Computer security : ESORICS 2022 international workshops : CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26-30, 2022, revised selected papers
معرفی کتاب «Computer security : ESORICS 2022 international workshops : CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26-30, 2022, revised selected papers» نوشتهٔ Sokratis Katsikas, Frédéric Cuppens, Christos Kalloniatis, John Mylopoulos, Frank Pallas, Jörg Pohle, M. Angela Sasse, Habtamu Abie, Silvio Ranise, Luca Verderame, Enrico Cambiaso, Jorge Maestre Vidal, Marco Antonio Sotelo Monge, Massimiliano Albanese, Ba، منتشرشده توسط نشر Springer International Publishing Springer در سال 1378. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Preface This book contains revised versions of the papers presented at the 8th Workshop on Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2022). The workshop was co-located with the 27th European Symposium on Research in Computer Security (ESORICS 2022) and was held in Copenhagen, Denmark, on September 29th, 2022.Cyber-physical systems (CPS) are physical and engineered systems that interact with the physical environment, whose operations are monitored, coordinated, controlled, and integrated using information and communication technologies. These systems exist everywhere around us, and range in size, complexity, and criticality, from embedded systems used in smart vehicles, to SCADA systems in smart grids, to control systems in water distribution systems, to smart transportation systems, to plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other Industrial Control Systems (ICS). These systems also include the emerging trend of Industrial Internet of Things (IIoT) that will be the central part of the fourth industrial revolution. As ICS and CPS proliferate, and increasingly interact with us and affect our lives, their security becomes of paramount importance.CyberICPS 2022 brought together researchers, engineers, and governmental actors with an interest in the security of ICS and CPS in the context of their increasing exposure to cyberspace, by offering a forum for discussion on all issues related to their cyber security. CyberICPS 2022 attracted 15 high-quality submissions, each of which was assigned to 3 referees for review; the review process resulted in 8 papers being accepted to be presented and included in the proceedings i.e., the acceptance rate was 53%. The chairs and members of the Program Committee had no involvement with or visibility of the reviewing process of submissions authored or co-authored by them. The accepted papers cover topics related to many aspects of cyber security in cyber-physical and industrial control systems, ranging from threats, to risks that such systems face, to cyberattacks that may be launched against such systems, to ways of detecting and responding to such attacks.We would like to express our thanks to all those who assisted us in organizing the event and putting together the program. We are very grateful to the members of the Program Committee for their timely and rigorous reviews. Thanks are also due to the ESORICS Workshop Chairs and to the ESORICS Organizers. Last, but by no means least, we would like to thank all the authors who submitted their work to the workshop and contributed to an interesting set of proceedings. Preface Contents 8th Workshop on Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2022) Preface Organization General Chairs Program Chairs Publicity Chair Program Committee External Reviewers Towards Comprehensive Modeling of CPSs to Discover and Study Interdependencies 1 Introduction 2 Related Work 3 Background 3.1 Graph Theory 3.2 Bond Graph 4 Method 4.1 BG2 Model 4.2 Dependency Identification Based on the BG2 Model 5 Case Study 5.1 BG2 Model of the System 5.2 Dependency Analysis 6 Conclusion References Coordinated Network Attacks on Microgrid Dispatch Function: An EPIC Case Study 1 Introduction 2 Dispatch Function for Islanded Microgrid Operation 3 Communication Protocols and Standards for Microgrid 4 Case Study: Attacks on Microgrid Dispatch Functions 4.1 EPIC System Overview 4.2 Attacks on IEC 61850-Based Communication Protocols 4.3 EPIC Modbus Communication Network 4.4 Coordinated Attacks Targeting