Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Critical Infrastructure Protection [[electronic resource] ] : Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense / / edited by Javier Lopez, Roberto Setola, Stephen Wolthusen
| Critical Infrastructure Protection [[electronic resource] ] : Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense / / edited by Javier Lopez, Roberto Setola, Stephen Wolthusen |
| Edizione | [1st ed. 2012.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2012 |
| Descrizione fisica | 1 online resource (XIV, 357 p.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Management information systems Computer science Data encryption (Computer science) Computers and civilization Algorithms Application software Systems and Data Security Management of Computing and Information Systems Cryptology Computers and Society Algorithm Analysis and Problem Complexity Information Systems Applications (incl. Internet) |
| ISBN | 3-642-28920-7 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Record Nr. | UNISA-996466252903316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2012 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Critical Information Infrastructure Security [[electronic resource] ] : 6th International Workshop, CRITIS 2011, Lucerne, Switzerland, September 8-9, 2011, Revised Selected Papers / / edited by Sandro Bologna, Bernhard Hämmerli, Dimitris Gritzalis, Stephen Wolthusen
| Critical Information Infrastructure Security [[electronic resource] ] : 6th International Workshop, CRITIS 2011, Lucerne, Switzerland, September 8-9, 2011, Revised Selected Papers / / edited by Sandro Bologna, Bernhard Hämmerli, Dimitris Gritzalis, Stephen Wolthusen |
| Edizione | [1st ed. 2013.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2013 |
| Descrizione fisica | 1 online resource (XII, 227 p. 56 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computer communication systems Computers and civilization Data encryption (Computer science) Systems and Data Security Computer Communication Networks Computers and Society Cryptology |
| ISBN | 3-642-41476-1 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Ten National Cyber Security Strategies: A Comparison -- Analysis of Dependencies in Critical Infrastructures -- Assurance and Trust Indicators to Evaluate Accuracy of On-line Risk in Critical Infrastructures -- An Innovative Approach to Emergency Management in Large Infrastructures -- Dynamic Evacuation Guidance as Safety Critical Application in Building Automation -- Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation -- Sub-optimal Topological Protection Strategy from Advanced Malware -- The Insider Threat in Cloud Computing -- Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects -- How to Perform Verification and Validation of Critical Infrastructure Modeling Tools -- Petri Net Modelling of Physical Vulnerability -- Investigating the Effect of Network Parameters on Coordinated Cyber Attacks Against a Simulated Power Plant -- The Role of the DNS in the Secure and Resilient Operation of CIs, the Energy System Example -- The Development of Warning, Advice and Reporting Points (WARPs) in UK National Infrastructure -- The Contribution of NEISAS to EP3R -- Policies to Improve Resilience against Major Industrial Accidents -- Fuzzy Input-Output Inoperability Model -- Dependencies Discovery and Analysis in Distributed Systems -- Protecting Critical Infrastructures from Stealth Attacks: A Closed-Loop Approach Involving Detection and Remediation -- Risk Assessment in Critical Infrastructure Security Modelling Based on Dependency Analysis -- Countermeasures Selection via Evidence Theory -- The Robustness of Assortativity. |
| Record Nr. | UNISA-996465484403316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2013 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Critical Information Infrastructure Security : 6th International Workshop, CRITIS 2011, Lucerne, Switzerland, September 8-9, 2011, Revised Selected Papers / / edited by Sandro Bologna, Bernhard Hämmerli, Dimitris Gritzalis, Stephen Wolthusen
| Critical Information Infrastructure Security : 6th International Workshop, CRITIS 2011, Lucerne, Switzerland, September 8-9, 2011, Revised Selected Papers / / edited by Sandro Bologna, Bernhard Hämmerli, Dimitris Gritzalis, Stephen Wolthusen |
| Edizione | [1st ed. 2013.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2013 |
| Descrizione fisica | 1 online resource (XII, 227 p. 56 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computer communication systems Computers and civilization Data encryption (Computer science) Systems and Data Security Computer Communication Networks Computers and Society Cryptology |
