The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within...
详细信息
ISBN:
(纸本)9781509060580
The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within connected cars. The security of connected cars and the whole vehicular ecosystem is thus of utmost importance for consumer trust and acceptance of this emerging technology. This paper describes an approach for on-board detection of unanticipated sequences of events in order to identify suspicious activities. The results show that this approach is fast enough for in-vehicle application at runtime. Several behavior models and synchronization strategies are analyzed in order to narrow down suspicious sequences of events to be sent in a privacy respecting way to a global security operations center for further in-depth analysis.
"security needs to be aligned with business". Business situational awareness is the ability to continually monitor ongoing actions and events related to business operations and estimate the immediate and clo...
详细信息
ISBN:
(纸本)9783319253602;9783319253596
"security needs to be aligned with business". Business situational awareness is the ability to continually monitor ongoing actions and events related to business operations and estimate the immediate and close-future impact of the new information. This ability is crucial for business continuity and should encompass all associated aspects. Considering the growing dependability of businesses on IT on the one hand, and ever increasing threats on the other, IT security aspects should get adequate attention in the awareness system. We present an approach to raise business situational awareness using an advanced method of predictive security analysis at runtime. It continually observes a system's event stream to find deviations from specified behavior and violations of security compliance rules. Operational models of the key processes are utilized to predict critical security states, evaluate possible countermeasures, and trigger corrective actions. A security information model maintains the security strategy and explains possible deviations from the originating goal. The approach is demonstrated on an industrial scenario from a European research project.
Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspe...
详细信息
ISBN:
(纸本)9781479927289
Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspects is growing in complexity with the increase in functionality, connectivity, and dynamics of process evolution. To tackle this complexity, the application of models is becoming standard practice. Considering today's frequent changes to processes, model-based support for security and compliance analysis is not only needed in pre-operational phases but also at runtime. This paper presents an approach to support evaluation of the security status of processes at runtime. The approach is based on operational formal models derived from process specifications and security policies comprising technical, organizational, regulatory and cross-layer aspects. A process behavior model is synchronized by events from the running process and utilizes prediction of expected close-future states to find possible security violations and allow early decisions on countermeasures. The applicability of the approach is exemplified by a misuse case scenario from a hydroelectric power plant.
It is somewhat problematic to evaluate the performance of security systems in the Internet due to complexity of these systems and the Internet itself. Therefore, modeling and simulation are becoming more and more impo...
详细信息
ISBN:
(数字)9783540376293
ISBN:
(纸本)9783540376286
It is somewhat problematic to evaluate the performance of security systems in the Internet due to complexity of these systems and the Internet itself. Therefore, modeling and simulation are becoming more and more important in optimizing the behavior of security systems, including security components intended for protecting various distributed geographic information systems (GIS). This paper presents an approach and software simulation environment for comprehensive investigation of the security Operation Center (SOCBox) system which is in essence an intrusion detection "metasystem". SOCBox collects data from a wide range of sources (intrusion detection systems (IDS), firewalls, routers, workstations, etc.) and therefore has a global view on the network. The simulation environment has been developed formerly for Distributed Denial of Service (DDoS) attacks and defense simulation. This tool is characterized by agent-oriented approach, the packet-based imitation of network security processes and the open library of different attacks and defense mechanisms. We consider the SOCBox structure, the simulation environment architecture, the SOCBox models in the simulation environment and peculiarities of SOCBox simulation.
暂无评论