WorldWideScience

Sample records for control systems security

  1. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  2. Power System Security and Stability Control Company

    Institute of Scientific and Technical Information of China (English)

    2012-01-01

    Branch Company Profile Power System Security and Stability Control Company is called "NARI Stability" to externals. It has a scientific research team, led by Prof. Yusheng Xue, who is an international renowned expert on stability technology, and an academician of the Chinese Academy of Engineering. Based on support and service of security and stability control technology and equipment,

  3. Security of Operation on CSR Control System

    Institute of Scientific and Technical Information of China (English)

    GouShizhe; QiaoWeimin; JingLan

    2003-01-01

    It is important to the security of operation on the CSR control system. In order to keep the CSR control system in security environment, the following work has been done. Firstly, it can be set up a domain service, and every important services can join in it, such as databasese rvices, front web services and every interactive operating browsers, and limited the browsers right by using policy of the domain. After this, the browsers can't modify the setting of the browser, and it can keep every computers and browsers in security by preventing some virus into each computer. The domain services of control system is shown in Fig.1.

  4. Lecture 13: Control System Cyber Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  5. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  6. Handbook of SCADA/control systems security

    CERN Document Server

    Radvanovsky, Robert

    2013-01-01

    The availability and security of many services we rely upon-including water treatment, electricity, healthcare, transportation, and financial transactions-are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within

  7. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  8. Recommended Practice for Securing Control System Modems

    Energy Technology Data Exchange (ETDEWEB)

    James R. Davidson; Jason L. Wright

    2008-01-01

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  9. Selecting RMF Controls for National Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  10. Comparison of Routable Control System Security Approaches

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  11. Security of legacy process control systems : Moving towards secure process control systems

    NARCIS (Netherlands)

    Oosterink, M.

    2012-01-01

    This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that ne

  12. Security of legacy process control systems : Moving towards secure process control systems

    NARCIS (Netherlands)

    Oosterink, M.

    2012-01-01

    This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that

  13. Security Metrics in Industrial Control Systems

    CERN Document Server

    Collier, Zachary A; Ganin, Alexander A; Kott, Alex; Linkov, Igor

    2015-01-01

    Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of the system are achieved. Metrics can provide cyber defenders of an ICS with critical insights regarding the system. Metrics are generally acquired by analyzing relevant attributes of that system. In terms of cyber security metrics, ICSs tend to have unique features: in many cases, these systems are older technologies that were designed for functionality rather than security. They are also extremely diverse systems that have different requirements and objectives. Therefore, metrics for ICSs must be tailored to a diverse group of systems with many features and perform many different functions. In this chapter, we first...

  14. Control Systems Security Test Center - FY 2004 Program Summary

    Energy Technology Data Exchange (ETDEWEB)

    Robert E. Polk; Alen M. Snyder

    2005-04-01

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  15. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in t

  16. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  17. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  18. Process Control Systems in the Chemical Industry: Safety vs. Security

    Energy Technology Data Exchange (ETDEWEB)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  19. Research and realization of info-net security controlling system

    Science.gov (United States)

    Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-03-01

    The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

  20. Mitigations for Security Vulnerabilities Found in Control System Networks

    Energy Technology Data Exchange (ETDEWEB)

    Trent D. Nelson

    2006-05-01

    Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

  1. Cyber Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  2. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  3. Challenges and opportunities in securing industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.; Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.

    Industrial Control Systems (ICS) are used for operating and monitoring industrial processes. Recent reports state that current ICS infrastructures are not sufficiently protected against cyber threats. Unfortunately, due to the specific nature of these systems, the application of common security

  4. IT Security Aspects of Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Peter Holecko

    2006-01-01

    Full Text Available This paper discusses a set of general network system architectures for industrial process control systems as well as vulnerabilities related to these systems and the IT threats these systems are exposed to from the point of view of Common Criteria methodology and ITU-T recommendation X.805.

  5. Designing a Machinery Control System (MCS) Security Testbed

    Science.gov (United States)

    2014-09-01

    smart carrier machinery control system SCADA supervisory control and data acquisition SPST single pole single throw TF functional test TE exception...in Supervisory Control and Data Acquisition ( SCADA ) systems, industrial control systems (ICS’s) and machinery control systems (MCS’s). Today’s modern...for newly discovered security flaws. The concern over vulnerabilities in SCADA systems is due to the equipment they control and their impact, as an

  6. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  7. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  8. Measurable Control System Security through Ideal Driven Technical Metrics

    Energy Technology Data Exchange (ETDEWEB)

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

  9. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadžiosmanović, Dina

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important. I

  10. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important. I

  11. Secure Control Systems for the Energy Sector

    Energy Technology Data Exchange (ETDEWEB)

    Smith, Rhett [Schweitzer Engineering Lab., Inc., Alpharetta, GA (United States); Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2014-10-22

    The Padlock Project is an alliance between Tennessee Valley Authority (TVA), Sandia National Laboratories (SNL), and Schweitzer Engineering Laboratories Inc. (SEL). SEL is the prime contractor on the Padlock project. Rhett Smith (SEL) is the project director and Adrian Chaves (SNL) and John Stewart (TVA) are principle investigators. SEL is the world’s leader in microprocessor-based electronic equipment for protecting electric power systems. The Tennessee Valley Authority, a corporation owned by the U.S. government, provides electricity for 9 million people in parts of seven southeastern states at prices below the national average. TVA, which receives no taxpayer money and makes no profits, also provides flood control, navigation and land management for the Tennessee River system and assists utilities, and state and local governments with economic development.

  12. Security of the data transmission in the industrial control system

    Directory of Open Access Journals (Sweden)

    Marcin Bednarek

    2015-12-01

    Full Text Available The theme of this paper is to present the data transmission security system between the stations of the industrial control system. The possible options for secure communications between process stations, as well as between process and operator station are described. Transmission security mechanism is based on algorithms for symmetric and asymmetric encryption. The authentication process uses a software token algorithm and a one-way hash function. The algorithm for establishing a secured connection between the stations, including the authentication process and encryption of data transmission is given. The process of securing the transmission consists of 4 sub-processes: (I authentication; (II asymmetric, public keys transmission; (III symmetric key transmission; (IV data transmission. The presented process of securing the transmission was realized in the industrial controller and emulator. For this purpose, programming languages in accordance with EN 61131 were used. The functions were implemented as user function blocks. This allows us to include a mixed code in the structure of the block (both: ST and FBD. Available function categories: support of the asymmetric encryption; asymmetric encryption utility functions; support of the symmetric encryption; symmetric encryption utility functions; support of the hash value calculations; utility functions of conversion.[b]Keywords[/b]: transmission security, encryption, authentication, industrial control system

  13. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  14. Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

    Science.gov (United States)

    Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

    2017-05-01

    This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

  15. IT Security Support for the Spaceport Command Control System Development

    Science.gov (United States)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  16. Challenges and opportunities in securing industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.; Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.

    2012-01-01

    Industrial Control Systems (ICS) are used for operating and monitoring industrial processes. Recent reports state that current ICS infrastructures are not sufficiently protected against cyber threats. Unfortunately, due to the specific nature of these systems, the application of common security coun

  17. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  18. IT Security Support for Spaceport Command and Control System

    Science.gov (United States)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  19. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  20. Security-Control Systems and Automation in Contemporary Buildings

    Directory of Open Access Journals (Sweden)

    Saadet Aytıs

    1999-05-01

    Full Text Available As a result of the developing technology, major renovations related to the security control systems and to building automation applications on contemporary buildings have appeared. The main item of the control systems is the entry system with cards and passwords and this is applied almost in all the large contemporary buildings. The entry and exit to/from the carparking is getting to be as important as the entry and exit to/from the building. Thus, specific measures to stop the security system being already perforated in the parking are needed. Warning systems with a great range of different detectors against various dangers that run connected to the mainframe computers and that turn on the system in case of danger are taken into consideration. The fact of obtaining all comfort conditions desired in the contemporary high space buildings and functioning of the first-aid systems are fully realized by computers with the help of systems that are called “Building Automation System” (BAS. All inspection, energy saving and security controls are achieved through these systems. In the buildings where building automation systems are applied, trained personel is needed to keep the system running; and the training of the residents about the system gains more and more importance.

  1. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    Energy Technology Data Exchange (ETDEWEB)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  2. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    Energy Technology Data Exchange (ETDEWEB)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  3. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  4. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  5. Security Challenges in Smart-Grid Metering and Control Systems

    Directory of Open Access Journals (Sweden)

    Xinxin Fan

    2013-07-01

    Full Text Available The smart grid is a next-generation power system that is increasingly attracting the attention of government, industry, and academia. It is an upgraded electricity network that depends on two-way digital communications between supplier and consumer that in turn give support to intelligent metering and monitoring systems. Considering that energy utilities play an increasingly important role in our daily life, smart-grid technology introduces new security challenges that must be addressed. Deploying a smart grid without adequate security might result in serious consequences such as grid instability, utility fraud, and loss of user information and energy-consumption data. Due to the heterogeneous communication architecture of smart grids, it is quite a challenge to design sophisticated and robust security mechanisms that can be easily deployed to protect communications among different layers of the smart grid-infrastructure. In this article, we focus on the communication-security aspect of a smart-grid metering and control system from the perspective of cryptographic techniques, and we discuss different mechanisms to enhance cybersecurity of the emerging smart grid. We aim to provide a comprehensive vulnerability analysis as well as novel insights on the cybersecurity of a smart grid.

  6. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  7. Control Systems Cyber Security: Defense-in-Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  8. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  9. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-08-21

    ... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

  10. FACELOCK-Lock Control Security System Using Face Recognition-

    Science.gov (United States)

    Hirayama, Takatsugu; Iwai, Yoshio; Yachida, Masahiko

    A security system using biometric person authentication technologies is suited to various high-security situations. The technology based on face recognition has advantages such as lower user’s resistance and lower stress. However, facial appearances change according to facial pose, expression, lighting, and age. We have developed the FACELOCK security system based on our face recognition methods. Our methods are robust for various facial appearances except facial pose. Our system consists of clients and a server. The client communicates with the server through our protocol over a LAN. Users of our system do not need to be careful about their facial appearance.

  11. Management of Control System Information SecurityI: Control System Patch Management

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  12. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  13. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-05-24

    ...: RTCA Special Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation... 224, Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty-second meeting of the RTCA Special Committee 224, Airport Security Access...

  14. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-03-18

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from...

  15. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-07-22

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20,...

  16. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-11-30

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13,...

  17. 77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-03-15

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of meeting RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... 224, Airport Security Access Control Systems DATES: The meeting will be held April 5, 2012, from 10...

  18. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-04-12

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10,...

  19. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-09-11

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28,...

  20. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Science.gov (United States)

    2012-04-30

    ... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...

  1. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-10-23

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15,...

  2. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-02-04

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21,...

  3. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2012-01-17

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10...

  4. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  5. Power system security enhancement with unified power flow controller under multi-event contingency conditions

    National Research Council Canada - National Science Library

    S. Ravindra; Chintalapudi V. Suresh; S. Sivanagaraju; V.C. Veera Reddy

    2017-01-01

    .... An improved teaching learning based optimization (ITLBO) algorithm has been presented. To enhance the system security under contingency conditions in the presence of unified power flow controller (UPFC...

  6. 76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-09-26

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  7. 76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-08-16

    ... Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  8. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  9. Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

    Science.gov (United States)

    Takamura, Eduardo; Mangum, Kevin

    2016-01-01

    The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

  10. SAFCM: A Security-Aware Feedback Control Mechanism for Distributed Real-Time Embedded Systems

    DEFF Research Database (Denmark)

    Ma, Yue; Jiang, Wei; Sang, Nan

    2012-01-01

    -time systems, a multi-input multi-output feedback loop is designed and a model predictive controller is deployed based on an equation model that describes the dynamic behavior of the DRE systems. This control loop uses security level scaling to globally control the CPU utilization and security performance......Distributed Real-time Embedded (DRE) systems are facing great challenges in networked, unpredictable and especially unsecured environments. In such systems, there is a strong need to enforce security on distributed computing nodes in order to guard against potential threats, while satisfying...... the real-time requirements. This paper proposes a Security-Aware Feedback Control Mechanism (SAFCM) which has the ability to dynamically change the security level to guarantee soft real-time requirements and make the security protection as strong as possible. In order to widely support distributed real...

  11. 76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-02-18

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Access Control Systems (Update to DO-230B): Agenda March 10, 2011 Welcome/Introductions/Administrative... Federal Aviation Administration Fifth Meeting: RTCA Special Committee 224: Airport Security Access...

  12. 75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-10-06

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): November 2, 2010 Welcome/Introductions/Administrative Remarks Agenda... Federal Aviation Administration First Meeting: RTCA Special Committee 224: Airport Security Access...

  13. 76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-03-23

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): Agenda April 13, 2011 Welcome/Introductions/Administrative Remarks... Federal Aviation Administration Sixth Meeting: RTCA Special Committee 224: Airport Security Access...

  14. 75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-12-23

    ... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this... Control Systems (Update to DO-230B): Agenda January 13, 2011 Welcome/Introductions/Administrative Remarks... Federal Aviation Administration Third Meeting: RTCA Special Committee 224: Airport Security Access...