| ISBN | 3-642-41476-1 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Ten National Cyber Security Strategies: A Comparison -- Analysis of Dependencies in Critical Infrastructures -- Assurance and Trust Indicators to Evaluate Accuracy of On-line Risk in Critical Infrastructures -- An Innovative Approach to Emergency Management in Large Infrastructures -- Dynamic Evacuation Guidance as Safety Critical Application in Building Automation -- Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation -- Sub-optimal Topological Protection Strategy from Advanced Malware -- The Insider Threat in Cloud Computing -- Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects -- How to Perform Verification and Validation of Critical Infrastructure Modeling Tools -- Petri Net Modelling of Physical Vulnerability -- Investigating the Effect of Network Parameters on Coordinated Cyber Attacks Against a Simulated Power Plant -- The Role of the DNS in the Secure and Resilient Operation of CIs, the Energy System Example -- The Development of Warning, Advice and Reporting Points (WARPs) in UK National Infrastructure -- The Contribution of NEISAS to EP3R -- Policies to Improve Resilience against Major Industrial Accidents -- Fuzzy Input-Output Inoperability Model -- Dependencies Discovery and Analysis in Distributed Systems -- Protecting Critical Infrastructures from Stealth Attacks: A Closed-Loop Approach Involving Detection and Remediation -- Risk Assessment in Critical Infrastructure Security Modelling Based on Dependency Analysis -- Countermeasures Selection via Evidence Theory -- The Robustness of Assortativity. |
| Record Nr. | UNINA-9910483166603321 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2013 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Critical Information Infrastructure Security [[electronic resource] ] : 5th International Workshop, CRITIS 2010, Athens, Greece, September 2010, Revised Papers / / edited by Christos Xenakis, Stephen Wolthusen
| Critical Information Infrastructure Security [[electronic resource] ] : 5th International Workshop, CRITIS 2010, Athens, Greece, September 2010, Revised Papers / / edited by Christos Xenakis, Stephen Wolthusen |
| Edizione | [1st ed. 2011.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 |
| Descrizione fisica | 1 online resource (X, 161 p. 54 illus., 33 illus. in color.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Management information systems
Computer science Data encryption (Computer science) Computer software—Reusability Computer communication systems Special purpose computers Computer system failures Management of Computing and Information Systems Cryptology Performance and Reliability Computer Communication Networks Special Purpose and Application-Based Systems System Performance and Evaluation |
| ISBN | 3-642-21694-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Title page -- Preface -- Organization -- Table of Contents -- Inter-dependency Assessment in the ICT-PS Network: The MIA Project Results -- Introduction -- The MIA Framework -- Inter-dependency Models -- Topological Model -- Analytical Model -- Simulation Model -- Interdependency Metrics -- Topological Robustness -- Module and Phase of Frequency Response and the Poles Placement -- Ratio of Inter-dependency -- Temporal Scale of Inter-dependency -- Scale of Criticality -- Metrics Evaluation -- Main Project Findings -- Conclusions and Outlook -- References -- A Quantitative Risk Analysis Approach for Deliberate Threats -- Introduction -- Motivation -- Proposed Approach -- Conceptual Foundation -- The Modeling Tools -- Mathematical Foundation -- Risk Analysis Approach: Step-by-Step -- A Simple Example -- Conclusions and Future Work -- References -- The EU FP6 Integrated Project IRRIIS on Dependent Critical Infrastructures Summary and Conclusions -- Introduction -- Analysis and Modeling -- The IRRIIS Information Model -- Preliminary Interdependency Analysis (PIA) -- Detailed Technical Federated Simulations -- User Interactions -- Scenarios and Experiments -- Middleware Technology (MIT) -- Use Cases -- Conclusions and Lessons Learnt -- Modeling and Simulation -- User Interaction Capabilities -- Scenarios -- Other Critical Infrastructure Domains -- Middleware Improved Technology -- References -- Towards Understanding Recurring Large Scale Power Outages: An Endogenous View of Inter-organizational Effects -- Introduction -- Problem -- Hypothesis -- Analysis -- Policy and Implementation -- Conclusion -- References -- Early Warning System for Cascading Effect Control in Energy Control Systems -- Introduction -- SCADA System and Control Technologies -- SCADA Network Architecture -- WSN, An Alternative for the Control.