Multiple Protocols 5 Conclusion References Adversarial Attacks and Mitigations on Scene Segmentation of Autonomous Vehicles 1 Introduction 2 Background 2.1 Semantic Segmentation 2.2 Adversarial Attack 3 Work Execution 3.1 Drawbacks of I-FGSM 3.2 Momentum-Based I-FGSM 3.3 Mitigation 4 Experiments and Results 4.1 Experiment Settings 4.2 Impact of Parameters 4.3 Defence 4.4 Discussions 5 Conclusion References Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions 1 Introduction 2 Time-Sensitive Networking 3 IEEE 802.1CB 4 Possible Security Risks 4.1 Sequence Numbering 4.2 Path Configuration 5 Existing Solutions 5.1 MACsec - 802.1AE-2018 5.2 MACsec - TSN-MIC 5.3 Chaos Cipher 5.4 KD and SC 6 Evaluation of Attacks and Solutions 7 Related Work 8 Conclusion References The Effects of the Russo-Ukrainian War on Network Infrastructures Through the Lens of BGP 1 Introduction 2 Preliminaries 2.1 BGP UPDATE 2.2 Outages 3 Measurements 3.1 Collecting and Analyzing BGP Data 3.2 Results and Discussion 4 Related Work 5 Conclusions References Cybersecurity Awareness for Small and Medium-Sized Enterprises (SMEs): Availability and Scope of Free and Inexpensive Awareness Resources 1 Introduction 2 Rationale and Research Objectives 3 Analysis and Findings 3.1 European Agencies and Organizations 3.2 EU Funded and National Projects 3.3 National Organizations from the EEA Countries and the United Kingdom 3.4 European Trade Associations and Federations 3.5 Private Organizations 4 Discussions and Conclusions Appendix References A Framework for Developing Tabletop Cybersecurity Exercises 1 Introduction 2 Related Work 3 Methods 3.1 Recommendations from Literature 3.2 Recommendations from Academic Stakeholders 3.3 Recommendations from Industry Stakeholders 4 Results 4.1 Experiment 1 4.2 Experiment 2 4.3 Experiment 3 5 Discussion 6 Conclusion References A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems 1 Introduction 2 Related Work 2.1 Threat Modelling Methodologies 2.2 Risk Analysis Methodologies 3 System Model 3.1 Service-Oriented Scope Establishment and Valuation 3.2 Manual Composition or Automatic Decomposition of Assets 3.3 Correlation of Threats and Vulnerabilities 3.4 Risk Estimation 4 Dynamic Risk Analysis and Threat Modelling 5 Comparative Analysis 6 Conclusions References 6th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2022) Preface Organization General Chairs Program Committee Chairs Program Committee OntoCyrene: Towards Ontology-Enhanced Asset Modelling for Supply Chains in the Context of Cyber Security 1 Introduction 2 Background 2.1 Business Process Model and Notation (BPMN) 2.2 Ontology 3 Related Works 4 Methodology 5 Design and Implementation 5.1 Architecture of OntoCyrene 5.2 OntoCyrene Class Hierarchy 5.3 OntoCyrene Object and Data Properties (Relationships) 5.4 Ontology Population 6 Evaluation 6.1 Evaluating the Ontology by Business Partners (CRF) 6.2 Ontology Evaluation Using Competency Questions 6.3 Ontology Evaluation Using OntoQA 7 Conclusion References Measuring the Adoption of TLS Encrypted Client Hello Extension and Its Forebear in the Wild 1 Introduction 2 Related Work 3 Protecting the SNI in TLS Handshakes 3.1 Background on ESNI 3.2 Background on ECH 4 Measurements 4.1 Setup 4.2 Results 5 Conclusions References 4th Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2022) Preface Organization Organizers Program Committee Influencing Factors for Users’ Privacy and Security Protection Behavior in Smart Speakers: Insights from a Swiss User Study 1 Introduction 2 Prior Research 2.1 Privacy and Security Threats of Smart Speaker Technology 2.2 Privacy and Security Perception and Concerns of Smart Speaker Users 2.3 Protective Behavior and Measures in Smart Speaker Usage 2.4 Research Question and Research Model 3 Methodology and Survey Design 4 Results 4.1 Usage of Smart Speakers 4.2 Factors Influencing Protective Measures 5 Discussion 6 Conclusion References Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach 1 Introduction 2 Background and Motivation 2.1 ISO 27001 2.2 EBIOS RM 2.3 MITRE ATT&CK 2.4 Motivation 3 State of the Art 4 Security Impact Analysis Framework 4.1 Know, Enter, Find, Exploit (KEFE) Process Model 4.2 KEFE Model Example 4.3 Conceptual