  15. Network attack detection and defense: securing industrial control systems for critical infrastructures (Dagstuhl Seminar 14292)

    NARCIS (Netherlands)

    Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

    2014-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

  16. Providing security for automated process control systems at hydropower engineering facilities

    Science.gov (United States)

    Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

    2016-12-01

    This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

  17. Intelligent monitoring, control, and security of critical infrastructure systems

    CERN Document Server

    Polycarpou, Marios

    2015-01-01

    This book describes the challenges that critical infrastructure systems face, and presents state of the art solutions to address them. How can we design intelligent systems or intelligent agents that can make appropriate real-time decisions in the management of such large-scale, complex systems? What are the primary challenges for critical infrastructure systems? The book also provides readers with the relevant information to recognize how important infrastructures are, and their role in connection with a society’s economy, security and prosperity. It goes on to describe state-of-the-art solutions to address these points, including new methodologies and instrumentation tools (e.g. embedded software and intelligent algorithms) for transforming and optimizing target infrastructures. The book is the most comprehensive resource to date for professionals in both the private and public sectors, while also offering an essential guide for students and researchers in the areas of modeling and analysis of critical in...

  18. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  19. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  20. Advanced Approach to Information Security Management System Model for Industrial Control System

    Science.gov (United States)

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

  1. Advanced approach to information security management system model for industrial control system.

    Science.gov (United States)

    Park, Sanghyun; Lee, Kyungho

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  2. Advanced Approach to Information Security Management System Model for Industrial Control System

    Directory of Open Access Journals (Sweden)

    Sanghyun Park

    2014-01-01

    Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  3. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    Science.gov (United States)

    Branch, Drew A.

    2014-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

  4. 76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-07-01

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held July 15, 2011, from 10 a.m. to 1 p.m....

  5. 76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2011-01-21

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 Meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held February 8, 2011, from 10 a.m. to 5...

  6. 75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Science.gov (United States)

    2010-11-24

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is... Access Control Systems. DATES: The meeting will be held December 9, 2010, from 10 a.m. to 5...

  7. Laser security systems

    Science.gov (United States)

    Kolev, Ivan S.; Stoeva, Ivelina S.

    2004-06-01

    This report presents the development of single-beam barrier laser security system. The system utilizes the near infrared (IR) range λ=(850-900)nm. The security system consists of several blocks: Transmitter; Receiver; Logical Unit; Indication; Power Supply. There are four individually software programmable security zones Z1 - Z4. The control logic is implemented on a PIC16F84 MCU. The infrared beam is a pulse pack, coded and modulated in the transmitter with frequency of 36 kHz. The receiver demodulates and decodes the beam. The software for the MCU is developed along with the electrical circuits of the security system.

  8. GSM-GPS Based Intelligent Security and Control System for Vehicle

    Directory of Open Access Journals (Sweden)

    Mr. Kiran Gaikwad

    2013-05-01

    Full Text Available The revolution of Mobile and Technology has made ‘GSM based vehicle security system’. The vehicle security system is prominent worldwide. But it is not so much secure system. Every vehicle owner wants maximum protection of his vehicle; otherwise thief can easily trap the vehicle. So, by combing the idea of mobile and vehicle security system GSM based vehicle security system can be designed. So this GSM-GPS based vehicle security system works when someone tries to steal your vehicle. This paper deals with the design {&} development of an embedded system, which is being used to prevent/control the theft of a vehicle. The instrument is an embedded system based on GSM and GPS technology. The instrument is installed in the engine of the vehicle. The main objective of this instrument is to protect the vehicle from any unauthorized access, through entering a protected password and intimate the status and location of the same vehicle to the authorize person (owner using Global System for Mobile Communication (GSM and Global Positioning System (GPS technology. Here owner of vehicle can control system through Cell phone or a personal computer (PC. In this system new concept is inclusion of RTC (Real Time Clock by which vehicle can be permanently off depending upon date and time set. This system is intelligent because it performs many tasks automatically and also control vehicle on/off from a distance

  9. Database Security System for Applying Sophisticated Access Control via Database Firewall Server

    OpenAIRE

    Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim

    2014-01-01

    Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...

  10. The implementation of the situational control concept of information security in automated training systems

    Directory of Open Access Journals (Sweden)

    A. M. Chernih

    2016-01-01

    Full Text Available The main approaches to ensuring security of information in the automated training systems are considered, need of application of situational management of security of information for the automated training systems is proved, the mathematical model and a problem definition of situational control is offered, the technique of situational control of security of information is developed.The purpose of the study. The aim of the study is to base the application of situational control of information security by subsystem of the control and protection of information in automated learning systems and to develop implementation methods of the situational control concept.Materials and methods. It is assumed that the automated learning system is a fragment of a larger information system that contains several information paths, each of them treats different information in the protection degree from information, containing constituting state secrets, to open access information.It is considered that the technical methods, measures and means of information protection in automated learning systems implement less than half (30% functions of subsystems of control and protection information. The main part of the functions of this subsystem are organizational measures to protect information. It is obvious that the task of ensuring the security of information in automated learning systems associated with the adoption of decisions on rational selection and proper combination of technical methods and institutional arrangements. Conditions of practical application of automated learning systems change over time and transform the situation of such a decision, and this leads to the use of situational control methods.When situational control is implementing, task of the protection of information in automated learning system is solved by the subsystem control and protection of information by distributing the processes ensuring the security of information and resources of

  11. From Fault-Diagnosis and Performance Recovery of a Controlled System to Chaotic Secure Communication

    Science.gov (United States)

    Hsu, Wen-Teng; Tsai, Jason Sheng-Hong; Guo, Fang-Cheng; Guo, Shu-Mei; Shieh, Leang-San

    Chaotic systems are often applied to encryption on secure communication, but they may not provide high-degree security. In order to improve the security of communication, chaotic systems may need to add other secure signals, but this may cause the system to diverge. In this paper, we redesign a communication scheme that could create secure communication with additional secure signals, and the proposed scheme could keep system convergence. First, we introduce the universal state-space adaptive observer-based fault diagnosis/estimator and the high-performance tracker for the sampled-data linear time-varying system with unanticipated decay factors in actuators/system states. Besides, robustness, convergence in the mean, and tracking ability are given in this paper. A residual generation scheme and a mechanism for auto-tuning switched gain is also presented, so that the introduced methodology is applicable for the fault detection and diagnosis (FDD) for actuator and state faults to yield a high tracking performance recovery. The evolutionary programming-based adaptive observer is then applied to the problem of secure communication. Whenever the tracker induces a large control input which might not conform to the input constraint of some physical systems, the proposed modified linear quadratic optimal tracker (LQT) can effectively restrict the control input within the specified constraint interval, under the acceptable tracking performance. The effectiveness of the proposed design methodology is illustrated through tracking control simulation examples.

  12. MOD control center automated information systems security evolution

    Science.gov (United States)

    Owen, Rich

    1991-01-01

    The role of the technology infusion process in future Control Center Automated Information Systems (AIS) is highlighted. The following subject areas are presented in the form of the viewgraphs: goals, background, threat, MOD's AISS program, TQM, SDLC integration, payback, future challenges, and bottom line.

  13. A secure and reliable monitor and control system for remote observing with the Large Millimeter Telescope

    Science.gov (United States)

    Wallace, Gary; Souccar, Kamal; Malin, Daniella

    2004-09-01

    Remote access to telescope monitor and control capabilities necessitates strict security mechanisms to protect the telescope and instruments from malicious or unauthorized use, and to prevent data from being stolen, altered, or corrupted. The Large Millimeter Telescope (LMT) monitor and control system (LMTMC) utilizes the Common Object Request Broker Architecture (CORBA) middleware technology to connect remote software components. The LMTMC provides reliable and secure remote observing by automatically generating SSLIOP enabled CORBA objects. TAO, the ACE open source Object Request Broker (ORB), now supports secure communications by implementing the Secure Socket Layer Inter-ORB Protocol (SSLIOP) as a pluggable protocol. This capability supplies the LMTMC with client and server authentication, data integrity, and encryption. Our system takes advantage of the hooks provided by TAO SSLIOP to implement X.509 certificate based authorization. This access control scheme includes multiple authorization levels to enable granular access control.

  14. Security Solutions for Networked Control Systems Based on DES Algorithm and Improved Grey Prediction Model

    Directory of Open Access Journals (Sweden)

    Liying Zhang

    2013-11-01

    Full Text Available Compared with the conventional control systems, networked control systems (NCSs are more open to the external network. As a result, they are more vulnerable to attacks from disgruntled insiders or malicious cyber-terrorist organizations. Therefore, the security issues of NCSs have been receiving a lot of attention recently. In this brief, we review the existing literature on security issues of NCSs and propose some security solutions for the DC motor networked control system. The typical Data Encryption Standard (DES algorithm is adopted to implement data encryption and decryption. Furthermore, we design a Detection and Reaction Mechanism (DARM on the basis of DES algorithm and the improved grey prediction model. Finally, our proposed security solutions are tested with the established models of deception and DOS attacks. According to the results of numerical experiments, it's clear to see the great feasibility and effectiveness of the proposed solutions above.

  15. Automatic Learning of Fine Operating Rules for Online Power System Security Control.

    Science.gov (United States)

    Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

    2016-08-01

    Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

  16. Power system security enhancement with unified power flow controller under multi-event contingency conditions

    Directory of Open Access Journals (Sweden)

    S. Ravindra

    2017-03-01

    Full Text Available Power system security analysis plays key role in enhancing the system security and to avoid the system collapse condition. In this paper, a novel severity function is formulated using transmission line loadings and bus voltage magnitude deviations. The proposed severity function and generation fuel cost objectives are analyzed under transmission line(s and/or generator(s contingency conditions. The system security under contingency conditions is analyzed using optimal power flow problem. An improved teaching learning based optimization (ITLBO algorithm has been presented. To enhance the system security under contingency conditions in the presence of unified power flow controller (UPFC, it is necessary to identify an optimal location to install this device. Voltage source based power injection model of UPFC, incorporation procedure and optimal location identification strategy based on line overload sensitivity indexes are proposed. The entire proposed methodology is tested on standard IEEE-30 bus test system with supporting numerical and graphical results.

  17. Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Milos Manic; Miles McQueen

    2012-09-01

    Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

  18. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  19. Evaluating the Level of Internal Control System in the Management of Financial Security of Bank

    Directory of Open Access Journals (Sweden)

    Pidvysotska Lyudmyla J.

    2017-06-01

    Full Text Available The article is aimed at studying the organization and technology of evaluation process of the internal control system of bank in order to ensure financial security management of its activities. The work of the internal audit service on monitoring and evaluating the performance of the bank’s internal control system was analyzed. It has been found that improving the level of financial security of commercial banks is conditional upon improvements in the quality of audits and the provision of sound and objective conclusions. The interrelation of the tasks of internal audit service and the tasks of bank’s financial security management has been determined. Methodological recommendations on evaluation of the bank’s internal control system on the basis of results of audit have been proposed.

  20. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  1. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  2. Summary of the Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2007-01-01

    Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. The (CS)2/HEP workshop held the weekend before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summa...

  3. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    A novel approach to managing development, verification, and validation artifacts for the European Train Control System as open, publicly available items is analyzed and discussed with respect to its implications on system safety, security, and certifiability. After introducing this so-called model...

  4. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  5. Roadmap to Secure Control Systems in the Chemical Sector

    Science.gov (United States)

    2009-09-01

    provide minimal protection against forgery of data or control messages. These issues are of particular concern in industries that rely on...Ammonia Refrigeration; • National Association of Chemical Distributors; • National Paint & Coatings Association; • National Petrochemical and

  6. Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

    Science.gov (United States)

    Gunawan, Ryan A.

    2016-01-01

    With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

  7. Improvement of system security with unified-power-flow controller at suitable locations under network contingencies of interconnected systems

    OpenAIRE

    Thukaram, D; Jenkins, L.; Visakha, K

    2005-01-01

    The operation and planning of large interconnected power systems are becoming increasingly complex. To maintain security of such systems, it is desirable to estimate the effect of contingencies and plan suitable measures to improve system security/stability. The paper presents an approach for selection of unified-power-flow-controller (UPFC-) suitable locations considering normal and network contingencies after evaluating the degree of severity of the contingencies. The ranking is evaluated u...

  8. Optimal placement of FACTS controller scheme for enhancement of power system security in Indian scenario

    Directory of Open Access Journals (Sweden)

    Imran Khan

    2015-09-01

    Full Text Available This paper presents a FACTS operation scheme to enhance the power system security. Three main generic types of FACTS devices are introduced. Line overloads are solved by controlling active power of series compensators and low voltages are solved by controlling reactive power of shunt compensators, respectively. Especially, the combined series-shunt compensators such as UPFC are applied to solve both line congestions and low voltages simultaneously. Two kinds of indices that indicate the security level related to line flow and bus voltage is utilized in this paper. They are iteratively minimized to determine operating points of the devices for security enhancement. The sensitivity vectors of the indices are derived to determine the direction of minimum. The proposed algorithm is verified on the IEEE 14-bus system with FACTS devices in a normal condition and in a line-faulted contingency.