Early Warning Systems on the Critical System Protection -- Preventing and Controlling a Cascading Effect -- Early Warning System Based on Forensic Techniques -- Use Case and Discussion -- Conclusions and Future Work -- References -- Emergency Response with Proactive Crowd-Sourcing Reverse-111 -- Introduction -- Reverse 111 - Proactive Crowd Sourcing -- System Overview -- System Architecture -- Resource Schedulers -- Greedy Scheduler -- Lottery Scheduler -- Round-Robin Scheduler -- Visualization Interface -- Evaluation -- Evaluation of Proactive Crowd-Sourcing -- Related Work -- Conclusions and Future Work -- References -- Anonymity and Privacy in Distributed Early Warning Systems -- Introduction -- Related Work -- International Activities -- Collaborative Centralised Approaches -- Distributed and Collaborative Approaches -- A Distributed Collaborative Privacy-Preserving Approach -- Design Goals -- Component Technologies -- Integration and Use Cases -- Discussion and Future Work -- Reputation Tracking -- Role of a Trusted Third Party -- Data Analysis -- Practical Implementation of the Concept -- Conclusion -- References -- A Formal Adversary Capability Model for SCADA Environments -- Introduction -- π-Calculus Variant -- Model of a SCADA Network -- Agent-Based Adversary Capabilities -- Adversary Communication with SCADA Processes -- Agent Recruitment -- Covert Communication -- Message Interception and Manipulation -- Denial of Service -- Model Utility: Discussion and Example -- Related Work -- Conclusion and Future Work -- References -- A Cloud Provider-Agnostic Secure Storage Protocol -- Introduction -- Related Work -- A Confidentiality and Integrity Ensuring Model -- File Splitting -- Hybrid Encryption -- Chunks Message Authentication Code -- Index File -- Data Management -- Evaluation of Our Model -- Conclusions and Future Work -- References. State-Based Firewall for Industrial Protocols with Critical-State Prediction Monitor -- Introduction -- Related Works -- State Analysis Filtering -- Rules Languages -- Packet Language -- Critical State Language -- Critical State Distance -- Distance Evaluation -- Experimental Tests -- Distance Performance -- Conclusions -- References -- A Formally Verified Mechanism for Countering SPIT -- Introduction -- Methodology -- Policy Description -- Policy Integration in a VoIP Environment -- Experiments -- Formal Verification -- Assumptions and Property Specification -- SIP-aSPM Model Description -- Verification Results -- Related Work -- Conclusions -- References -- Trust and Reputation for Information Exchange in Critical Infrastructures -- Introduction -- Related Work -- Application Scenario -- Trust and Reputation Service -- TRS Agents -- TRS Discovery Tool -- Validation -- Conclusions -- References -- A Modelling Approach for Interdependency in Digital Systems-of-Systems Security - Extended Abstract -- References -- Risk Ontology and Service Quality Descriptor Shared among Interdependent Critical Infrastructures -- Introduction -- Risk Description -- How to Describe Risk? -- Service Quality Descriptor -- Value Assignment to SQD -- Simplified Method of SQD Assessment -- Assumptions -- SQD Parameters Computation -- References -- Author Index. |
| Record Nr. | UNISA-996465911503316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Critical Information Infrastructures Security [[electronic resource] ] : 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers / / edited by Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen
| Critical Information Infrastructures Security [[electronic resource] ] : 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers / / edited by Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen |
| Edizione | [1st ed. 2017.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 |
| Descrizione fisica | 1 online resource (XI, 348 p. 103 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computer communication systems Architecture, Computer Computers and civilization Computers Law and legislation Microprogramming Systems and Data Security Computer Communication Networks Computer System Implementation Computers and Society Legal Aspects of Computing Control Structures and Microprogramming |
| ISBN | 3-319-71368-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents -- Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation -- 1 Introduction -- 2 Background -- 2.1 Pin Control Subsystem -- 2.2 How PLCs Control the Pins -- 3 Pin Control Attack -- 3.1 Security Concerns Regarding Pin Control -- 3.2 Pin Control Attack Details -- 3.3 Threat Model -- 4 A Pin Control Attack in Practice -- 4.1 Environment Setup -- 4.2 Attack Implementation -- 5 Discussion -- 5.1 Implications of Attack on the ICS -- 5.2 Detection of Pin Control Attack -- 6 Related Work -- 7 Conclusion -- References -- Developing a Cyber Incident Communication Management Exercise for CI Stakeholders -- 1 Introduction -- 1.1 Background -- 1.2 Case Study: Red Team - Blue Team Exercise -- 2 Communication Management Exercise for ICS Security (CME-ICS) -- 2.1 Peculiarity of Existing Japanese CIP Training -- 2.2 Discussion-Based Exercise -- 2.3 Theme of the Exercise: Communication Management -- 2.4 Scenario -- 2.5 Exercise Steps -- 2.6 Administration Staff -- 2.7 Pilot Exercises -- 3 Results and Discussion -- 3.1 Variation of Incident Management Structure -- 3.2 Results of the Survey -- 3.3 Discussion -- 3.4 Future Work: ``ICS-SIRT'' Exercise -- References -- On Auxiliary Entity Allocation Problem in Multi-layered Interdependent Critical Infrastructures -- 1 Introduction -- 2 Problem Formulation Using the Implicative Interdependency Model -- 3 Computational Complexity Analysis -- 3.1 Special Case: Problem Instance with One Minterm of Size One -- 3.2 General Case: Problem Instance with an Arbitrary Number of Minterms of Arbitrary Size -- 4 Solutions to the AEAP Problem -- 4.1 Optimal Solution to AEAP Problem -- 4.2 Heuristic Solution to the AEAP Problem -- 5 Experimental Results -- 6 Conclusion -- References -- Cyber Targets Water Management -- 1 Introduction.