Framework 5 Technical Foundation 6 Discussion 7 Conclusion References Data Protection Officers' Perspectives on Privacy Challenges in Digital Ecosystems 1 Introduction 2 Privacy in Digital Ecosystems 2.1 Digital Ecosystems 2.2 Data Protection Requirements 2.3 Related Work 3 Methodology 3.1 Interview Guidelines Design and Study Procedure 3.2 Participant Recruitment, Enrollment, and Background 3.3 Data Collection and Analysis 3.4 Ethical Considerations 4 Digital Ecosystems Overview 5 Data Protection Challenges 5.1 Implementing Legal Requirements 5.2 Implementing Data Subject Rights 5.3 Responsibility of Operators for the Entire Digital Ecosystem 5.4 Helpful (Future) Steps for More Effective Data Protection 6 Discussion and Implications 7 Conclusion A Appendix – Semi-structured Interview A.1 Introduction A.2 Detailed Description of the Ecosystem A.3 Privacy Challenges A.4 Privacy Dashboards References Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours 1 Introduction 2 Enabling the Acquisition of Secure Behaviours 3 Beyond Secure Routines: Building Competence for ``Security Heroes'' 4 The Need for Evaluation and Continuous Improvement 4.1 ``Well - I Wouldn't Start from Here'' 4.2 What is Success? 4.3 How to Evaluate Security Awareness 5 Conclusions and Recommendations 5.1 Board Members 5.2 For Executives 5.3 CISOs 5.4 Security Specialists 5.5 Security Awareness Specialists References 3rd Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2022) Preface Organization General Chairs Program Committee Chairs Program Committee Towards Reverse Engineering of Industrial Physical Processes 1 Introduction 2 Background 3 A Black-Box Dynamic Analysis for Water Tank Systems 3.1 A Scanning Tool for Graph Analysis of PLC Registers 3.2 Business Process Analysis 3.3 Invariant Analysis 4 Running Example 5 A Methodology to Extrapolate Process Comprehension 5.1 Data Collection and Graph Analysis 5.2 Business Process Analysis 5.3 Process Invariants Analysis 5.4 Discussion 6 Conclusions, Related and Future Work References Solutions for Protecting the Space Ground Segments: From Risk Assessment to Emergency Response 1 Introduction 2 Background Analysis 2.1 Critical Infrastructures Crisis Management Process 2.2 Best Practices and Solutions for the Crisis Management Process in CIs 3 7SHIELD Project and Reference Architecture 4 Advanced 7SHIELD Solutions for Space Ground Segments 4.1 CIRP-RAT Tool 4.2 ENGAGE CSIM Solution 4.3 ERP Module 5 Conclusions and Future Work References Modelling and Simulation of Railway Networks for Resilience Analysis 1 Introduction 2 Modelling of the Network 2.1 Numerical Simulation Using CaESAR 2.2 Resilience Quantification 2.3 Criticality Assessment 2.4 Impact Propagation 3 Use Case 4 Results 5 Conclusion References HoneyChart: Automated Honeypot Management over Kubernetes 1 Introduction 2 Background 2.1 Honeypots 2.2 Kubernetes 2.3 Helm Charts 3 Implementation 3.1 Custom Honeypots 3.2 Pre-built Interfaces 3.3 Automated Port Mapping 4 Deployment 5 Conclusion References ComSEC: Secure Communications for Baggage Handling Systems 1 Introduction 2 Related Work 3 ComSEC 3.1 Bridged Interfaces 3.2 Netfilter Modules 3.3 Integrity Enforcer 3.4 Control Packets 3.5 Integrity Verifier 3.6 Alert Exportation Module 4 Implementation 5 Evaluation 6 Conclusion References Methodology for Resilience Assessment for Rail Infrastructure Considering Cyber-Physical Threats 1 Introduction 2 Threat Detection 3 Resilience Assessment 3.1 Metro Station Model 3.2 Simulation Specifications 3.3 Simulation Results 4 Metro and Train Infrastructure Network 4.1 Metro Grid 4.2 Agent-based Model 5 Conclusion and Outlook References Coverage-Guided Fuzzing of Embedded Systems Leveraging Hardware Tracing 1 Introduction 1.1 Fuzz Testing Embedded Systems 1.2 Hardware Tracing as Feedback Channel 1.3 Contributions 2 Setup for ``Bare-Metal'' Coverage-Guided Fuzz Testing 2.1 Evaluation of a Test Case 2.2 Specific Challenges of Traces Obtained via Periodic PC Sampling 3 Enabling Instruction Coverage-Guided Fuzzing 3.1 Combating False-Positive Detection 3.2 A Time-Efficient Seed Selection Strategy 4 Implementation and Evaluation 4.1 Target System Hardware 4.2 Example 1: Deeply Nested Conditional Statements 