  9. THE CYBERSECURITY OF AUTOMATED CONTROL SYSTEMS AS A KEY COMPONENT OF NATIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Galin R. Ivanov

    2016-10-01

    Full Text Available This article focuses on the current problems raised by the necessity to provide and ensure national cybersecurity. Moreover, it suggests measures for adequate counteraction to present-day cyber threats to automated control systems employed in the sector of national security.

  10. Control and Communication for a Secure and Reconfigurable Power Distribution System

    Science.gov (United States)

    Giacomoni, Anthony Michael

    A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the

  11. Summary of The 3rd Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2011-01-01

    Over the last decade modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. The Stuxnet worm of 2010 against a particular Siemens PLC is a unique example for a sophisticated attack against control systems [1]. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data being ...

  12. An RFID-based luggage and passenger tracking system for airport security control applications

    Science.gov (United States)

    Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

    2014-06-01

    Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

  13. Multi-Agent System based Event-Triggered Hybrid Controls for High-Security Hybrid Energy Generation Systems

    DEFF Research Database (Denmark)

    Dou, Chun-Xia; Yue, Dong; Guerrero, Josep M.

    2017-01-01

    This paper proposes multi-agent system based event- triggered hybrid controls for guaranteeing energy supply of a hybrid energy generation system with high security. First, a mul-ti-agent system is constituted by an upper-level central coordi-nated control agent combined with several lower...... switching control, distributed dynamic regulation and coordinated switching con-trol are designed fully dependent on the hybrid behaviors of all distributed energy resources and the logical relationships be-tween them, and interact with each other by means of the mul-ti-agent system to form hierarchical......-level unit agents. Each lower-level unit agent is responsible for dealing with internal switching control and distributed dynamic regula-tion for its unit system. The upper-level agent implements coor-dinated switching control to guarantee the power supply of over-all system with high security. The internal...

  14. A Chaotic Secure Communication System Design Based on Iterative Learning Control Theory

    Directory of Open Access Journals (Sweden)

    Leonardo Acho

    2016-10-01

    Full Text Available This paper presents an application of Iterative Learning Control (ILC theory to secure communication system design by using chaotic signals, where the logistic-map is employed as a source of chaos. Meanwhile, the ILC scheme is employed as a tool to encrypt and decrypt a message. A set of numerical experiments is realized to evidence the performance of our system, including the noisy case on the channels of communication of the proposed scheme.

  15. Clustering, concurrency control, crash recovery, garbage collection, and security in object-oriented database management systems

    OpenAIRE

    1991-01-01

    This paper presents considerations about several topics that have a direct influence on data reliability and performance in object oriented database management systems. These topics are: physical storage management (clustering), concurrency control, crash recovery, garbage collection, and database security. Each topic is illustrated by its application to the Tactical Database as designed for the Low Cost Combat Direction System Naval Postgraduate School, Department of Computer Science, Cod...

  16. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  17. Available transfer capability evaluation and enhancement using various FACTS controllers: Special focus on system security

    Directory of Open Access Journals (Sweden)

    M. Venkateswara Rao

    2016-03-01

    Full Text Available Nowadays, because of the deregulation of the power industry the continuous increase of the load increases the necessity of calculation of available transfer capability (ATC of a system to analyze the system security. With this calculation, the scheduling of generator can be decided to decrease the system severity. Further, constructing new transmission lines, new substations are very cost effective to meet the increasing load and to increase the transfer capability. Hence, an alternative way to increase the transfer capability is use of flexible ac transmission system (FACTS controllers. In this paper, SSSC, STACOM and UPFC are considered to show the effect of these controllers in enhancing system ATC. For this, a novel current based modeling and optimal location strategy of these controllers are presented. The proposed methodology is tested on standard IEEE-30 bus and IEEE-57 bus test systems with supporting numerical and graphical results.

  18. Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

    Science.gov (United States)

    Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

  19. Study on Mandatory Access Control in a Secure Database Management System

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

  20. Security, protection, and control of power systems with large-scale wind power penetration

    Science.gov (United States)

    Acharya, Naresh

    As the number of wind generation facilities in the utility system is fast increasing, many issues associated with their integration into the power system are beginning to emerge. Of the various issues, this dissertation deals with the development of new concepts and computational methods to handle the transmission issues and voltage issues caused by large-scale integration of wind turbines. This dissertation also formulates a probabilistic framework for the steady-state security assessment of wind power incorporating the forecast uncertainty and correlation. Transmission issues are mainly related to the overloading of transmission lines, when all the wind power generated cannot be delivered in full due to prior outage conditions. To deal with this problem, a method to curtail the wind turbine outputs through Energy Management System facilities in the on-line operational environment is proposed. The proposed method, which is based on linear optimization, sends the calculated control signals via the Supervisory Control and Data Acquisition system to wind farm controllers. The necessary ramping of the wind farm outputs is implemented either by the appropriate blade pitch angle control at the turbine level or by switching a certain number of turbines. The curtailment strategy is tested with an equivalent system model of MidAmerican Energy Company. The results show that the line overload in high wind areas can be alleviated by controlling the outputs of the wind farms step-by-step over an allowable period of time. A low voltage event during a system fault can cause a large number of wind turbines to trip, depending on voltages at the wind turbine terminals during the fault and the under-voltage protection setting of wind turbines. As a result, an N-1 contingency may evolve into an N-(K+1) contingency, where K is the number of wind farms tripped due to low voltage conditions. Losing a large amount of wind power following a line contingency might lead to system

  1. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  2. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  3. Power system security enhancement through direct non-disruptive load control

    Science.gov (United States)

    Ramanathan, Badri Narayanan

    The transition to a competitive market structure raises significant concerns regarding reliability of the power grid. A need to build tools for security assessment that produce operating limit boundaries for both static and dynamic contingencies is recognized. Besides, an increase in overall uncertainty in operating conditions makes corrective actions at times ineffective leaving the system vulnerable to instability. The tools that are in place for stability enhancement are mostly corrective and suffer from lack of robustness to operating condition changes. They often pose serious coordination challenges. With deregulation, there have also been ownership and responsibility issues associated with stability controls. However, the changing utility business model and the developments in enabling technologies such as two-way communication, metering, and control open up several new possibilities for power system security enhancement. This research proposes preventive modulation of selected loads through direct control for power system security enhancement. Two main contributions of this research are the following: development of an analysis framework and two conceptually different analysis approaches for load modulation to enhance oscillatory stability, and the development and study of algorithms for real-time modulation of thermostatic loads. The underlying analysis framework is based on the Structured Singular Value (SSV or mu) theory. Based on the above framework, two fundamentally different approaches towards analysis of the amount of load modulation for desired stability performance have been developed. Both the approaches have been tested on two different test systems: CIGRE Nordic test system and an equivalent of the Western Electric Coordinating Council test system. This research also develops algorithms for real-time modulation of thermostatic loads that use the results of the analysis. In line with some recent load management programs executed by utilities, two

  4. Secure estimation, control and optimization of uncertain cyber-physical systems with applications to power networks

    Science.gov (United States)

    Taha, Ahmad Fayez

    Transportation networks, wearable devices, energy systems, and the book you are reading now are all ubiquitous cyber-physical systems (CPS). These inherently uncertain systems combine physical phenomena with communication, data processing, control and optimization. Many CPSs are controlled and monitored by real-time control systems that use communication networks to transmit and receive data from systems modeled by physical processes. Existing studies have addressed a breadth of challenges related to the design of CPSs. However, there is a lack of studies on uncertain CPSs subject to dynamic unknown inputs and cyber-attacks---an artifact of the insertion of communication networks and the growing complexity of CPSs. The objective of this dissertation is to create secure, computational foundations for uncertain CPSs by establishing a framework to control, estimate and optimize the operation of these systems. With major emphasis on power networks, the dissertation deals with the design of secure computational methods for uncertain CPSs, focusing on three crucial issues---(1) cyber-security and risk-mitigation, (2) network-induced time-delays and perturbations and (3) the encompassed extreme time-scales. The dissertation consists of four parts. In the first part, we investigate dynamic state estimation (DSE) methods and rigorously examine the strengths and weaknesses of the proposed routines under dynamic attack-vectors and unknown inputs. In the second part, and utilizing high-frequency measurements in smart grids and the developed DSE methods in the first part, we present a risk mitigation strategy that minimizes the encountered threat levels, while ensuring the continual observability of the system through available, safe measurements. The developed methods in the first two parts rely on the assumption that the uncertain CPS is not experiencing time-delays, an assumption that might fail under certain conditions. To overcome this challenge, networked unknown input

  5. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  6. Control system design of high-voltage live cleaning robot based on security

    Institute of Scientific and Technical Information of China (English)

    谢霄鹏; 夏红卫; 杨汝清

    2004-01-01

    High-voltage live cleaning robot works in the hot-line environment (220 kV/330 kV), and so the safety of its application and equipment is most important. In terms of safety, the designs of robot mechanism and control system have been discussed, and the test data are given in control system of model machine. The model machine of high-voltage live cleaning robot can meet the need of cleaning basically in common condition. From manual operation to automation, the cleaning efficiency is improved. The robot can decrease amount of work, and ensure the security. Among high-voltage live cleaning equipment in China, the cleaning robot is advanced in automation and intelligence.

  7. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  8. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    NARCIS (Netherlands)

    Caselli, Marco

    2016-01-01

    “Networked control system” (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essent

  9. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  10. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    OpenAIRE

    Caselli, Marco

    2016-01-01

    “Networked control system” (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essential services such as en- ergy and water (e.g., critical infrastructures) to monitoring the increasingly smart environments that surround us (e.g., the Internet of Things). Over the years, NCS techn...

  11. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  12. Two-stage Security Controls Selection

    NARCIS (Netherlands)

    Yevseyeva, I.; Basto, Fernandes V.; Moorsel, van A.; Janicke, H.; Michael, Emmerich T. M.

    2016-01-01

    To protect a system from potential cyber security breaches and attacks, one needs to select efficient security controls, taking into account technical and institutional goals and constraints, such as available budget, enterprise activity, internal and external environment. Here we model the security

  13. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  14. System Security Management in SNMP

    Directory of Open Access Journals (Sweden)

    P. Deivendran

    2010-05-01

    Full Text Available We present a framework for managing system security, based on a SNMP Management Information Base (MIB, namely the System Security MIB (SSEC MIB, We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the realization of specific system security management functions independently of the underlying architecture. Our definitions pertain to multi-user; multi-tasking operating systems that support TCP/IP communications and a prototype of the SSEC MIB are under development for UNIX system. The proposed management framework follows the manager agent paradigm: an agent is installed on every system connected to the network, communicating with one or more central managers through a management protocol. We have tried not to heavily rely on polling for the manager-agent interaction by using as much as possible asynchronous notification mechanisms and allowing some limited delegated functionality for the agent (scheduling and handling of local scripts. The manager scans the agents for security information, sets specific parameters for monitoring and script execution and receives asynchronous notifications on specific events, whereas the agent maintains a MIB that provides the system-independent interface semantics, executes scripts for security scanning, performs monitoring & logging and generates the asynchronous notification PDUs.

  15. Network Security in Remote Supervisory Control

    Institute of Scientific and Technical Information of China (English)

    黄振国

    2001-01-01

    After an introduction to the implementation of supervisory computer control (SCC) through networks and the relevant security issues, this paper centers on the core of network security design: intelligent front-end processor (FEP), encryption/decryption method and authentication protocol. Some other system-specific security measures are also proposed. Although these are examples only, the techniques discussed can also be used in and provide reference for other remote control systems.

  16. Evaluation of Security of Mine Ventilation Systems

    Institute of Scientific and Technical Information of China (English)

    何书建; 彭担任; 翟成

    2002-01-01

    A mine ventilation system has a deterministic function for the safety of coal production and for the control of mine accidents. So, it has an importa nt meaning to evaluate the security of a mine ventilation system. This paper studied the evaluation index system of the security of a mine ventilation system, and the security of a mine ventilation system was described quantitatively in the saf ety degree. Finally, an example of the security evaluation was given .

  17. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  18. Coal Mines Security System

    Directory of Open Access Journals (Sweden)

    Ankita Guhe

    2012-05-01

    Full Text Available Geological circumstances of mine seem to be extremely complicated and there are many hidden troubles. Coal is wrongly lifted by the musclemen from coal stocks, coal washeries, coal transfer and loading points and also in the transport routes by malfunctioning the weighing of trucks. CIL —Coal India Ltd is under the control of mafia and a large number of irregularities can be contributed to coal mafia. An Intelligent Coal Mine Security System using data acquisition method utilizes sensor, automatic detection, communication and microcontroller technologies, to realize the operational parameters of the mining area. The data acquisition terminal take the PIC 16F877A chip integrated circuit as a core for sensing the data, which carries on the communication through the RS232 interface with the main control machine, which has realized the intelligent monitoring. Data management system uses EEPROM chip as a Black box to store data permanently and also use CCTV camera for recording internal situation. The system implements the real-time monitoring and displaying for data undermine, query, deletion and maintenance of history data, graphic statistic, report printing, expert diagnosis and decision-making support. The Research, development and Promote Application will provide the safeguard regarding the mine pit control in accuracy, real-time capacity and has high reliability.