1.1 Use of Industrial Control Systems -- 1.2 Cyber Threats and Risk -- 1.3 Structure of This Paper -- 2 Related Work -- 3 A Benchmark of the Resilience of the ICS Environment -- 4 Observed ICS Security Dilemmas -- 5 Cyber Security Simulator for Water Management Control Systems -- 5.1 Deployment of Attack Scenarios -- 5.2 DESI Results -- 6 Conclusions and Future Work -- 6.1 Future Work -- References -- Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications -- 1 Introduction -- 2 Related Work -- 3 Review Methodology -- 4 Integrated Safety and Security Risk Assessment Methods -- 4.1 SAHARA Method -- 4.2 CHASSIS Method -- 4.3 FACT Graph Method -- 4.4 FMVEA Method -- 4.5 Unified Security and Safety Risk Assessment Method -- 4.6 Extended CFT Method -- 4.7 EFT Method -- 5 Analysis of Integrated Safety and Security Risk Assessment Methods -- 6 Conclusions and Future Work -- References -- Railway Station Surveillance System Design: A Real Application of an Optimal Coverage Approach -- Abstract -- 1 Introduction -- 2 Railway Station Surveillance and Sensor Placement Problem -- 3 Application of the Optimal Coverage Approach to a Real Case -- 3.1 Area of Interest and Input Data -- 3.2 Coverage Analysis and Coverage Matrix -- 3.3 Modeling of the Coverage Problem and Solution of the Model -- 4 Experimental Results -- 4.1 Set Covering Model -- 4.2 Maximal Covering Model -- 5 Conclusions -- References -- A Synthesis of Optimization Approaches for Tackling Critical Information Infrastructure Survivability -- Abstract -- 1 Introduction -- 2 Identifying Critical Network Components: Survivability-Oriented Interdiction Models -- 3 Enhancing Critical Network Survivability: Resource Allocation Strategy Models -- 3.1 Optimization Models for Protecting CII Physical Components. 3.2 Optimization Models for CII Service Restoration -- 4 Planning Survivable Networks: Design Models -- 5 Future Research Suggestions -- 6 Conclusions -- References -- A Dataset to Support Research in the Design of Secure Water Treatment Systems -- 1 Introduction -- 2 Secure Water Treatment (SWaT) -- 2.1 Water Treatment Process -- 2.2 Communications -- 3 Attack Scenarios -- 4 Data Collection Process -- 4.1 Physical Properties -- 4.2 Network Traffic -- 4.3 Labelling Data -- 5 Conclusion -- References -- Human Vulnerability Mapping Facing Critical Service Disruptions for Crisis Managers -- Abstract -- 1 Introduction -- 2 Consequence Assessment -- 3 Modelling People Mobility -- 4 Results and Interests of Mapping Human Vulnerability -- 5 Improving Human Vulnerability Assessment -- 6 Conclusion -- Acknowledgments -- References -- A Methodology for Monitoring and Control Network Design -- 1 Introduction -- 2 Related Work -- 3 Asset Risk Assessment in ICS -- 3.1 Overview of the CAIA Approach -- 3.2 Risk Assessment Based on the Impact Measures -- 4 Optimal Control Network Design -- 5 Experimental Results -- 5.1 Results on the TEP -- 5.2 Results on the IEEE 14-Bus Electricity Grid -- 5.3 Results on the IEEE 300-Bus Electricity Grid Model -- 6 Conclusions -- References -- Effective Defence Against Zero-Day Exploits Using Bayesian Networks -- 1 Introduction -- 2 Modelling and Problem Representation -- 3 Case Study and Results -- 3.1 Case Study Settings -- 3.2 Results -- Deploying a Single Control -- 3.3 Results -- Deploying Combined Controls -- 4 Related Work -- 5 Conclusion and Future Work -- References -- Power Auctioning in Resource Constrained Micro-grids: Cases of Cheating -- 1 Introduction -- 2 Related Work -- 3 Decentralised Continuous Double Auction Model -- 4 Cheating CDA Attacks -- 4.1 Case 1: Victim Strategy Downgrade -- 4.2 Case 2: Collusion Attack. 