Selected Papers