  19. Research on System Access Control Based on Spring Security ACL%基于Spring Security ACL的系统访问控制研究

    Institute of Scientific and Technical Information of China (English)

    张朝日

    2011-01-01

    Spring Security ACL is an access control security framework, it can control all kinds of resource authority. This article introduces the concept and mechanism of Spring Security ACL, at the same time describes the implementation and process of Spring Security ACL security framework by example.%Spring Security ACL是一个权限访问控制框架,主要用采控制各种资源的访问权限.本文讲述Spring Security ACL的机制原理和理论研究,同时也通过一个简单的权限控制实现的例子演示Spring Security ACL的安全框架的实现方法和过程.

  20. SOSPO-SP: Secure Operation of Sustainable Power Systems Simulation Platform for Real-Time System State Evaluation and Control

    DEFF Research Database (Denmark)

    Morais, Hugo; Vancraeyveld, Pieter; Pedersen, Allan Henning Birger

    2014-01-01

    New challenges are arising in managing power systems as these systems become more complex due to the use of high levels of distributed generation, mainly based on renewable energy sources, and due to the competitive environment within the power sector. At the same time, the use of Phasor Measurem...... in a closed-loop, integrating new real-time assessment methods to provide useful information to operators in power system control centers and to develop new control methodologies that handle emergency situations and avoid power system blackouts....... Measurement Units (PMUs) provides more information and enables wide-area monitoring with accurate timing. One of the challenges in the near future is converting the high quantity and quality of information provided by PMUs into useful knowledge about operational state of a global system. The use of real......-time simulation in closed-loop is essential to develop and validate new real-time applications of wide-area PMU data. This paper presents a simulation platform developed within the research project Secure Operation of Sustainable Power Systems (SOSPO). The SOSPO simulation platform (SOSPO-SP) functions...

  1. A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong [KHNP CRI, Daejeon (Korea, Republic of)

    2016-10-15

    This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs.

  2. EFFECTIVENESS ASSESSMENT METHODOLOGY OF INFORMATION SECURITY MANAGEMENT SYSTEM THROUGH THE SYSTEM RESPONSE TIME TO INFORMATION SECURITY INCIDENTS

    OpenAIRE

    F. N. Shago

    2014-01-01

    Quality assessment of information security management system is an important step for obtaining baseline data for analysis of the security system control effectiveness, and evaluating implementation of the specified information security requirements of the organization. Proceeding from current analysis practice of information security management systems effectiveness assessment, it can be concluded that, in most cases, independent measurement of security control is carried out wit...

  3. Dynamic security assessment processing system

    Science.gov (United States)

    Tang, Lei

    The architecture of dynamic security assessment processing system (DSAPS) is proposed to address online dynamic security assessment (DSA) with focus of the dissertation on low-probability, high-consequence events. DSAPS upgrades current online DSA functions and adds new functions to fit into the modern power grid. Trajectory sensitivity analysis is introduced and its applications in power system are reviewed. An index is presented to assess transient voltage dips quantitatively using trajectory sensitivities. Then the framework of anticipatory computing system (ACS) for cascading defense is presented as an important function of DSAPS. ACS addresses various security problems and the uncertainties in cascading outages. Corrective control design is automated to mitigate the system stress in cascading progressions. The corrective controls introduced in the dissertation include corrective security constrained optimal power flow, a two-stage load control for severe under-frequency conditions, and transient stability constrained optimal power flow for cascading outages. With state-of-the-art computing facilities to perform high-speed extended-term time-domain simulation and optimization for large-scale systems, DSAPS/ACS efficiently addresses online DSA for low-probability, high-consequence events, which are not addressed by today's industrial practice. Human interference is reduced in the computationally burdensome analysis.

  4. First Dutch Process Control Security Event

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2008-01-01

    Many organisations do not manage the information security of their process control systems (PCS). As risk is increasing, there is an urgent need for publicprivate collaboration against potential cyber crime in this domain.

  5. Security Research on Engineering Database System

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

  6. Security Issues in Distributed Database System Model

    OpenAIRE

    MD.TABREZ QUASIM

    2013-01-01

    This paper reviews the most common as well as emerging security mechanism used in distributed database system. As distributed database became more popular, the need for improvement in distributed database management system become even more important. The most important issue is security that may arise and possibly compromise the access control and the integrity of the system. In this paper, we propose some solution for some security aspects such as multi-level access control, ...

  7. Security of earthquake disaster reduction system

    Institute of Scientific and Technical Information of China (English)

    JIN Bo; TAO Xia-xin; WEN Rui-zhi; DAI Zhi-yong

    2005-01-01

    No matter whether a system is operated manually or automatically controlled by computer, the system' s vulnerability always exists. Earthquake Disaster Reduction System (EDRS) belongs to the category of information system. According to the features of security for EDRS, the steps and the methods on how to build the EDRS security were analyzed. The EDRS security features, security strategies and security measures were also given through a distributed EDRS skeleton that has been applied. Because there was still no appointed and authoritative agency or organization to certify and test EDRS security in China, a national information technology security certification center was introduced and suggested for the certification of the EDRS security. Finally,several discussions and tendencies for the EDRS development were presented.

  8. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    Science.gov (United States)

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

  9. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  10. Secure Repayable Storage System

    Science.gov (United States)

    Alkharobi, T. M.

    This paper proposes a method to create a system that allows data to be stored in several locations in secure and reliable manner. The system should create several shares from the data such that only pre-specified subsets of these shares can be used to retrieve the original data. The shares then will be distributed to shareholders over a local and/or wide area network. The system should allow requesting some/all shares from shareholders and using them to rebuild the data.

  11. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  12. A novel optimization method of transient stability emergency control based on practical dynamic security region (PDSR) of power systems

    Institute of Scientific and Technical Information of China (English)

    YU; Yixin; LIU; Hui; ZENG; Yuan

    2004-01-01

    This paper proposes a novel optimization method of transient stability emergency control based on a new concept of the so-called extended practical dynamic security region (EPDSR) defined in this paper and four experiential laws about the EPDSRs found from a number of studies in real power systems. In this method, the effect of a control action is represented by the displacement of EPDSR's critical hyper-plane boundary in the direction of its outer normal vector. If an unstable contingency occurs, appropriate emergency control actions are triggered so that the enlarged EPDSR can cover the current operating point. Based on these ideas, a mathematics model of emergency control strategy is developed for minimizing its total cost and guaranteeing power system transient stability. The simulation results on the 10-generator, 39-bus New-England Test System as well as other real power systems have shown the validity of this method.

  13. Security Information System Digital Simulation

    Directory of Open Access Journals (Sweden)

    Tao Kuang

    2015-01-01

    Full Text Available The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protection is effective and feasible.

  14. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  15. An Effective Security Mechanism for M-Commerce Applications Exploiting Ontology Based Access Control Model for Healthcare System

    Directory of Open Access Journals (Sweden)

    S.M. Roychoudri

    2016-09-01

    Full Text Available Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has provided the way for personalization. Personalization is a term which refers to the delivery of information that is relevant to individual or group of individuals in the format, layout specified and in time interval. In this paper we propose an Ontology Based Access Control (OBAC Model that can address the permitted access control among the service providers and users. Personal Health Records sharing is highly expected by the users for the acceptance in mobile commerce applications in health care systems.

  16. Third Dutch Process Security Control Event

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    On June 4th, 2009, the third Dutch Process Control Security Event took place in Amsterdam. The event, organised by the Dutch National Infrastructure against Cybercrime (NICC), attracted both Dutch process control experts and members of the European SCADA and Control Systems Information Exchange (Eur

  17. Cyber (In-)security of Industrial Control Systems : A Societal Challenge

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2015-01-01

    Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures (CI), their products and services. Many of the CI services as well as other organizations use Industrial Control Systems (ICS) to monitor and control their mission-critical processes. Therefor

  18. Cyber (In-)security of Industrial Control Systems : A Societal Challenge

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2015-01-01

    Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures (CI), their products and services. Many of the CI services as well as other organizations use Industrial Control Systems (ICS) to monitor and control their mission-critical processes.

  19. Cyber (In-)security of Industrial Control Systems : A Societal Challenge

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2015-01-01

    Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures (CI), their products and services. Many of the CI services as well as other organizations use Industrial Control Systems (ICS) to monitor and control their mission-critical processes. Therefor

  20. Policy-based secure communication with automatic key management for industrial control and automation systems

    Science.gov (United States)

    Chernoguzov, Alexander; Markham, Thomas R.; Haridas, Harshal S.

    2016-11-22

    A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.

  1. Application of Cyber Security in Industrial Control Systems Based on Security Protection Technology for Electrical Secondary System%电力二次安全防护技术在工业控制系统中的应用

    Institute of Scientific and Technical Information of China (English)

    邹春明; 郑志千; 刘智勇; 陈良汉; 陈敏超

    2013-01-01

    我国电力二次系统安全防护技术已广泛应用并取得了良好的安全防护效果,通用工业控制系统与电力二次系统既有相似性,又存在行业不同的需求差异。文章根据电力二次安全防护技术成果,通过加强工控网络边界的防护强度、对工控通信协议进行深度分析、挖掘工控协议攻击特征模型、建立统一安全管理平台等技术手段,构筑具备纵深防御能力的通用工控信息安全防护系统。通过模拟工控环境和网络攻击等方法对关键部件工控防火墙进行了研究测试,结果表明在保证工控系统授权通信正常运行的前提下,成功拦截了非授权控制命令,具备深度保护工控系统信息安全的能力。因此,该系统可增强工控系统抵御黑客病毒攻击的安全防护能力,并降低由信息安全攻击带来工业设备故障损坏的风险。%Cyber security scheme is used for the secondary electrical systems of power grids in China widely and successfully and favorable security protection effects have been achieved. There is not only the similarity between general industrial control system and the secondary electrical systems in power grids and but also the difference in demand due to the differences among industrial sectors. Based on the achievements in security protection technologies for the secondary electrical systems and by means of such technological means as enhancing the protection for the border of industrial control network, analyzing communication protocols for industrial control in depth, mining attack signature models of industrial control protocol and establishing a unified security management platform and so on, a general security protection system for industrial control information, which possesses the ability of defense in depth, is constructed. Through simulating both industrial control environment and network attack, the industrial control firewall for key components is

  2. Secure estimation and control for cyber-physical systems under adversarial attacks

    CERN Document Server

    Fawzi, Hamza; Diggavi, Suhas

    2012-01-01

    The vast majority of today's critical infrastructure is supported by numerous feedback control loops and an attack on these control loops can have disastrous consequences. This is a major concern since modern control systems are becoming large and decentralized and thus more vulnerable to attacks. This paper is concerned with the estimation and control of linear systems when some of the sensors or actuators are corrupted by an attacker. In the first part we look at the estimation problem where we characterize the resilience of a system to attacks and study the possibility of increasing its resilience by a change of parameters. We then propose an efficient algorithm to estimate the state despite the attacks and we characterize its performance. Our approach is inspired from the areas of error-correction over the reals and compressed sensing. In the second part we consider the problem of designing output-feedback controllers that stabilize the system despite attacks. We show that a principle of separation betwee...

  3. Study on Network Security Architecture for Power Systems

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

  4. An electronically controlled automatic security access gate

    Directory of Open Access Journals (Sweden)

    Jonathan A. ENOKELA

    2014-11-01

    Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

  5. Network security monitoring and anomaly detection in industrial control system networks

    OpenAIRE

    Mantere, M. (Matti)

    2015-01-01

    Abstract Industrial control system (ICS) networks used to be isolated environments, typically separated by physical air gaps from the wider area networks. This situation has been changing and the change has brought with it new cybersecurity issues. The process has also exacerbated existing problems that were previously less exposed due to the systems’ relative isolation. This process of increasing connectivity between devices, systems and persons can be seen as part of a paradigm shift ca...

  6. Security Issues in Distributed Database System Model

    Directory of Open Access Journals (Sweden)

    MD.TABREZ QUASIM

    2013-12-01

    Full Text Available This paper reviews the most common as well as emerging security mechanism used in distributed database system. As distributed database became more popular, the need for improvement in distributed database management system become even more important. The most important issue is security that may arise and possibly compromise the access control and the integrity of the system. In this paper, we propose some solution for some security aspects such as multi-level access control, confidentiality, reliability, integrity and recovery that pertain to a distributed database system.

  7. Distributed security in closed distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    reflected in heterogeneous security aims; the software life cycle entails evolution and this includes security expectations; the distribution is useful if the entire system is “open” to new (a priori unknown) interactions; the distribution itself poses intrinsically more complex security-related problems......, and aim at providing security to each of these individually. The approach taken is by means of access control enforcement mechanisms, providing security to the locations they are related to. We provide a framework for modelling so. All this follows techniques borrowed from the aspect-orientation community....... As this needs to be scaled up to the entire distributed system, we then focus on ways of reasoning about the resulting composition of these individual access control mechanisms. We show how, by means of relying on the semantics of our framework, we can syntactically guarantee some limited set of global security...