5 Sketch Countermeasures -- 6 Conclusions -- References -- Using Incentives to Foster Security Information Sharing and Cooperation: A General Theory and Application to Critical Infrastructure Protection -- 1 Introduction -- 2 Theoretical Framework and Propositions -- 2.1 Regulation Alone Cannot Solve the Free Rider Problem -- 2.2 Linking Incentives to Voluntary SIS -- 2.3 A Holistic and Multidisciplinary Approach -- 2.4 A Model Linking Incentives, Behavior, and SIS -- 2.5 Reciprocity Expectation -- 2.6 Value Expectation -- 2.7 Institutional Expectation -- 2.8 Reputation Expectation -- 2.9 The Moderating Role of Trust -- 3 Application of the Proposed Model to Critical Infrastructure Protection -- 3.1 The Swiss Reporting and Analysis Centre for Information Security -- 3.2 Reciprocity Expectation -- 3.3 Value Expectation -- 3.4 Institutional Expectation -- 3.5 Reputation Expectation -- 3.6 The Moderating Role of Trust -- 4 Discussion -- 5 Concluding Comments and Next Steps -- References -- Dynamic Risk Analyses and Dependency-Aware Root Cause Model for Critical Infrastructures -- 1 Introduction -- 2 Terminology -- 3 Risk Assessments Using the Dependency-Aware Root Cause (DARC) Model -- 4 Risk Taxonomy for Critical Infrastructures -- 4.1 Dependency Definition Language -- 4.2 Generating the Dependency Graph -- 5 The `Smart Grid Luxembourg' Use-Case -- 5.1 Compiling a Dependency-Aware Inventory -- 5.2 Threat Model -- 5.3 Generation of the Dependency Graph -- 5.4 Results -- 6 Conclusion and Future Work -- References -- Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems -- 1 Introduction -- 2 Privacy and Automation Properties -- 3 Selecting Techniques: Analysis and Discussion -- 3.1 Analysis of Privacy Techniques -- 3.2 Discussion: Privacy vs. Control -- 4 Conclusions and Future Work -- References. A Six-Step Model for Safety and Security Analysis of Cyber-Physical Systems -- 1 Introduction -- 2 Preliminaries and Background -- 2.1 CPS Safety and Security -- 2.2 GTST-MLD and the 3-Step Model -- 2.3 The SWaT System -- 3 Complex System Safety and Security Modeling: SSM -- 4 Summary and Conclusion -- References -- Availability Study of the Italian Electricity SCADA System in the Cloud -- 1 Introduction -- 1.1 The Hierarchical SCADA System -- 1.2 Cloud Deployments for a Nationwide SCADA System -- 2 Availability Computation in a Hierarchical SCADA Network -- 2.1 Availability Model for an Optical Network -- 2.2 Availability Computation -- 3 Availability Assessment in the SCADA System Managing the Italian Electricity Grid -- 4 Conclusion -- References -- Railway System Failure Scenario Analysis -- 1 Introduction -- 2 Failure Scenario Analysis: From Power Grid to Railway -- 2.1 NESCOR Failure Scenarios for the Energy Sector -- 2.2 Toward Railway Transportation Failure Scenarios -- 3 Sample Railway System Failure Scenarios -- 3.1 Compromised HMI Sends Malicious Commands to Devices -- 3.2 SCADA Firewall Fails and Critical Traffic Cannot Reach Devices -- 4 Analyzing Scenarios for a Railway System -- 4.1 Failure Scenario Analysis Tool -- 4.2 Case Study: Deploying SCADA Firewalls -- 4.3 Discussion -- 5 Related Work -- 6 Conclusion -- References -- Tamper Resistant Secure Digital Silo for Log Storage in Critical Infrastructures -- 1 Introduction -- 1.1 Contribution -- 1.2 Organization -- 2 Motivation -- 3 Background -- 3.1 Intel Software Guard Extensions (SGX) -- 3.2 Trusted Platform Module (TPM) -- 3.3 Enterprise Cryptographic Filesystem (eCryptfs) -- 3.4 Secure Block Device (SBD) -- 4 Design -- 5 Implementation and Evaluation -- 6 Conclusions and Future Work -- References. Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol. |
| Record Nr. | UNISA-996466435203316 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Critical Information Infrastructures Security : 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers / / edited by Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen
| Critical Information Infrastructures Security : 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers / / edited by Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen |
| Edizione | [1st ed. 2017.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 |
| Descrizione fisica | 1 online resource (XI, 348 p. 103 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computer communication systems Architecture, Computer Computers and civilization Computers Law and legislation Microprogramming Systems and Data Security Computer Communication Networks Computer System Implementation Computers and Society Legal Aspects of Computing Control Structures and Microprogramming |
