(in) Security - Academic Conferences Limited

More documents

Recommendations

Info

Analysis and Modelling of Critical Infrastructure Systems Graeme Pye and Matthew Warren Deakin University, Geelong, Australia graeme@deakin.edu.au mwarren@deakin.edu.au Abstract: The increasing complexity and interconnectedness of critical infrastructure systems, including the information systems and communication networks that support their existence and functionality, poses questions and challenges. Particularly, in terms of modelling and analysis of the security, survivability and ultimately reliability and continued availability of critical infrastructure systems and the services they deliver to modern society. The focus of this research enquiry is with regard to critiquing and modelling critical infrastructure systems. There are numerous systems analyse and modelling approaches that outline any number of differing methodological approaches, each with their own characteristics, expertise, strengths and weaknesses. The intention of this research is to investigate the merit of applying a ‘softer’ approach to critical infrastructure system security analysis and modelling that broadly views the systems in holistic terms, including their relationships with other systems. The intention is not to discuss or criticise existing research applying quantitative approaches, but to discuss a ‘softer’ system analysis and modelling approach in a security context that is adaptable to analysis modelling of critical infrastructure systems. Keywords: critical infrastructure, security analysis, systems modelling 1. Introduction The interactive nature and characteristics of critical infrastructure systems presents several theoretical and practical challenges to modelling, prediction, simulation and analysis of the causal behaviours and security factors both within and between mixes of differing system types. Furthermore, understanding the potential impacts of interdependency relationships as infrastructures evolve and change in operational regulations governing critical infrastructure systems is an important consideration (Brown et al 2004). The interactions and responses are neither universally applicable nor transferable between independent, single critical infrastructure systems or interconnected multiple system configurations. Critical infrastructure systems comprise a heterogeneous mixture of dynamic, interactive, non-linear elements, unscheduled discontinuations and numerous other influential impositions and behaviours (Macdonald & Bologna 2003). These configurations and behaviours present significant challenges to the security analysis and modelling of critical infrastructure systems. 2. System analysis and modelling considerations Systems generally consist of a collection of lower level elements or subsystems that work together in a cooperative manner toward the greater overarching goal of the system. Furthermore, the characteristics of systems vary considerably and are largely the result of the type of system, open or closed, and the external environment that interacts and influences system functionality generally. Additionally, the relationships and influences exerted between subsystems also have a part to play in comprehending the subject system’s functionality and responses to differing circumstances. 2.1 System modelling themes In general terms, applying the system security analysis or system modelling approaches to represent an interpretive conceptualisation of a real-world system (Berntsen et al nd) provides a means of viewing the important aspects or essence of the system at various levels, depending on the particular system modelling theme. For example, other common system modelling and analysis themes are as follows (Avison 2003a): A three-level view, where the conceptual level is a descriptive high-level overview of the system domain, the logical level describing the system goals and intention, while the physical level describes the system itself including the technologies involved. Process modelling theme describes the logical analysis of the processes within the system and is a discipline that applies a basic technique of functional decomposition, which breaks down a complex problem into smaller, more manageable detail. Data analysis theme involves comprehending and documenting the data elements and their relationships within the system. 194