4.3 Example 2: Fuzz Testing a JSON Parser 5 Conclusion References Challenges and Pitfalls in Generating Representative ICS Datasets in Cyber Security Research 1 Introduction 2 Key Properties of a Representative ICS Dataset 3 Limitations of Existing ICS Datasets 4 Building Testbed for Generating Representative ICS Datasets 4.1 Technical Details About Our Testbed 4.2 Generation of ICS Datasets from Our Testbed 5 Related Work 6 Discussion and Conclusion References Securing Cyber-Physical Spaces with Hybrid Analytics: Vision and Reference Architecture 1 Introduction 2 Cyber-Physical Space Protection: A Hybrid Analytics Approach 2.1 Reference Architecture 3 Data Collection 3.1 Cyber Sources: Deep and Dark Web Pages 3.2 Physical Sources: IoT Devices 4 Data Anonymization 4.1 KGen: A Data Anonymization Tool for Structured Data 5 Data Analytics and Monitoring 5.1 Monitor and Analytics of a Physical Environment 5.2 Dark Web Analytics 6 Hybrid Analytic Services 7 Limitation and Threat to Validity 8 Discussion and Conclusion 8.1 Future Work References A Precision Cybersecurity Workflow for Cyber-physical Systems: The IoT Healthcare Use Case 1 Introduction 2 The Use Case: IoT Medical Healthcare Scenario 2.1 Security Issues in Telemedicine Ecosystem 2.2 Mitigation Techniques and Current Limitations 3 Methodology 4 Prototype and Experimental Results 4.1 Observe Phase - Determining the Variables and Correlations 4.2 Plan Phase - Establishing Thresholds and Rules 4.3 Do-Check-Act Cycle - A MQTT Monitor 5 Related Work 6 Conclusions References 2nd International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT & SECOMANE 2022) Preface Organization General Chairs Program Committee Chairs A Revisitation of Clausewitz's Thinking from the Cyber Situational Awareness Perspective 1 Introduction 2 Political and Military Objectives in Cyberwarfare 3 Digital Societies and War 4 Friction Forces on Cyberspace 4.1 Cyber Frictions 4.2 Leveraging the Cyber Fog of War 5 Centers of Gravity and Cyberspace 6 Decisive Conditions and Culminating Points 7 Conclusions References Examining 5G Technology-Based Applications for Military Communications 1 Introduction 2 Overview of Key Concepts About 5G Technology 3 Applications of 5G for Military Communications 3.1 Internet of Battle Things, Wearables and 5G 3.2 5G for Deployable Headquarters Communications 3.3 A 5G-UAV Ecosystem for Military Communications 3.4 Logistics and Training Applications 3.5 Enhanced Satellite Communications. A Use Case for 5G Non-terrestrial Networks (NTN) 4 5GPP Key Parameters on Military Applications 5 Conclusions References Design of a Validation Model of the Cognitive State in Military Operations in Cyberspace 1 Introduction 2 Theoretical Framework 2.1 Military Doctrine 2.2 Cibersecurity in OTAN 2.3 Decision Making 2.4 Stress 2.5 Effect of Cognitive State 3 Biometric Systems 3.1 Brain Computer Interface 4 Research Problem 5 Design of the Cognitive Assessment Model 6 Experiments and Results 6.1 Validation Proposal 6.2 Tests and Validation 6.3 Conclusions 6.4 Future Lines References Design and Validation of a Threat Model Based on Cyber Kill Chain Applied to Human Factors 1 Introduction 2 Background 2.1 Cognitive Biases 2.2 Cybersecurity in the Military Field and NATO 3 State of the Art 3.1 Related Works 3.2 Research Problem 4 Methodology 4.1 Cyber Kill Chain Structure 4.2 Reconnaissance Phase 4.3 Weaponization Phase 4.4 Delivery Phase 4.5 Expansion Phase 4.6 Persistence Phase 5 Case Study 5.1 Experimental Background 5.2 Methodology Application 5.3 Objectives Evaluation 6 Conclusion and Future Work 7 Annex I 7.1 Model validation 7.2 Validation Results References The Cloud Continuum for Military Deployable Networks: Challenges and Opportunities 1 Introduction 2 Motivation and Related Work 2.1 One Cloud to Rule Them All? 2.2 Fragmenting the Cloud into Fog, Edge and Mist 3 The Cloud Continuum for Military Deployable Networks 3.1 Tactical Edge 3.2 IoBT 3.3 Combat Cloud 3.4 Cyber-Physical Battlefield 3.5 Cyber Warfare 3.6 LEO and NTNs 3.7 Zero-Trust Security 3.8 Digital Twins 3.9 Summary and Research Insights 4 Future Trends and Challenges 4.1 Merging Serverless and Resourceless Computing 4.2 Federated Learning at the Edge 4.3 