| ISBN | 3-319-71368-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents -- Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation -- 1 Introduction -- 2 Background -- 2.1 Pin Control Subsystem -- 2.2 How PLCs Control the Pins -- 3 Pin Control Attack -- 3.1 Security Concerns Regarding Pin Control -- 3.2 Pin Control Attack Details -- 3.3 Threat Model -- 4 A Pin Control Attack in Practice -- 4.1 Environment Setup -- 4.2 Attack Implementation -- 5 Discussion -- 5.1 Implications of Attack on the ICS -- 5.2 Detection of Pin Control Attack -- 6 Related Work -- 7 Conclusion -- References -- Developing a Cyber Incident Communication Management Exercise for CI Stakeholders -- 1 Introduction -- 1.1 Background -- 1.2 Case Study: Red Team - Blue Team Exercise -- 2 Communication Management Exercise for ICS Security (CME-ICS) -- 2.1 Peculiarity of Existing Japanese CIP Training -- 2.2 Discussion-Based Exercise -- 2.3 Theme of the Exercise: Communication Management -- 2.4 Scenario -- 2.5 Exercise Steps -- 2.6 Administration Staff -- 2.7 Pilot Exercises -- 3 Results and Discussion -- 3.1 Variation of Incident Management Structure -- 3.2 Results of the Survey -- 3.3 Discussion -- 3.4 Future Work: ``ICS-SIRT'' Exercise -- References -- On Auxiliary Entity Allocation Problem in Multi-layered Interdependent Critical Infrastructures -- 1 Introduction -- 2 Problem Formulation Using the Implicative Interdependency Model -- 3 Computational Complexity Analysis -- 3.1 Special Case: Problem Instance with One Minterm of Size One -- 3.2 General Case: Problem Instance with an Arbitrary Number of Minterms of Arbitrary Size -- 4 Solutions to the AEAP Problem -- 4.1 Optimal Solution to AEAP Problem -- 4.2 Heuristic Solution to the AEAP Problem -- 5 Experimental Results -- 6 Conclusion -- References -- Cyber Targets Water Management -- 1 Introduction.
1.1 Use of Industrial Control Systems -- 1.2 Cyber Threats and Risk -- 1.3 Structure of This Paper -- 2 Related Work -- 3 A Benchmark of the Resilience of the ICS Environment -- 4 Observed ICS Security Dilemmas -- 5 Cyber Security Simulator for Water Management Control Systems -- 5.1 Deployment of Attack Scenarios -- 5.2 DESI Results -- 6 Conclusions and Future Work -- 6.1 Future Work -- References -- Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications -- 1 Introduction -- 2 Related Work -- 3 Review Methodology -- 4 Integrated Safety and Security Risk Assessment Methods -- 4.1 SAHARA Method -- 4.2 CHASSIS Method -- 4.3 FACT Graph Method -- 4.4 FMVEA Method -- 4.5 Unified Security and Safety Risk Assessment Method -- 4.6 Extended CFT Method -- 4.7 EFT Method -- 5 Analysis of Integrated Safety and Security Risk Assessment Methods -- 6 Conclusions and Future Work -- References -- Railway Station Surveillance System Design: A Real Application of an Optimal Coverage Approach -- Abstract -- 1 Introduction -- 2 Railway Station Surveillance and Sensor Placement Problem -- 3 Application of the Optimal Coverage Approach to a Real Case -- 3.1 Area of Interest and Input Data -- 3.2 Coverage Analysis and Coverage Matrix -- 3.3 Modeling of the Coverage Problem and Solution of the Model -- 4 Experimental Results -- 4.1 Set Covering Model -- 4.2 Maximal Covering Model -- 5 Conclusions -- References -- A Synthesis of Optimization Approaches for Tackling Critical Information Infrastructure Survivability -- Abstract -- 1 Introduction -- 2 Identifying Critical Network Components: Survivability-Oriented Interdiction Models -- 3 Enhancing Critical Network Survivability: Resource Allocation Strategy Models -- 3.1 Optimization Models for Protecting CII Physical Components. 