Graeme Pye and Matthew Warren Object-orientated theme models objects that represent elements of the system including people, data, processes and the interaction of these objects. These themes are each applicable to general system analysis or modelling in the terms of their specific characteristics of application, however there is no singular theme directly applicable for critiquing and modelling critical infrastructure systems. 2.2 Blending methodological approaches As Avison (2003b) outlines, methodologies provide a set detailed rules and guidelines to follow and work to that deliver a highly structured design approach to the specific task they are to address. Therefore, in the logical extension lies in utilising a number of individual themes or approaches in combination, to bring together characteristics of each specific method to provide specific expertise to meet the overall practical criteria and intention of critiquing and modelling of critical infrastructure systems (Wood-Harper et al 1985). Therefore, a blended methodological approach utilising multiple system analysis and system modelling approaches in combination would conceivably bring together the characteristics of each that is applicable to achieving the overall goal of critiquing and modelling critical infrastructure systems. 2.3 System analysis modelling Other modelling approaches related to information system analysis that Dennis et al (2009) discusses are as follows: Functional modelling is a description of the processes and the interaction of the system with its environment. Structural modelling is a conceptual description of the structure of the data supporting the processes and presents the logical organisation of data without focussing on the technical details of how the data is stored, created or manipulated. Behavioural modelling describes the internal dynamic aspects of a system that support the processes by describing the internal logic of the processes without specifying the process implementation. While these approaches may not necessarily be directly applicable to this research, in terms of critiquing and modelling critical infrastructure systems there are elements of these approaches that are complimentary to system analysis and the principles of system modelling. The principle intention of system security analysis is to determine an intricate understanding of the focal systems to identify and monitor potential system vulnerabilities and develop solutions. An additional approach to enhance the insights gained from system analysis into the functional characteristics, security and structural features of systems is to develop a model of the subject system that conceptually represents the focal, real-world system of interest for further investigation. 3. Analysis and modelling: The challenges The challenges of analysing and modelling such large-scale systems, including their dependency relationships with other systems and their non-linear and time-dependent behaviour, remain largely undetermined. According to McDonald and Bologna (2003), mathematical models of critical infrastructure systems are vague and there are no applicable methodologies for assessing and comprehending the intricacies of critical infrastructure systems. Add to this the effects of human interaction, from both the perspective of a susceptibility to instigate failure and adaptability to manage and recover wayward systems. This requires that modelling these networked critical infrastructure systems is not only about modelling the subject system itself, but incorporating consequential rationality of actual human thinking, responses and reactions, including the topology and dynamics of these large complex network systems (Macdonald & Bologna ibid, Peters et al 2008). Furthermore, there are additional complexity factors with network systems that are inherently difficult to comprehend (McDonald & Bologna 2003): Structural complexity – increasing number of nodes and links between nodes; Network evolution – the structural linkage which could change over time; 195
Page 1 and 2:
Proceedings of the 10th European Co
Page 3 and 4:
Contents Paper Title Author(s) Page
Page 5 and 6:
Paper Title Author(s) Page No. PhD
Page 7 and 8:
Biographies of Conference Chairs, P
Page 9 and 10:
esearch and teaching interest inclu
Page 11:
Tampere, Military History and Strat
Page 14 and 15:
Kari Alenius power and stayed there
Page 16 and 17:
Kari Alenius The last two closely r
Page 18 and 19:
Kari Alenius Bush, G. W. (2003-03-1
Page 20 and 21:
Dominic Asamoah and William Oblitey
Page 22 and 23:
Dominic Asamoah and William Oblitey
Page 24 and 25:
Debi Ashenden cyberspace. As a resu
Page 26 and 27:
Debi Ashenden (specifically the Bus
Page 28 and 29:
Debi Ashenden implications are. It
Page 30 and 31:
David Barnard-Wills Karen Fierke su
Page 32 and 33:
David Barnard-Wills justifies prior
Page 34 and 35:
David Barnard-Wills The extent to w
Page 36 and 37:
Potential Threats of UAS Swarms and
Page 38 and 39:
Isolated individuals Laurent Beaudo
Page 40 and 41:
Laurent Beaudoinet al. priori the s
Page 42 and 43:
Laurent Beaudoinet al. about approp
Page 44 and 45:
Alexander Bligh The following paper
Page 46 and 47:
Alexander Bligh Are differences in
Page 48 and 49:
Alexander Bligh Characterization of
Page 50 and 51:
A Secure Architecture for Electroni
Page 52 and 53:
Paul Crocker and Vasco Nicolau Spo
Page 54 and 55:
4.2 General overview Paul Crocker a
Page 56 and 57:
4.3 Security layer Paul Crocker and
Page 58 and 59:
Paul Crocker and Vasco Nicolau The
Page 60 and 61:
Figure 14: Strong biometric authent
Page 62 and 63:
Evaluation of the Armed Forces Webs
Page 64 and 65:
1.2 The problem Pedro Cunha et al.
Page 66 and 67:
Pedro Cunha et al. Another obtained
Page 68 and 69:
Pedro Cunha et al. When classifying
Page 70 and 71:
Christian Czosseck et al. The 2007
Page 72 and 73:
3.1 Penal code Christian Czosseck e
Page 74 and 75:
Christian Czosseck et al. Political
Page 76 and 77:
Christian Czosseck et al. file_id=1
Page 78 and 79:
Christian Czosseck and Karlis Podin
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Moses Dlamini et al. then tested in
Page 88 and 89:
Moses Dlamini et al. Network of Liv
Page 90 and 91:
Moses Dlamini et al. phase. This is
Page 92 and 93:
Moses Dlamini et al. Santoro, R. an
Page 94 and 95:
João Ferreira et al. Host-based In
Page 96 and 97:
5. Proposed solution João Ferreira
Page 98 and 99:
João Ferreira et al. Therefore, pu
Page 100 and 101:
5.5 Profile updating João Ferreira
Page 102 and 103:
João Ferreira et al. Lynch, D.M. (
Page 104 and 105:
Eric Filiol et al. exist as well an
Page 106 and 107:
Eric Filiol et al. Level 2: warnin
Page 108 and 109:
Eric Filiol et al. method “saveAs
Page 110 and 111:
puts("Key Generated"); Eric Filiol
Page 112 and 113:
eturn -1; size = strlen(file); rt =
Page 114 and 115:
4.2 Email wiretapping Eric Filiol e
Page 116 and 117:
Eric Filiol et al. For Each myItem2
Page 118 and 119:
The Computer Security of Public/Ope
Page 120 and 121:
A USB stick containing portable app
Page 122 and 123:
Eric Filiol Figure 2: Document of t
Page 124 and 125:
Eric Filiol when pluging those USB
Page 126 and 127:
Marthie Grobler et al. for launchin
Page 128 and 129:
Marthie Grobler et al. situation ha
Page 130 and 131:
Marthie Grobler et al. meaning of s
Page 132 and 133:
Number of responses 5 4 3 2 1 0 Phy
Page 134 and 135:
Missionaries of Peace - The Creatio
Page 136 and 137:
Marja Härmänmaa In most cases the
Page 138 and 139:
Marja Härmänmaa romanità, to ser
Page 140 and 141:
Arto Hirvelä OPSEC is concerned wi
Page 142 and 143:
Arto Hirvelä feeling and action of
Page 144 and 145:
Live-Action Role-Play as a Scenario
Page 146 and 147:
Sara Hjalmarsson Cohn et al. (2002)
Page 148 and 149:
Sara Hjalmarsson experience may be
Page 150 and 151:
Sara Hjalmarsson The methodology us
Page 152 and 153:
Sara Hjalmarsson ELIN (2010). “We
Page 154 and 155:
Aki-Mauri Huhtinen between Wikileak
Page 156 and 157: Aki-Mauri Huhtinen example, militar
Page 158 and 159: 4.3 Games of the 'postmodern world'
Page 160 and 161: Information Security Culture or Inf
Page 162 and 163: Ilona Ilvonen an explicit form and
Page 164 and 165: Ilona Ilvonen All of the previous s
Page 166 and 167: Ilona Ilvonen Schlienger, T. & Teuf
Page 168 and 169: Saara Jantunen The Revolution in Mi
Page 170 and 171: Saara Jantunen Table 1: "Sample IO