Energy Management in Constrained Environments 5 Conclusions References 1st International Workshop on Election Infrastructure Security (EIS 2022) Preface Organization General Chair Program Committee Chairs Steering Committee Steering Committee Chair Proceedings Chair Publicity Chair Program Committee Ballot-Polling Audits of Instant-Runoff Voting Elections with a Dirichlet-Tree Model 1 Introduction 2 Methods 2.1 Election Audits and the Dirichlet-Tree Model 2.2 Choice of Prior Distribution 2.3 Data 2.4 Benchmarking Experiments 3 Results 3.1 Comparing the Priors 3.2 Pathological Examples 3.3 Bias Induced by Overly Informative Priors 3.4 Comparison with Existing Methods 4 Discussion References Non(c)esuch Ballot-Level Comparison Risk-Limiting Audits 1 Introduction: Efficient Risk-Limiting Audits 2 Assumptions 2.1 SHANGRLA Assorters 2.2 Mismatches Between the Numbers of Cards and CVRs 2.3 Limiting Risk When Imprinting and Retrieval Are Untrustworthy 3 Non(c)esuch RLAs 4 Implementation Considerations 5 Conclusion References Why Is Online Voting Still Largely a Black Box? 1 Introduction 2 Related Work 3 Background and Overview 3.1 End-to-End Verifiability 3.2 Black-Box System 3.3 Overview 4 Panel Responses from Specialists 4.1 Composition and Setup 4.2 Arguments on Current Election Organizers' Motivation 4.3 Action Proposals to Change Election Organizers' Motivation 5 Exploratory Study for Response Evaluation 5.1 Composition and Setup 5.2 Evaluation Methodology 5.3 Arguments on Current Election Organizers' Motivation 5.4 Action Proposals to Change Election Organizers' Motivation 6 Discussion 7 Conclusion 7.1 Summary 7.2 Outlook References Connecting Incident Reporting Infrastructure to Election Day Proceedings 1 Introduction 2 Related Works and Background 2.1 Current State of Incident Reporting with Elections 2.2 How Incidents Are Submitted 2.3 Information Technology Incident Management Systems 3 Survey Design Methodology 3.1 Survey Contents 3.2 Qualitative and Quantitative Analysis Methods 4 Results and Discussion 4.1 Qualitative Response Results 5 Framework for Election Day Incident Protocol Recommendations and Next Steps 5.1 Identification 5.2 Categorization 5.3 Prioritization 5.4 Response 5.5 Conclusion References Council of Europe Guidelines on the Use of ICT in Electoral Processes 1 Introduction 2 Development Process 2.1 Role of the Committee on Democracy and Governance 2.2 Process Description 3 Questionnaire 3.1 Definition 3.2 Overview 3.3 Result for ICT in Place 3.4 Result for National Regulatory Frameworks 4 Content of Guidelines CM(2022)10 4.1 G1 Principles and Requirements 4.2 G2 Usability and Accessibility 4.3 G3 Universally Accessible Alternative Solution 4.4 G4 Integrity and Authenticity 4.5 G5 Availability and Reliability 4.6 G6 Secrecy and Confidentiality 4.7 G7 Transparency 4.8 G8 Initial Evaluation 4.9 G9 Risk Management 4.10 G10 Member State's Capacities 4.11 G11 Member State's Responsibility 4.12 G12 Exceptional Circumstances 4.13 G13 Security 5 Discussion and Future Work 5.1 Relationship Between Guidelines CM(2022)10 and Recommendation CM/Rec(2017)5 5.2 Impact 5.3 Limitations References 1st International Workshop on System Security Assurance (SecAssure 2022) Preface Organization General Chair Program Committee Chairs Program Committee Additional Reviewers SAEOn: An Ontological Metamodel for Quantitative Security Assurance Evaluation 1 Introduction 2 Related Work 3 Quantitative Security Assurance Evaluation Metamodel 3.1 General Model Structure 3.2 Assurance Metrics Calculation 4 Ontology Design and Construction 4.1 Assurance Component Modeling 4.2 Assurance Metrics Modeling 4.3 Metrics Assignment Modeling 4.4 Individuals Creation 5 Ontology Evaluation 6 Conclusion References A Comparison-Based Methodology for the Security Assurance of Novel Systems 1 Introduction 2 Proposed Methodology 3 Example 3.1 Authentication with a Smartcard 3.2 Authentication with SplitKey 3.3 First Intermediate System 3.4 Second Intermediate System 3.5 Comparing the Second Intermediate System and the Smartcard System 3.6 Propagation of the Security Requirements 4 Conclusion References Automation of Vulnerability Information Extraction Using Transformer-Based Language Models 