  8. A Survey of Security Tools for the Industrial Control System Environment

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Carl M. [Idaho National Lab. (INL), Idaho Falls, ID (United States); McCarty, Michael V. [Idaho National Lab. (INL), Idaho Falls, ID (United States)

    2017-06-12

    This report details the results of a survey conducted by Idaho National Laboratory (INL) to identify existing tools which could be used to prevent, detect, mitigate, or investigate a cyber-attack in an industrial control system (ICS) environment. This report compiles a list of potentially applicable tools and shows the coverage of the tools in an ICS architecture.

  9. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  10. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  11. Information Security Research on Industrial Control SCADA System%工业控制SCADA系统的信息安全研究

    Institute of Scientific and Technical Information of China (English)

    孙伟

    2013-01-01

    SCADA系统的安全已引起了广泛的关注,文章首先介绍了工业控制SCADA系统面临的主要信息安全风险,然后提出了基于总体安全策略、安全技术体系和安全基础设施的SCADA安全防护体系,有效保障了SCADA系统的安全运行。%The security of SCADA system has caused widespread attentions. This paper firstly introduces the main information security risks that industrial control SCADA system faces, then puts forward the SCADA security protection scheme based on the overall security strategy and security technology system, which can effectively guarantee the safe running of the SCADA system.

  12. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  13. Development and Validation of Project Management Constructs of Security Door Access Control Systems: A Pilot Study in Macau

    Directory of Open Access Journals (Sweden)

    Chan Brenda Wing Han

    2016-06-01

    Full Text Available A Security Door Access Control System (SDACS project involves a number of teams from different organizations with diverse project goals. One of the main challenges of such projects is the lack of a standard approach or common understanding to achieve a common goal among project parties. This research examines various management concerns for SDACS projects, highlights the expected common understanding for project participants, develops the project management constructs, and emphasizes on the resulting value of the project to all participants. A two-stage process of scale development and validation was conducted. First, six generic constructs were identified based on the Security Access Control System Framework. Next, a multi-item scale for each construct was developed with reference to the Result-Oriented Management Framework. Expert judges were invited to conduct manual sorting of the items iteratively until reliability and validity was reached. In the next stage, further refinement and validation were carried out with a synthesized survey instrument and a series of statistical testing followed. The finalized SDACS project management constructs and the related findings help reinforce the importance of a standardized management practice for SDACS projects. The value of this research not only benefits SDACS project managers but everyone who works on the project.

  14. Mobile Communication Systems and Security

    CERN Document Server

    Rhee, Man Young

    2009-01-01

    Mobile Communication Systems and Security arms readers with a thorough understanding of all major cellular air-interface technologies and their security layer techniques. Rhee covers the technological development of wireless mobile communications in compliance with each iterative generation up to 3G systems and beyond, with an emphasis on wireless security aspects. By progressing in a systematic manner, presenting the theory and practice of wireless mobile technologies along with various security problems, readers will gain an intimate sense of how mobile systems operate and how to address com

  15. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  16. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  17. Secure computing on reconfigurable systems

    NARCIS (Netherlands)

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the

  18. Secure computing on reconfigurable systems

    NARCIS (Netherlands)

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the a

  19. Security Protection of Automation Control System%自动控制系统的安全防护

    Institute of Scientific and Technical Information of China (English)

    夏毅; 李红春

    2014-01-01

    Today petrochemical company meet with more serious security problem of control system than before,this essay explore the forming reason,threat and characteristic of the security threat. Based on the typical control network architecture,it discussed the principle and the practical plan to avoid the damage resulted from computer virus and hacker entry,moreover it discussed the feasible scheme to crack the sheltering problem for OPC communication puzzle. Great majority of the plans mentioned here are been put into effect on the spot and are valuable for reference and directing.%本文针对石化企业控制系统所面临的安全风险,分析了安全风险的形成、危害和特点,并根据石化企业典型的控制系统网络特点从技术和管理手段两方面论述了规避风险的基本原则和实施方案,并对OPC通讯等安全防护难题进行了具体探讨,提出了可行性措施。本文所叙述方案大多已得到实际应用,并取得明显的防护效果。

  20. Challenges in the Development and Evolution of Secure Open Architecture Command and Control Systems (Briefing Charts)

    Science.gov (United States)

    2013-06-01

    15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as Report (SAR) 18. NUMBER OF PAGES 25 19a. NAME OF...5erfloclllhu:st 5bln]’S pvd /S.blA [ltwt~soc-rt;i\\oco.lho::t s;;b¥.nJi. cd . , J ul~nu:~ [Uveti:~>e~\\ocalhos;t s.etlrNJC]J lSi ..cca-u; cMcl.rii’Frot co~t~-t

  1. SECURE MATHEMATICALLY- ASSURED COMPOSITION OF CONTROL MODELS

    Science.gov (United States)

    2017-09-27

    that is provably secure against many classes of cyber -attack. The goal of the project is to provide verifiable security ; that is, system designs which...architecture of the secure SMACCMcopter, illustrating the attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 46 Failed cyber -attack...approach for building secure software. DARPA initiated the High Assurance Cyber Military Systems (HACMS) program to develop the technologies needed to

  2. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    Energy Technology Data Exchange (ETDEWEB)

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  3. Design of Secure Distributed Intrusion Detection Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Intrusion Detection System (IDS) have received a great deal of attention because of their excellent ability of preventing network incidents. Recently, many efficient approaches have been proposed to improve detection ability of IDS. While the self-protection ability of IDS is relatively worse and easy to be exploited by attackers, this paper gives a scheme of Securely Distributed Intrusion Detection System (SDIDS). This system adopts special measurements to enforce the security of IDS components. A new secure mechanism combining role-based access control and attribute certificate is used to resist attack to communication.

  4. On Information System Security Architecture

    Institute of Scientific and Technical Information of China (English)

    ChunfangJiang; ChaoyuanYue; JianguoZuo

    2004-01-01

    The current studies on security architecture and information system security architecture (ISSA) are surveyed in this paper, and some types and their features of ISSA are discussed. Then, the structural elements of ISSA are analyzed, and the constructing steps for ISSA are proposed.

  5. MMS Based Car Security System

    Directory of Open Access Journals (Sweden)

    Surendra Sot

    2013-03-01

    Full Text Available In This paper “MMS Based Car Security System” is being proposed to solve the issue. It introduces the integration between monitoring and tracking system. Both elements are very crucial in order to have a powerful security system. The system can send SMS and MMS to the owner to have fast response especially if the car is nearby. This paper focuses on using MMS and SMS technology. As soon as there is intrusion detected, first the SMS is sent to master user and the picture of the intruder will be sent via local GSM/GPRS service provider to user (and / or police mail ID. The implementation and testing results show the success of prototype in sending MMS to owner within 30 seconds. The timing and results are suitable to owner and police to take suitable action against intruder. User can also control the module using command. User has to send different SMS to module while configuration of module for master. Master user can be change as per need, only master user can make changes in to the module.

  6. Security analysis of cyber-physical system

    Science.gov (United States)

    Li, Bo; Zhang, Lichen

    2017-05-01

    In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

  7. Dynamic Security and Robustness of Networked Systems: Random Graphs, Algebraic Graph Theory, and Control over Networks

    Science.gov (United States)

    2012-02-28

    IEEE Transactions on Automatic Control (to appear). • A. Chapman and M. Mesbahi, Influence models for consensus-type networks, IEEE Transactions on Automatic Control (to...analysis and synthesis of relative sensing networks, IEEE Transactions on Automatic control , 56 (5): 971-982, 2011. • D. Zelazo and M. Mesbahi, Edge...agreement: graph-theoretic performance bounds and passivity anal- ysis, IEEE

  8. Information security considerations in open systems architectures

    Energy Technology Data Exchange (ETDEWEB)

    Klein, S.A. (Atlantic Research Corp., Rockville, MD (United States)); Menendez, J.N. (Atlantic Research Corp., Hanover, MD (United States))

    1993-02-01

    This paper is part of a series of papers invited by the IEEE POWER CONTROL CENTER WORKING GROUP concerning the changing designs of modern control centers. Papers invited by the Working Group discuss the following issues: Benefits of Openness, Criteria for Evaluating Open EMS Systems, Hardware Design, Configuration Management, Security, Project Management, Data Bases, SCADA, Inter and Intra-System Communications, and Man Machine Interfaces.'' This paper discusses information security and issues related to its achievement in open systems architectures. Beginning with a discussion of the goals of information security and their relation to open systems, the paper provides examples of the threats to electric utility computer systems and the consequences associated with these threats, presents basic countermeasures applicable to all computer systems, and discusses issues specific to open systems architectures.

  9. Strengthening the Security of ESA Ground Data Systems

    Science.gov (United States)

    Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

    2013-08-01

    A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

  10. 核电数字化控制系统安全综述%Control System Security in Nuclear Power Plant

    Institute of Scientific and Technical Information of China (English)

    李江海; 黄晓津

    2012-01-01

    核电站控制系统的数字化和联网化,在提高控制性能、方便操作维护的同时,也带来新的安全漏洞.特别是通用的协议、软件和设备正逐步取代原有的专用系统,这导致系统安全漏洞更容易被利用.而控制系统与现实世界直接相互作用,一旦出现安全问题,将威胁人身健康和环境安全,破坏关键基础设施,甚至危及国家安全.通过详细评述近年来数起与核电相关的控制系统安全事件,总结归纳控制系统安全的重要意义和难点问题.结合现有的研究成果,分析展望了有学术价值的研究方向.%The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed.

  11. Intellectual Bank Locker Security System

    Directory of Open Access Journals (Sweden)

    S.V.Tejesvi

    2016-02-01

    Full Text Available In today's modern world, security plays an important role. Every person has precious accessories like gold, documents or cash. The main goal of this project is to design and implement a bank locker security system based on fingerprint and GSM technology. It reduces wastage of time for both banker as well as customer and provides advanced security. In this system, only authentic persons can recover money or accessories from bank locker. In this system the user’s name, fingerprint and mobile number are enrolled. If the fingerprint matches, then four digit code will be sent to the authorized person’s mobile through GSM modem and the locker door will be opened then, otherwise it will be in locked position and gives an alarm when any mismatch occurs. The sensors will be active during night times to provide security against thefts.

  12. Cloud Computing Security in Business Information Systems

    CERN Document Server

    Ristov, Sasko; Kostoska, Magdalena

    2012-01-01

    Cloud computing providers' and customers' services are not only exposed to existing security risks, but, due to multi-tenancy, outsourcing the application and data, and virtualization, they are exposed to the emergent, as well. Therefore, both the cloud providers and customers must establish information security system and trustworthiness each other, as well as end users. In this paper we analyze main international and industrial standards targeting information security and their conformity with cloud computing security challenges. We evaluate that almost all main cloud service providers (CSPs) are ISO 27001:2005 certified, at minimum. As a result, we propose an extension to the ISO 27001:2005 standard with new control objective about virtualization, to retain generic, regardless of company's type, size and nature, that is, to be applicable for cloud systems, as well, where virtualization is its baseline. We also define a quantitative metric and evaluate the importance factor of ISO 27001:2005 control objecti...

  13. LANSCE radiation security system (RSS)

    Energy Technology Data Exchange (ETDEWEB)

    Gallegos, F.R. [Los Alamos National Lab., NM (United States). Los Alamos Neutron Science Center

    1996-12-31

    The Radiation Security System (RSS) is an engineered safety system which automatically terminates transmission of accelerated ion beams in response to pre-defined abnormal conditions. It is one of the four major mechanisms used to protect people from radiation hazards induced by accelerated pulsed ion beams at the Los Alamos Neutron Science Center (LANSCE). The others are shielding, administrative policies and procedures, and qualified, trained personnel. Prompt radiation hazards at the half-mile long LANSCE accelerator exist due to average beam intensities ranging from 1 milli-amp for H{sup +} beam to 100 micro-amps for the high intensity H{sup {minus}} beam. Experimental programs are supplied with variable energy (maximum 800 MeV), pulse-width (maximum 1 msec), and pulse frequency (maximum 120 Hz) ion beams. The RSS includes personnel access control systems, beam spill monitoring systems, and beam current level limiting systems. It is a stand-alone system with redundant logic chains. A fault of the RSS will cause the insertion of fusible beam plugs in the accelerator low energy beam transport. The design philosophy, description, and operation of the RSS are described in this paper.

  14. Smart Door Lock System: Improving Home Security using Bluetooth Technology

    National Research Council Canada - National Science Library

    Jayant Dabhade; Amirush Javare; Tushar Ghayal; Ankur Shelar; Ankita Gupta

    2017-01-01

      In today's world, smart home control system is necessary in daily life. As the technology is emerging a lot it's time for us to be more technical related to home secure security and easy access to the user...

  15. A Survey on Mobile Payment Systems Security

    Directory of Open Access Journals (Sweden)

    Leila Esmaeili

    2012-09-01

    Full Text Available In recent years, increasing use of mobile devices and the emergence of new technologies have changed mobile commerce and mobile payment in all over the world. Although many attempts have been made to implement secure mobile payment systems and services, growing forgery, fraud and other related electronic crimes as well as security attacks and threats prove the necessity of paying special attention to security issues for development and extension of such systems. In this paper, we investigate classification of security threats and attacks in mobile payment and discuss security issues in three related areas of mobile payment; including network security, transmission security and mobile device security. Network security includes WLAN and WWAN security; transmission security includes WAP, SMS, wave channel and USSD security; and mobile device security includes hardware and software platforms and operating system security.