3.2 Optimization Models for CII Service Restoration -- 4 Planning Survivable Networks: Design Models -- 5 Future Research Suggestions -- 6 Conclusions -- References -- A Dataset to Support Research in the Design of Secure Water Treatment Systems -- 1 Introduction -- 2 Secure Water Treatment (SWaT) -- 2.1 Water Treatment Process -- 2.2 Communications -- 3 Attack Scenarios -- 4 Data Collection Process -- 4.1 Physical Properties -- 4.2 Network Traffic -- 4.3 Labelling Data -- 5 Conclusion -- References -- Human Vulnerability Mapping Facing Critical Service Disruptions for Crisis Managers -- Abstract -- 1 Introduction -- 2 Consequence Assessment -- 3 Modelling People Mobility -- 4 Results and Interests of Mapping Human Vulnerability -- 5 Improving Human Vulnerability Assessment -- 6 Conclusion -- Acknowledgments -- References -- A Methodology for Monitoring and Control Network Design -- 1 Introduction -- 2 Related Work -- 3 Asset Risk Assessment in ICS -- 3.1 Overview of the CAIA Approach -- 3.2 Risk Assessment Based on the Impact Measures -- 4 Optimal Control Network Design -- 5 Experimental Results -- 5.1 Results on the TEP -- 5.2 Results on the IEEE 14-Bus Electricity Grid -- 5.3 Results on the IEEE 300-Bus Electricity Grid Model -- 6 Conclusions -- References -- Effective Defence Against Zero-Day Exploits Using Bayesian Networks -- 1 Introduction -- 2 Modelling and Problem Representation -- 3 Case Study and Results -- 3.1 Case Study Settings -- 3.2 Results -- Deploying a Single Control -- 3.3 Results -- Deploying Combined Controls -- 4 Related Work -- 5 Conclusion and Future Work -- References -- Power Auctioning in Resource Constrained Micro-grids: Cases of Cheating -- 1 Introduction -- 2 Related Work -- 3 Decentralised Continuous Double Auction Model -- 4 Cheating CDA Attacks -- 4.1 Case 1: Victim Strategy Downgrade -- 4.2 Case 2: Collusion Attack. 5 Sketch Countermeasures -- 6 Conclusions -- References -- Using Incentives to Foster Security Information Sharing and Cooperation: A General Theory and Application to Critical Infrastructure Protection -- 1 Introduction -- 2 Theoretical Framework and Propositions -- 2.1 Regulation Alone Cannot Solve the Free Rider Problem -- 2.2 Linking Incentives to Voluntary SIS -- 2.3 A Holistic and Multidisciplinary Approach -- 2.4 A Model Linking Incentives, Behavior, and SIS -- 2.5 Reciprocity Expectation -- 2.6 Value Expectation -- 2.7 Institutional Expectation -- 2.8 Reputation Expectation -- 2.9 The Moderating Role of Trust -- 3 Application of the Proposed Model to Critical Infrastructure Protection -- 3.1 The Swiss Reporting and Analysis Centre for Information Security -- 3.2 Reciprocity Expectation -- 3.3 Value Expectation -- 3.4 Institutional Expectation -- 3.5 Reputation Expectation -- 3.6 The Moderating Role of Trust -- 4 Discussion -- 5 Concluding Comments and Next Steps -- References -- Dynamic Risk Analyses and Dependency-Aware Root Cause Model for Critical Infrastructures -- 1 Introduction -- 2 Terminology -- 3 Risk Assessments Using the Dependency-Aware Root Cause (DARC) Model -- 4 Risk Taxonomy for Critical Infrastructures -- 4.1 Dependency Definition Language -- 4.2 Generating the Dependency Graph -- 5 The `Smart Grid Luxembourg' Use-Case -- 5.1 Compiling a Dependency-Aware Inventory -- 5.2 Threat Model -- 5.3 Generation of the Dependency Graph -- 5.4 Results -- 6 Conclusion and Future Work -- References -- Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems -- 1 Introduction -- 2 Privacy and Automation Properties -- 3 Selecting Techniques: Analysis and Discussion -- 3.1 Analysis of Privacy Techniques -- 3.2 Discussion: Privacy vs. Control -- 4 Conclusions and Future Work -- References. A Six-Step Model for Safety and Security Analysis of Cyber-Physical Systems -- 1 Introduction -- 2 Preliminaries and Background -- 2.1 CPS Safety and Security -- 2.2 GTST-MLD and the 3-Step Model -- 2.3 The SWaT System -- 3 Complex System Safety and Security Modeling: SSM -- 4 Summary and Conclusion -- References -- Availability Study of the Italian Electricity SCADA System in the Cloud -- 1 Introduction -- 1.1 The Hierarchical SCADA System -- 1.2 Cloud Deployments for a Nationwide SCADA System -- 2 Availability Computation in a Hierarchical SCADA Network -- 2.1 Availability Model for an Optical Network -- 2.2 Availability Computation -- 3 Availability Assessment in the SCADA System Managing the Italian Electricity Grid -- 4 Conclusion -- References -- Railway