1 Introduction 1.1 Proposed Approach 1.2 Our Contributions 1.3 Paper Roadmap 2 Related Works 3 Background 4 Our Approach 4.1 Data Preparation 4.2 Co-reference Resolution 4.3 Application of NER 4.4 Experiments 4.5 Discussion 5 Conclusion References Product Incremental Security Risk Assessment Using DevSecOps Practices 1 Introduction 2 Incremental Risk Assessment and DevSecOps 2.1 DevSecOps Practices 2.2 The Need for Incremental and Continuous Risk Assessment 2.3 Requirements for Flexible Incremental Risk Assessment 2.4 Current Practices of Incremental Software Risk Assessment 3 Modeling DevSecOps and Incremental Risk Assessment Processes 3.1 Defining Core Risk Components 3.2 Input 3.3 Risk Assessment Computation Model 3.4 Incremental Risk Assessment Process for DevSecOps Approach 3.5 Composing Incremental Risk Assessment and DevSecOps Processes 4 Illustration of Benefits of Incremental Risk Assessment in DevSecOps 4.1 Secure Firewall Update Case Study 4.2 Implementation of Incremental Risk Assessment in a DevSecOps Process 5 Conclusion and Future Work References SLIME: State Learning in the Middle of Everything for Tool-Assisted Vulnerability Detection 1 Introduction 1.1 Background and Related Work 1.2 Contributions 2 Design of the SLIME Framework 2.1 Test Harness 2.2 MITM Actions 2.3 Example System 3 Automatic State Machine Annotation for Vulnerability Detection 3.1 Happy Path Bypass 3.2 Anomalous Message Access 3.3 Other Opportunities for Automated Support 4 Results 5 Conclusions 5.1 Limitations and Future Work References Author Index This book constitutes the refereed proceedings of seven International Workshops which were held in conjunction with the 27th European Symposium on Research in Computer Security, ESORICS 2022, held in hybrid mode, in Copenhagen, Denmark, during September 26-30, 2022. The 39 papers included in these proceedings stem from the following workshops: 8th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2022, which accepted 8 papers from 15 submissions; 6th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2022, which accepted 2 papers from 5 submissions; Second Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2022, which accepted 4 full papers out of 13 submissions; Third Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2022, which accepted 9 full and 1 short paper out of 19 submissions; Second International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT & SECOMANE 2022, which accepted 5 papers out of 8 submissions; First International Workshop on Election Infrastructure Security, EIS 2022, which accepted 5 papers out of 10 submissions; and First International Workshop on System Security Assurance, SecAssure 2022, which accepted 5 papers out of 10 submissions. Chapter(s) 5, 10, 11, and 14 are available open access under a Creative Commons Attribution 4.0 International License via link.springer.com. This book constitutes the refereed proceedings of seven International Workshops which were held in conjunction with the 27th European Symposium on Research in Computer Security, ESORICS 2022, held in hybrid mode, in Copenhagen, Denmark, during October 4-6, 2021. The 39 papers included in these proceedings stem from the following workshops: 8th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2022, which accepted 8 papers from 15 submissions; 6th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2022, which accepted 2 papers from 5 submissions; Second Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2022, which accepted 4 full papers out of 13 submissions; Third Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2022, which accepted 9 full and 1 short paper out of 19 submissions; Second International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT & SECOMANE 2022, which accepted 5 papers out of 8 submissions; First International Workshop on Election Infrastructure Security, EIS 2022, which accepted 5 papers out of 10 submissions; and First International Workshop on System Security Assurance, SecAssure 2022, which accepted 5 papers out of 10 submissions.
دانلود کتاب Computer security : ESORICS 2022 international workshops : CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26-30, 2022, revised selected papers