  16. A secure solution on hierarchical access control

    CERN Document Server

    Wei, Chuan-Sheng; Huang, Tone-Yau; Ong, Yao Lin

    2011-01-01

    Hierarchical access control is an important and traditional problem in information security. In 2001, Wu et.al. proposed an elegant solution for hierarchical access control by the secure-filter. Jeng and Wang presented an improvement of Wu et. al.'s method by the ECC cryptosystem. However, secure-filter method is insecure in dynaminc access control. Lie, Hsu and Tripathy, Paul pointed out some secure leaks on the secure-filter and presented some improvements to eliminate these secure flaws. In this paper, we revise the secure-filter in Jeng-Wang method and propose another secure solutions in hierarchical access control problem. CA is a super security class (user) in our proposed method and the secure-filter of $u_i$ in our solutions is a polynomial of degree $n_i+1$ in $\\mathbb{Z}_p^*$, $f_i(x)=(x-h_i)(x-a_1)...(x-a_{n_i})+L_{l_i}(K_i)$. Although the degree of our secure-filter is larger than others solutions, our solution is secure and efficient in dynamics access control.

  17. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  18. Security Management – Systems Approach

    Directory of Open Access Journals (Sweden)

    Milan Kný

    2015-12-01

    Full Text Available The aim of the contribution is the use of the systems approach to treat security management as a practical field and new scientific discipline. The philosophy of systems approach to the solution of problems generally is an adequate methodological basis even for the theory of management. The path to the real optimization of security situation leads only through the holistic and solid solution. Applications of systems analysis and synthesis back up the fact, that systems approach and systems thinking should not absent in security objects. The truthfulness of the claim, that security management is a well-established discipline, depends on ongoing discussion that represents useful process of development of new scientific discipline. At the same time the rationality of science and systematism works as a counterbalance to irrational fear of the whole society, too. Which questions of security remain open in relation to „our interests“? Current problems of Europe should be solved systematically. It is necessary to define the space of interest (territorially the border of the EU or the Schengen area, to implement the system to the object with respect to the borders of the space, to specify the structure and subjects of decision making and implementation.

  19. Research on Industrial Control System Security Defense%工业控制系统信息安全防护研究

    Institute of Scientific and Technical Information of China (English)

    王昱镔; 陈思; 程楠

    2016-01-01

    Information security situation of industrial control system is grim and cannot be ignored which produces serious threat to social stability and national security. The information security of industrial control system is different from the traditional information security, and the traditional information security is usually not applicable to the field of industrial control system information security. This paper analyzes the characteristics of industrial control system, expounds the current information security situation of industrial control system by analyzing the report produced by the industrial control systems cyber emergency response team of the USA, and puts forward a model of industrial control system security defense which contains the industrial control system security protection system, key technologies and safety life cycle. The research production of security protection system can guide key technologies research and safety life cycle building. The research production of key technologies can be converted into special safety protection products in all stages of the safety life cycle, and provides the corresponding technologies and tools though all stages of the safety life cycle. The model can provide technology and management support for the ifeld of industrial control system information security.%工业控制系统信息安全形势严峻,严重威胁社会稳定和国家安全,不容忽视。工业控制系统信息安全有别于传统信息安全,传统信息安全保障方式经常不适用于工业控制系统信息安全领域。文章研究了工业控制系统的特点,通过分析美国工业控制系统网络应急响应小组的报告,阐述了工业控制系统当前的安全形势,提出了由工业控制系统安全防护体系、关键技术及安全生命周期等部分组成的工业控制系统信息安全防护模型。该模型中安全防护体系的研究成果可指导关键技术研究及安全生命周期建设,

  20. 保安业的发展与社会控制体系的重构%Security Industry Development and Reconstruction of Social Control System

    Institute of Scientific and Technical Information of China (English)

    许博

    2011-01-01

    With economic development and people's increasing demands for security, in terms of social control, the police - oriented social control shows outdated, however, the security company effectively alleviate the problem. Security companies can assist the public security organs to maintain social order and earn good social benefits, they have become a necessary part of social control system. But in reality, how to divide the business scope, responsibilities of power between the security companies and public security organs and how to develop security companies as another part of social control system becomes an urgent issue to have a research.%随着经济发展和人们安全需求的增多,在维护社会秩序方面,警察一元主体的社会控制体系显得有些力不从心,保安服务公司的产生有效地缓解了这个问题。保安服务公司可协助公安机关维护社会秩序、带来良好的社会效益,已成为社会控制体系中不可或缺的部分。但现实中,如何划分保安服务公司与公安机关的业务范围、职责权力,以及保安服务公司能否成为与公安机关并驾齐驱的社会控制体系中的又一主体,是我国社会、经济高速发展中亟待解决的问题。

  1. 反洗钱监测分析系统安全控制的研究与实现%Anti-Money Laundering Monitoring Analysis System of the Security Controls Research and Implementation

    Institute of Scientific and Technical Information of China (English)

    刘军

    2011-01-01

    This paper analyzes the current anti-money laundering monitoring analysis system security control strategy,from the application system security,security access control,security and data security system four aspects gives a detailed strategy or a design.%本文分析了目前反洗钱监测分析系统安全控制的相关策略,从应用系统安全、安全访问控制、运行安全及系统数据安全四个方面给出了详细的策略或设计方案。

  2. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... perspective of the communications between different principals. The notation used in the GSD framework extends that notation with constructs that allow the security requirements of the messages to be described. From that specification, the developer is guided through a semi-automatic translation that enables...... into code that implements the communication skeleton of the system and can then be used by the system designer. New output languages can also easily be added to the GSD framework. Additionally, a prototype of the GSD framework was implemented and an ex-ample of using the GSD framework in a real world system...

  3. Information system security insurance

    OpenAIRE

    Mircea COSMA; Alexandru TATU

    2014-01-01

    Through this paper we intend to show that technological developments in recent decades have created a strong society dependence of the means of communication and information technology. This has been increasingly made aware to ordinary people, but also military and political leaders. Increasing global dependence of sophisticated information systems and interconnection of these can produce significant opportunities and bigger information vulnerabilities. Also technological developments in elec...

  4. Security in Electronic Payment Systems

    Directory of Open Access Journals (Sweden)

    Roxana Turcu

    2014-12-01

    Full Text Available The payment security becomes fundamental in our days. Based on this statement I have decided to deepen this subject and to study the online payment systems and the connection between them. I have observed that this area becomes the hackers’ attraction and I have realized how important the security of the ecommerce is. Also I have done a research of the possible attacks and I have searched for the countermeasures of this attacks. The result of my research is my payment gateway solution presented in the following lines.

  5. Analysis of Network Security for Chinese High-Speed Railway Signal Systems and Proposal of Unified Security Control%高速铁路信号系统网络安全与统一管控

    Institute of Scientific and Technical Information of China (English)

    李赛飞; 闫连山; 郭伟; 郭进; 陈建译; 潘炜; 方旭明

    2015-01-01

    In order to ensure the network security of China's high-speed railway signal system,the network security issues including the central traffic control (CTC ) system,train control system, centralized signal monitoring system and the GSM-R system were analyzed generally. Subsequently a unified network security control and management strategy was proposed based on the software-defined networking (SDN)architecture. The centralized management and unified security policies are achieved in one physical network,and the original control logics between sub-networks including CTC network, train control network and centralized signal monitoring network are all software-defined in the control plane,which enables the finer and unified control of the whole network. Using the logically centralized controller,the unified device register control,communication control and packet traceability are all achieved,thus improving the network security and reducing the management complexity. According to the analysis,the proposed architecture is centrally managed,network programmable and unified of the security policy. The proposed strategy is better than the distributed control network for the management of China's high-speed railway signal system network security and can solve the complex management of networks' interconnection of different security levels.%为了保障我国高速铁路信号系统的网络安全,从高速铁路信号系统的整体架构出发,对系统所面临的网络安全问题进行了全面的分析,涵盖了分散自律调度集中系统、列车运行控制系统、集中监测系统和GSM-R无线通信系统等。在此基础上,提出了基于软件定义网络(SDN)的高速铁路信号系统网络安全统一管控方案,把分散自律调度集中网络、信号安全数据网和集中监测网络通过软件定义的方式进行管控和隔离,实现了对网络流量的精细控制和统一管理,利用逻辑上统一的控制器实现全

  6. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  7. Control E-commerce security

    OpenAIRE

    Wu, Yucheng

    2010-01-01

    Electronic commerce has been very popular in the recent years. However, security is one of the barriers, which affects the development of E-commerce. How should merchants of E-commerce solve this problem and maintain a secure environment for their customers? How do customers protect their confidential data when they are shopping on-line? This thesis discusses various common attacks, and presents the protection solutions according to those attacks. Because attacks may take place on the custome...

  8. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available Military information systems require high levels of security to protect sensitive information within these systems. Encrypted private networks are a common method of securing such systems. However these networks are not always available or practical...

  9. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  10. A Hierarchical Security Architecture for Cyber-Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  11. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  12. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  13. System and Network Security Acronyms and Abbreviations

    Science.gov (United States)

    2009-09-01

    Committee on National Security Systems Instruction CoA care-of address codec coder/ decoder COI conflict of interest COM Component Object Model COOP...ECP Encryption Control Protocol ECPA Electronic Communications Privacy Act EDGE Enhanced Data rates for GSM Evolution EDI electronic data...Generic Routing Encapsulation GRS General Records Schedule GS1 Global Standards One GSA U.S. General Services Administration GSM Global System for

  14. Computer Security: your car, my control

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    We have discussed the Internet of Things (IoT) and its security implications already in past issues of the CERN Bulletin, for example in “Today’s paranoia, tomorrow’s reality” (see here). Unfortunately, tomorrow has come. At this years's Black Hat conference researchers presented their findings on how easily your car can be hacked and controlled remotely. Sigh.   While these researchers have just shown that they can wirelessly hijack a Jeep Cherokee, others have performed similar studies with SmartCars, Fords, a Tesla, a Corvette, BMWs, Chryslers and Mercedes! With the increasing computerisation of cars, the engine management system, air conditioning, anti-lock braking system, electronic stability programme, etc. are linked to the infotainment, navigation and communication systems, opening the door for these vehicles to be hacked remotely. The now prevalent Bluetooth connection with smartphones is one entry vector to attack your car remotely...

  15. Invisible Intelligence Security System (IISS

    Directory of Open Access Journals (Sweden)

    Mubashir Ali,

    2011-06-01

    Full Text Available In this paper an attempt is made to fabricate an imperceptible/ invisible intelligence security system employing auto lock door practice which should distinguish between friend and foe. This is akin to a system which is mandatory to handle the situations resulting from the events like blasts/suicides attacks etc. A unique method of the secretive operated metal sensors system has been presented incorporating initially the Infra Red Transmitter and Infra Red Receiver at the gates for closing/opening purpose and then after the access to scan a human body instead of a having massive scanning system installed at the entrance gate of an organization/establishmentwhich is even indiscernible/ invisible to a human eye. This system will automatically scan a human body while passing above these metal detectors installed beneath the ground. In the event of possession of any kind of metal/weapon or any radioactive material the gate fitted with such system will not be opened automatically rather it will remained closed as retaliation/reprisal against the foe. For a friend to enter the gate this system will make use of password challenging technique which would be already known within the organization securely. Further this manuscript will also address the practical/technical issues confronting in its manifestation.

  16. 33 CFR 127.705 - Security systems.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall... manned television monitoring system is used, to detect— (a) Unauthorized personnel; (b) Fires; and (c...

  17. CC-based Design of Secure Application Systems

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe....

  18. MULTILEVEL RECURRENT MODEL FOR HIERARCHICAL CONTROL OF COMPLEX REGIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Andrey V. Masloboev

    2014-11-01

    Full Text Available Subject of research. The research goal and scope are development of methods and software for mathematical and computer modeling of the regional security information support systems as multilevel hierarchical systems. Such systems are characterized by loosely formalization, multiple-aspect of descendent system processes and their interconnectivity, high level dynamics and uncertainty. The research methodology is based on functional-target approach and principles of multilevel hierarchical system theory. The work considers analysis and structural-algorithmic synthesis problem-solving of the multilevel computer-aided systems intended for management and decision-making information support in the field of regional security. Main results. A hierarchical control multilevel model of regional socio-economic system complex security has been developed. The model is based on functional-target approach and provides both formal statement and solving, and practical implementation of the automated information system structure and control algorithms synthesis problems of regional security management optimal in terms of specified criteria. An approach for intralevel and interlevel coordination problem-solving in the multilevel hierarchical systems has been proposed on the basis of model application. The coordination is provided at the expense of interconnection requirements satisfaction between the functioning quality indexes (objective functions, which are optimized by the different elements of multilevel systems. That gives the possibility for sufficient coherence reaching of the local decisions, being made on the different control levels, under decentralized decision-making and external environment high dynamics. Recurrent model application provides security control mathematical models formation of regional socioeconomic systems, functioning under uncertainty. Practical relevance. The model implementation makes it possible to automate synthesis realization of

  19. Security Communication Model of Wireless Trade System

    Institute of Scientific and Technical Information of China (English)

    ZHANG Wen-kai; ZHANG Si-yu

    2005-01-01

    This paper proposes a C/S system model for K Java and PDA named Net-Wireless. It is a discussion and proposal on information security and solutions for K-Java handsets and PDAs in wireless network. It also explains the scheme which between client security module and server security module. Also, We have developed a Security Server and a K-Java encryption module for e-commerce system and other trade systems.