System Failure Scenario Analysis -- 1 Introduction -- 2 Failure Scenario Analysis: From Power Grid to Railway -- 2.1 NESCOR Failure Scenarios for the Energy Sector -- 2.2 Toward Railway Transportation Failure Scenarios -- 3 Sample Railway System Failure Scenarios -- 3.1 Compromised HMI Sends Malicious Commands to Devices -- 3.2 SCADA Firewall Fails and Critical Traffic Cannot Reach Devices -- 4 Analyzing Scenarios for a Railway System -- 4.1 Failure Scenario Analysis Tool -- 4.2 Case Study: Deploying SCADA Firewalls -- 4.3 Discussion -- 5 Related Work -- 6 Conclusion -- References -- Tamper Resistant Secure Digital Silo for Log Storage in Critical Infrastructures -- 1 Introduction -- 1.1 Contribution -- 1.2 Organization -- 2 Motivation -- 3 Background -- 3.1 Intel Software Guard Extensions (SGX) -- 3.2 Trusted Platform Module (TPM) -- 3.3 Enterprise Cryptographic Filesystem (eCryptfs) -- 3.4 Secure Block Device (SBD) -- 4 Design -- 5 Implementation and Evaluation -- 6 Conclusions and Future Work -- References. Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol. |
| Record Nr. | UNINA-9910484853903321 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Critical Information Infrastructures Security [[electronic resource] ] : 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers / / edited by Erich Rome, Marianthi Theocharidou, Stephen Wolthusen
| Critical Information Infrastructures Security [[electronic resource] ] : 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers / / edited by Erich Rome, Marianthi Theocharidou, Stephen Wolthusen |
| Edizione | [1st ed. 2016.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2016 |
| Descrizione fisica | 1 online resource (XIII, 266 p. 74 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computers and civilization Computer communication systems Application software Computer system failures Management information systems Computer science Systems and Data Security Computers and Society Computer Communication Networks Information Systems Applications (incl. Internet) System Performance and Evaluation Management of Computing and Information Systems |
| ISBN | 3-319-33331-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Critical information infrastructure protection -- Critical infrastructure resilience assessment -- Emergency management: critical infrastructure preparedness -- Modelling, simulation and analysis approaches -- Electric grid protection and resilience -- CIPRNet young CRITIS award candidate papers. |
| Record Nr. | UNISA-996465971003316 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2016 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Critical Information Infrastructures Security : 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers / / edited by Erich Rome, Marianthi Theocharidou, Stephen Wolthusen
| Critical Information Infrastructures Security : 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers / / edited by Erich Rome, Marianthi Theocharidou, Stephen Wolthusen |
| Edizione | [1st ed. 2016.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2016 |
| Descrizione fisica | 1 online resource (XIII, 266 p. 74 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computers and civilization Computer communication systems Application software Computer system failures Management information systems Computer science Systems and Data Security Computers and Society Computer Communication Networks Information Systems Applications (incl. Internet) System Performance and Evaluation Management of Computing and Information Systems |
| ISBN | 3-319-33331-3 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Critical information infrastructure protection -- Critical infrastructure resilience assessment -- Emergency management: critical infrastructure preparedness -- Modelling, simulation and analysis approaches -- Electric grid protection and resilience -- CIPRNet young CRITIS award candidate papers. |
| Record Nr. | UNINA-9910484378303321 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2016 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||