Page 172 and 173: Saara Jantunen neutralization — (
Page 174 and 175: Saara Jantunen Raytheon (2010) 'Tim
Page 176 and 177: Saara Jantunen and Aki-Mauri Huhtin
Page 184 and 185: Evolutionary Algorithms for Optimal
Page 186 and 187: Jüri Kivimaa and Toomas Kirt Laye
Page 188 and 189: 2.2 Model optimization Jüri Kivima
Page 190 and 191: Jüri Kivimaa and Toomas Kirt 5.1.1
Page 192 and 193: Jüri Kivimaa and Toomas Kirt Fogel
Page 194 and 195: Jüri Kivimaa and Toomas Kirt As we
Page 196 and 197: Jüri Kivimaa and Toomas Kirt evolu
Page 198 and 199: Luís Mendonça and Henrique Santos
Page 208 and 209: Graeme Pye and Matthew Warren Conn
Page 210 and 211: Graeme Pye and Matthew Warren 4. Cr
Page 212 and 213: Graeme Pye and Matthew Warren 7. Au
Page 214 and 215: Modelling Relational Aspects of Cri
Page 216 and 217: Graeme Pye and Matthew Warren Tradi
Page 218 and 219: Graeme Pye and Matthew Warren envir
Page 220 and 221: Graeme Pye and Matthew Warren A fe
Page 222 and 223: Graeme Pye and Matthew Warren North
Page 224 and 225: 3. eGovernment stages @ Kasi Raju T
Page 226 and 227: Kasi Raju Facilities like single-w
Page 228 and 229: Figure 2: Usage of online facilitie
Page 230 and 231: Kasi Raju Figure 5: Suggestion for
Page 232 and 233: Kasi Raju Figure 6b: Future plan to
Page 234 and 235: Neil Rowe et al. date. It is time t
Page 236 and 237: Neil Rowe et al. sampling of traffi
Page 238 and 239: Neil Rowe et al. (Erbschloe 2001).
Page 240 and 241: Distributed Denial of Service Attac
Page 242 and 243: 2.1.1 Smurf / ICMP Libor Sarga and
Page 244 and 245: Figure 2: Procedural decision-makin
Page 246 and 247: Libor Sarga and Roman Jašek eBay s
Page 248 and 249: References Libor Sarga and Roman Ja
Page 250 and 251: Małgorzata Skórzewska-Amberg and
Page 252 and 253: Małgorzata Skórzewska-Amberg trat
Page 254 and 255: Małgorzata Skórzewska-Amberg Rest
Page 256 and 257:
Małgorzata Skórzewska-Amberg It i
Page 258 and 259:
Ewald Stieger and Rossouw von Solms
Page 260 and 261:
Page 262 and 263:
4.2.5 Evolving Ewald Stieger and Ro
Page 264 and 265:
Page 266 and 267:
Anna-Maria Talihärm all have impac
Page 268 and 269:
Anna-Maria Talihärm introducing co
Page 270 and 271:
Anna-Maria Talihärm among the many
Page 272 and 273:
Anna-Maria Talihärm Council of Eur
Page 274 and 275:
Risto Vaarandi monitoring, since th
Page 276 and 277:
Risto Vaarandi supersets with the s
Page 278 and 279:
Risto Vaarandi During the experimen
Page 280 and 281:
Locating the Enemy Marja Vuorinen U
Page 282 and 283:
Marja Vuorinen Needless to say, an
Page 284 and 285:
Marja Vuorinen society into lower,
Page 286 and 287:
Marja Vuorinen Huhta, I. (2001) ”
Page 288 and 289:
Matthew Warren and Shona Leitch In
Page 290 and 291:
Matthew Warren and Shona Leitch 39
Page 292 and 293:
Matthew Warren and Shona Leitch thi
Page 294 and 295:
282
Page 296 and 297:
Mudassar Aslam and Christian Gehrma
Page 298 and 299:
Table 1: Telecommunication cloud th
Page 300 and 301:
Page 302 and 303:
Page 304 and 305:
Anthony Desnos and Geoffroy Gueguen
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Regulatory Compliance to Ensure Inf
Page 312 and 313:
2.1 Research model Andro Kull The i
Page 314 and 315:
Andro Kull IT risk management is th
Page 316 and 317:
Andro Kull Presented classic inform
Page 318 and 319:
Andro Kull Risk assessment was ment
Page 320 and 321:
Fudong Li et al. several networks s
Page 322 and 323:
Fudong Li et al. users have the fre
Page 324 and 325:
Fudong Li et al. Table 4: Experimen
Page 326 and 327:
Fudong Li et al. authentication mec
Page 328 and 329:
2. COBIT Teresa Pereira and Henriqu
Page 330 and 331:
ITIL Transition; ITIL Operation;
Page 332 and 333:
Teresa Pereira and Henrique Santos
Page 334 and 335:
6. Conclusions and future work Tere
Page 336 and 337:
Mirva Salminen shooting and the dis
Page 338 and 339:
Mirva Salminen supplement to the US
Page 340 and 341:
Mirva Salminen armed vehicle. A thi
Page 342 and 343:
330
Page 344 and 345:
332
Page 346 and 347:
Andrea Rigoni and Salvatore Di Blas
Page 348 and 349:
Andrea Rigoni and Salvatore Di Blas
Page 350 and 351:
338
Page 352 and 353:
Robert Erra Denial Of Services (DOS
show all

(in) Security - Academic Conferences Limited

Create successful ePaper yourself

Delete template?

Save as template?