  20. Security for cloud storage systems

    CERN Document Server

    Yang, Kan

    2014-01-01

    Cloud storage is an important service of cloud computing, which offers service for data owners to host their data in the cloud. This new paradigm of data hosting and data access services introduces two major security concerns. The first is the protection of data integrity. Data owners may not fully trust the cloud server and worry that data stored in the cloud could be corrupted or even removed. The second is data access control. Data owners may worry that some dishonest servers provide data access to users that are not permitted for profit gain and thus they can no longer rely on the servers

  1. Information Systems, Security, and Privacy,

    Science.gov (United States)

    1983-11-01

    media reported the Security Pacific National Bank as having diverted a presumed penetrator by offering him a game to play while tracing the origin of the...malfeasance by operators, but they do not exist in marketed machines. Even the procedure of two-person control as used by the military would be a deterrent...flivortodl much le-s- poop1o tim’ from1 ’,he J,11 !1111 nIiv o’ 1’ r. mo,<) it0r-or soial Icomnirli ct ion. Certainly there- are manaigemenit pro:’i’...in in

  2. NASA Electronic Library System (NELS): The system impact of security

    Science.gov (United States)

    Mcgregor, Terry L.

    1993-01-01

    This paper discusses security issues as they relate to the NASA Electronic Library System which is currently in use as the repository system for AdaNET System Version 3 (ASV3) being operated by MountainNET, Inc. NELS was originally designed to provide for public, development, and secure collections and objects. The secure feature for collections and objects was deferred in the initial system for implementation at a later date. The NELS system is now 9 months old and many lessons have been learned about the use and maintenance of library systems. MountainNET has 9 months of experience in operating the system and gathering feedback from the ASV3 user community. The user community has expressed an interest in seeing security features implemented in the current system. The time has come to take another look at the whole issue of security for the NELS system. Two requirements involving security have been put forth by MountainNET for the ASV3 system. The first is to incorporate at the collection level a security scheme to allow restricted access to collections. This should be invisible to end users and be controlled by librarians. The second is to allow inclusion of applications which can be executed only by a controlled group of users; for example, an application which can be executed by librarians only. The requirements provide a broad framework in which to work. These requirements raise more questions than answers. To explore the impact of these requirements a top down approach will be used.

  3. Research on wireless network security architecture of industrial control system%工业控制系统无线网络安全体系的研究

    Institute of Scientific and Technical Information of China (English)

    曲家兴; 周莹; 王希忠; 张清江

    2013-01-01

    随着我国工业化和信息化的深度融合以及物联网的快速发展,工业控制系统的信息安全已经上升到国家的战略安全.特别是在恶劣的工业现场环境应用的工业无线网络,更容易遇到各种各样的风险和安全威胁,这使得安全性成为无线网络正常通信的关键问题.文中介绍了工业控制系统无线网络技术,分析了工业控制系统无线网络面临的安全威胁,研究了ISA100.11a网络、无线HART网络和WIA-PA网络的安全架构,同时,对这三种安全体系进行了比较和分析.%With the combination of industrialization and informatization as well as the rapid development of Internet of Things in China, information security of industrial control system (ICS) has been promoted to the state' s strategy security. Industrial wireless network, which is often applied in abominable industrial environment, is more likely to confront various risks and security threats. Therefore, security has become the key to the normal correspondence of wireless network. This paper introduces the wireless network technology of ICS, analyzes the security threats faced by ICS, researches in the security architecture of wireless HART network, ISA100.11a network and WIAPA network and finally makes a comparative analysis of the three architecture.

  4. Efficient Controlled Quantum Secure Direct Communication Protocols

    Science.gov (United States)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-07-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  5. Threats to financial system security

    Energy Technology Data Exchange (ETDEWEB)

    McGovern, D.E.

    1997-06-01

    The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

  6. Hacker tracking Security system for HMI

    Science.gov (United States)

    Chauhan, Rajeev Kumar

    2011-12-01

    Conventional Supervisory control and data Acquisition (SCADA) systems use PC, notebook, thin client, and PDA as a Client. Nowadays the Process Industries are following multi shift system that's why multi- client of different category have to work at a single human Machine Interface (HMI). They may hack the HMI Display and change setting of the other client. This paper introduces a Hacker tracking security (HTS) System for HMI. This is developed by using the conventional and Biometric authentication. HTS system is developed by using Numeric passwords, Smart card, biometric, blood flow and Finger temperature. This work is also able to identify the hackers.

  7. Port Security: Container Cargo Control

    Directory of Open Access Journals (Sweden)

    Vladivoj Vlaković

    2006-05-01

    Full Text Available illicittrafficking of threat materials, especially explosives, chemicalsubstances and radioactive or nuclear material. The transportof the threat materials by using sea routes is an advantageto te"orists especially because of the possible use of ship containers.The container is the basis of world trade. It is assumed thatthe world total movement in containers is about 200 millionTEUs ("20-foot equivalent units" per year. The list of materialstransported by containers which should be subject to inspectionwith the aim of reducing the acts of te"orism includes explosives,narcotics, chemical weapons, hazardous chemicalsand radioactive materials.Of special interest is nuclear te"orism. The risk of nuclearte"orism carried out by sub-national groups should be considerednot only in the construction and/or use of nuclear device,but also in possible radioactive contamination of large urbanareas.The system of ship containers control is an essential componentof «smart border» concept. Modem personnel, parcel,vehicle and cargo inspection systems are non-invasive imagingtechniques based on the use of nuclear analytical techniques.The inspection systems use penetrating radiations: hard x-rays(300 keV or more or gamma-rays from radioactive sources(137Cs and 60Co with energies from 600 to 1300 keV that producea high resolution radiograph of the load. Unfortunately,this information is "non-specific" in that it gives no informationon the nature of objects that do not match_ the travel documentsand are not recognized by a visual analysis of the radiographicpicture. Moreover, there are regions of the containerwherex and gamma-ray systems are "blind" due to the high averageatomic number of the objects i"adiated that appear asblack spots in the radiographic image.The systems being developed are based on the use of fast, 14Me V, neutrons with detection of associated a-particle from nuclearreactionbywhichneutrons are produced (d+t>a+n.Jnsuch a way the possibility to

  8. SECURITY SYSTEMS FOR MARITIME HARBOUR

    Directory of Open Access Journals (Sweden)

    Georgică SLĂMNOIU

    2010-11-01

    Full Text Available Infrastructure protection objectives are at the top of the agenda of those responsible in the European Union. Currently Romania is one of the countries on its eastern border of the Union and this has special implications in terms of security measures that are required to be implemented. Ships and harbours are important current conflict stage. An integrated system of protection of harbours must be prepared in advance in order to continuously provide information that will increase the overall performance of the intervention forces.

  9. Securing the Domain Name System

    OpenAIRE

    Massey, Daniel; Denning, Dorothy E.

    2009-01-01

    The article of record as published may be located at http://dx.doi.org/10.1109/MSP.2009.121 The Domain Name System (DNS) is a critical part of the Internet infrastructure. Virtually every Internet application depends on some form of DNS data, yet access to and the reliability of that data aren't assured. DNS attacks and abuses, meanwhile, are increasingly common and sophisticated. Part of the problem is that security wasn't a major goal of the original DNS design. The DNS community has...

  10. Intrusion Detection System: Security Monitoring System

    Directory of Open Access Journals (Sweden)

    ShabnamNoorani,

    2015-10-01

    Full Text Available An intrusion detection system (IDS is an ad hoc security solution to protect flawed computer systems. It works like a burglar alarm that goes off if someone tampers with or manages to get past other security mechanisms such as authentication mechanisms and firewalls. An Intrusion Detection System (IDS is a device or a software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.Intrusion Detection System (IDS has been used as a vital instrument in defending the network from this malicious or abnormal activity..In this paper we are comparing host based and network based IDS and various types of attacks possible on IDS.

  11. An Analysis on Security Control of Voltage Stability in Power System%电力系统电压稳定的安全控制

    Institute of Scientific and Technical Information of China (English)

    纳生成

    2015-01-01

    电力系统电压稳定的安全控制工作非常重要,影响电力系统电压稳定的因素包括电压调节能力、电力系统负荷特点、输电线路电力稳定限度等,在实际工作中,要积极提高电网工作人员的专业素质,进一步提高电力系统输电线路的设计水平,建立健全对电压安全进行监控和调节的制度,以确保电力系统的电压保持稳定运行的状态.%Security control on voltage stability in power system is very important,factors impact the voltage stability of power system includes voltage regulation capacity,loading characteristics of power system,the limit of electric stability of transmission line.In practical operation,it is necessary to improve the professional quality of personnel,further improve the design level of transmission line of the power system,establish and improve system to supervise and control the security of voltage,so as to ensure the voltage of the power system in a stable working environment.

  12. Tactical Automated Security System Air Force expeditionary security

    Science.gov (United States)

    Butler, Ken

    2002-08-01

    The US Air Force's TASS (Tactical Automated Security System) program has been in existence since 1996. The TASS program meets the growing need to supplement security personnel with modern technology, when these forces are deployed around the world. TASS combines five equipment elements into an integrated security solution, providing both a detection and an assessment capability. TASS does this in a way which maximizes the mobility and user friendliness objectives of the system. In this paper, we will take a closer look at TASS. We will examine the concepts that drive the TASS development process. We will provide an overview of the TASS technical elements, and provide a roadmap for further development of those elements. Finally, we will provide recommendations to security providers who aim to have their products included in the TASS baseline of equipment.

  13. Systems and technologies for enhanced coastal maritime security

    Science.gov (United States)

    Carapezza, Edward M.; Bucklin, Ann

    2008-04-01

    This paper describes a design for an innovative command and control system for an intelligent coastal maritime security system. The architecture for this intelligent coastal maritime security system is derived from the forth generation real-time control (RCS) system architecture1 developed by the National Institute of Science and Technology (NIST) over the past twenty years. This command and control system is a decision support system for real-time monitoring, response and training for security scenarios that can be hosted at various locations along the coast of the United States where homeland security surveillance and response activities are required. Additionally, this paper describes the design for a derivative real-time simulation based environment that can be used as a state-of-art test bed for developing new hardware and software components to be integrated into previous versions of deployed real-time control systems.

  14. Control of the private security sector in foreign countries

    Directory of Open Access Journals (Sweden)

    Stajić Ljubomir

    2012-01-01

    Full Text Available All modern states today have organized and regulated system of security that includes different role of private security sector which is defined and limited by law. The law represents the basis and limits the activities of all social subjects including the private security sector. Today, legal regulation of private security industry has gone very far in modern democratic societies. So-called model of control through the contract with the business model is abandoned and approach to the model of control by the state is accepted. The new model has almost the same elements used by the state when it comes to controlling the public sector or the police. Analyses indicate that issues related to the control of the private security can be legally regulated in a manner that is typically European, but also have an entirely different approach and variety of combinations that regulate the functioning of private security sector respecting national characteristics. The paper represents the main principles of control of private security abroad with special emphasis on the possible role of international law.

  15. DOE integrated safeguards and security (DISS) system a nation-wide distributed information system for personnel security

    Energy Technology Data Exchange (ETDEWEB)

    Block, B.

    1997-06-05

    DISS uses secure client-server and relational database technology across open networks to address the problems of security clearance request processing and tracking of security clearances for the Department of energy. The system supports the entire process from data entry by the prospective clearance holders through tracking of all DOE clearances, and use of standard DOE badges in automated access control systems throughout the DOE complex.

  16. Access control, security, and trust a logical approach

    CERN Document Server

    Chin, Shiu-Kai

    2010-01-01

    Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

  17. Electronic security systems better ways to crime prevention

    CERN Document Server

    Walker, Philip

    2013-01-01

    Electronic Security Systems: Better Ways to Crime Prevention teaches the reader about the application of electronics for security purposes through the use of case histories, analogies, anecdotes, and other related materials. The book is divided into three parts. Part 1 covers the concepts behind security systems - its objectives, limitations, and components; the fundamentals of space detection; detection of intruder movement indoors and outdoors; surveillance; and alarm communication and control. Part 2 discusses equipments involved in security systems such as the different types of sensors,

  18. Efficient Controlled Quantum Secure Direct Communication Protocols

    OpenAIRE

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Prasanta K. Panigrahi

    2015-01-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete...

  19. Nevada National Security Site Radiological Control Manual

    Energy Technology Data Exchange (ETDEWEB)

    Radiological Control Managers’ Council

    2012-03-26

    This document supersedes DOE/NV/25946--801, 'Nevada Test Site Radiological Control Manual,' Revision 1 issued in February 2010. Brief Description of Revision: A complete revision to reflect a recent change in name for the NTS; changes in name for some tenant organizations; and to update references to current DOE policies, orders, and guidance documents. Article 237.2 was deleted. Appendix 3B was updated. Article 411.2 was modified. Article 422 was re-written to reflect the wording of DOE O 458.1. Article 431.6.d was modified. The glossary was updated. This manual contains the radiological control requirements to be used for all radiological activities conducted by programs under the purview of the U.S. Department of Energy (DOE) and the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO). Compliance with these requirements will ensure compliance with Title 10 Code of Federal Regulations (CFR) Part 835, 'Occupational Radiation Protection.' Programs covered by this manual are located at the Nevada National Security Site (NNSS); Nellis Air Force Base and North Las Vegas, Nevada; Santa Barbara and Livermore, California; and Andrews Air Force Base, Maryland. In addition, fieldwork by NNSA/NSO at other locations is covered by this manual. Current activities at NNSS include operating low-level radioactive and mixed waste disposal facilities for United States defense-generated waste, assembly and execution of subcritical experiments, assembly/disassembly of special experiments, the storage and use of special nuclear materials, performing criticality experiments, emergency responder training, surface cleanup and site characterization of contaminated land areas, environmental activity by the University system, and nonnuclear test operations, such as controlled spills of hazardous materials at the Hazardous Materials Spill Center. Currently, the major potential for occupational radiation exposure is associated with the burial of

  20. Office Automation System and Its Security Design

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Analyzing the specialties of OAS network based on Internet/Intranet, aiming to these specialties design the OAS network's system structure. Analyzing the security threats that the OAS network faces to and the possible attacking means. This paper puts forward five security tactics and security design in detail, and a sensible conclusion is proposed at last.

  1. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  2. Secure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines

    Directory of Open Access Journals (Sweden)

    S. Batool

    2014-05-01

    Full Text Available In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very important. Realizing and testing non functional requirements such as efficiency, portability and security, at model level strengthens the ability of model to turn down risk, cost and probability of system failure in cost effective way. Access control is most widely used technique for implementing security in software systems. Existing approaches for security modeling focus on representation of access control policies such as authentication, role based access control by introducing security oriented model elements through extension in Unified Modelling Language (UML. But doing so hinders the potential and application of MBT techniques to verify these models and test access control policies. In this research we introduce a technique secure State UML to formally design security models with secure UML and then transform it to UML state machine diagrams so that it can be tested, verified by existing MBT techniques. By applying proposed technique on case studies, we found the results that MBT techniques can be applied on resulting state machine diagrams and generated test paths have potential to identify the risks associated with security constraints violation.

  3. Honeypot based Secure Network System

    Directory of Open Access Journals (Sweden)

    Yogendra Kumar Jain

    2011-02-01

    Full Text Available A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. There has been great amount of work done in the field of networkintrusion detection over the past three decades. With networks getting faster and with the increasing dependence on the Internet both at the personal and commercial level, intrusion detection becomes a challenging process. The challenge here is not only to be able to actively monitor large numbers of systems, but also to be able to react quickly to different events. Before deploying a honeypot it is advisable to have a clear idea of what the honeypot should and should not do. There should be clear understandingof the operating systems to be used and services (like a web server, ftp server etc a honeypot will run. The risks involved should be taken into consideration and methods to tackle or reduce these risks should be understood. It is also advisable to have a plan on what to do should the honeypot be compromised. In case of production honeypots, a honeypot policy addressing security issues should be documented. Any legal issues with respect to the honeypots or their functioning should also be taken into consideration. In this paper we explain the relatively new concept of “honeypot.” Honeypots are a computer specifically designed to help learn the motives, skills and techniques of the hacker community and also describes in depth the concepts of honeypots and their contribution to the field of network security. The paper then proposes and designs an intrusion detection tool based on some of the existing intrusion detection techniques and the concept of honeypots.

  4. Secure system design and trustable computing

    CERN Document Server

    Potkonjak, Miodrag

    2016-01-01

    This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

  5. BWS Open System Architecture Security Assessment

    Directory of Open Access Journals (Sweden)

    Cristian Ionita

    2011-12-01

    Full Text Available Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and the security features implemented by the platform and presents examples of how the security of such systems can be enhanced using the extension mechanism.

  6. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Hsien-Hsin S

    2010-05-11

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  7. S3A: Secure System Simplex Architecture for Enhanced Security of Cyber-Physical Systems

    CERN Document Server

    Mohan, Sibin; Betti, Emiliano; Yun, Heechul; Sha, Lui; Caccamo, Marco

    2012-01-01

    Until recently, cyber-physical systems, especially those with safety-critical properties that manage critical infrastructure (e.g. power generation plants, water treatment facilities, etc.) were considered to be invulnerable against software security breaches. The recently discovered 'W32.Stuxnet' worm has drastically changed this perception by demonstrating that such systems are susceptible to external attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic execution behavior, to detect an intrusion within 0.6 {\\mu}s while still guaranteeing the safety of the plant. We also show that even if an attack is successful, the overall state of the physical system will still remain safe. Even if the operating system's administrative privileges have been compromised, our architecture will still be able to protect the physical system from coming to harm.

  8. Integrated safeguards & security for material protection, accounting, and control.

    Energy Technology Data Exchange (ETDEWEB)

    Duran, Felicia Angelica; Cipiti, Benjamin B.

    2009-10-01

    Traditional safeguards and security design for fuel cycle facilities is done separately and after the facility design is near completion. This can result in higher costs due to retrofits and redundant use of data. Future facilities will incorporate safeguards and security early in the design process and integrate the systems to make better use of plant data and strengthen both systems. The purpose of this project was to evaluate the integration of materials control and accounting (MC&A) measurements with physical security design for a nuclear reprocessing plant. Locations throughout the plant where data overlap occurs or where MC&A data could be a benefit were identified. This mapping is presented along with the methodology for including the additional data in existing probabilistic assessments to evaluate safeguards and security systems designs.

  9. An Effective Security Mechanism for M-Commerce Applications Exploiting Ontology Based Access Control Model for Healthcare System

    OpenAIRE

    S.M. Roychoudri; Dr. M. Aramudhan

    2016-01-01

    Health organizations are beginning to move mobile commerce services in recent years to enhance services and quality without spending much investment for IT infrastructure. Medical records are very sensitive and private to any individuals. Hence effective security mechanism is required. The challenges of our research work are to maintain privacy for the users and provide smart and secure environment for accessing the application. It is achieved with the help of personalization. Internet has pr...

  10. Literature Survey on Door Lock Security Systems

    National Research Council Canada - National Science Library

    Pradnya R Nehete; J P Chaudhari; S R Pachpande; K P Rane

    2016-01-01

    .... Due to the advancement in recent techniques, some door lock security systems are based on microcontroller, GSM, GPS, many sensors, software like MATLAB, PROTEUS, biometrics like face recognition...

  11. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  12. A Survey on Mobile Payment Systems Security

    OpenAIRE

    Leila Esmaeili; Zeinab Borhani-Fard; Mohammad Ali Arasteh

    2012-01-01

    In recent years, increasing use of mobile devices and the emergence of new technologies have changed mobile commerce and mobile payment in all over the world. Although many attempts have been made to implement secure mobile payment systems and services, growing forgery, fraud and other related electronic crimes as well as security attacks and threats prove the necessity of paying special attention to security issues for development and extension of such systems. In this paper, we investigate ...

  13. Control Mechanism and Security Region for Intentional Islanding Transition

    DEFF Research Database (Denmark)

    Chen, Yu; Xu, Zhao; Østergaard, Jacob

    2009-01-01

    This paper investigates the control mechanism for intentional islanding transition, when a Low Voltage (LV) or Medium Voltage (MV) distribution system, which is usually under grid connection mode, is supposed to be separated from the upstream grid, due to either maintenance or a disturbance...... in the grid. The concept of Islanding Security Region (ISR) has been proposed as an organic composition of the developed control mechanism. The purpose of this control mechanism is to maintain the frequency stability and eventually the security of power supply to the customers, by utilizing resources from...

  14. Security Problem of Communication in CORBA System

    Directory of Open Access Journals (Sweden)

    Jedrzej Byrski

    2002-01-01

    Full Text Available CORBA standard defines the mechanisms of shearing services. The key rule plays ORB (Object Request Broker which enables location of suitable server and transparent communication between client and server: This paper presents problems connected with security during communication between ORB systems. In the CORBA system the objects are identified by IOR (Interoperable Object Reference. For T CP/IP it contains IP server address, port and object key. Filtration may use such information as: type of communicate, IP address of client, object key to which client wants to access, type of operation, clients principal. In proposed implementation the firewall works as CORBA server and cooperates with half bridge. It is registered in ORB system and provides the controlling functions for entering packages by IDL interface. In the paper also the structure of filtering module is presented. Its main part is ACL (Access Control Lisa with rules of access. The performance evaluation results are also presented.

  15. Automated Analysis of Security in Networking Systems

    DEFF Research Database (Denmark)

    Buchholtz, Mikael

    2004-01-01

    will both help raise the general level of awareness of the problems and prevent the most basic flaws from occurring. This thesis contributes to the development of such tools. Networking systems typically try to attain secure communication by applying standard cryptographic techniques. In this thesis......-experts users. The feasibility of the techiques is illustrated by a proof-of-concept implementation of a control ow analysis developed for LySa. From a techincal point of view, this implementation also interesting because it encodes in nite sets of algebraic terms, which denote encryption, as a nite number...

  16. Secret-involved Information System Security Audit

    Institute of Scientific and Technical Information of China (English)

    ZHANG; Ya-lan

    2015-01-01

    Secret-involved information system security audit is a network security technology developing rapidly in recent years.It uses various technical to detect the problem of secret-involved information system,and uses certain audit methods to analyze all kinds of suspicious behavior and irregularities.

  17. Controlled quantum teleportation and secure direct communication

    Institute of Scientific and Technical Information of China (English)

    Gao Ting; Yan Feng-Li; Wang Zhi-Xi

    2005-01-01

    We present a controlled quantum teleportation protocol. In the protocol, quantum information of an unknown state of a 2-level particle is faithfully transmitted from a sender Alice to a remote receiver Bob via an initially shared triplet of entangled particles under the control of the supervisor Charlie. The distributed entangled particles shared by Alice, Bob and Charlie function as a quantum information channel for faithful transmission. We also propose a controlled and secure direct communication scheme by means of this teleportation. After ensuring the security of the quantum channel, Alice encodes the secret message directly on a sequence of particle states and transmits them to Bob supervised by Charlie using this controlled quantum teleportation. Bob can read out the encoded message directly by the measurement on his qubit. In this scheme, the controlled quantum teleportation transmits Alice's message without revealing any information to a potential eavesdropper. Because there is not a transmission of the qubit carrying the secret message between Alice and Bob in the public channel, it is completely secure for controlled and direct secret communication if perfect quantum channel is used. The special feature of this scheme is that the communication between two sides depends on the agreement of a third side to co-operate.

  18. Security Design of Remote Maintenance Systems for Nuclear Power Plants Based on ISO/IEC 15408

    Science.gov (United States)

    Watabe, Ryosuke; Oi, Tadashi; Endo, Yoshio

    This paper presents a security design of remote maintenance systems for nuclear power plants. Based on ISO/IEC 15408, we list assets to be protected, threats to the assets, security objectives against the threats, and security functional requirements that achieve the security objectives. Also, we show relations between the threats and the security objectives, and relations between the security objectives and the security functional requirements. As a result, we concretize a necessary and sufficient security design of remote maintenance systems for nuclear power plants that can protect the instrumentation and control system against intrusion, impersonation, tapping, obstruction and destruction.

  19. Integrated security systems design a complete reference for building enterprise-wide digital security systems

    CERN Document Server

    Norman, Thomas L

    2014-01-01

    Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

  20. Applied computation and security systems

    CERN Document Server

    Saeed, Khalid; Choudhury, Sankhayan; Chaki, Nabendu

    2015-01-01

    This book contains the extended version of the works that have been presented and discussed in the First International Doctoral Symposium on Applied Computation and Security Systems (ACSS 2014) held during April 18-20, 2014 in Kolkata, India. The symposium has been jointly organized by the AGH University of Science & Technology, Cracow, Poland and University of Calcutta, India. The Volume I of this double-volume book contains fourteen high quality book chapters in three different parts. Part 1 is on Pattern Recognition and it presents four chapters. Part 2 is on Imaging and Healthcare Applications contains four more book chapters. The Part 3 of this volume is on Wireless Sensor Networking and it includes as many as six chapters. Volume II of the book has three Parts presenting a total of eleven chapters in it. Part 4 consists of five excellent chapters on Software Engineering ranging from cloud service design to transactional memory. Part 5 in Volume II is on Cryptography with two book...

  1. Design Methodologies for Secure Embedded Systems

    CERN Document Server

    Biedermann, Alexander

    2011-01-01

    Embedded systems have been almost invisibly pervading our daily lives for several decades. They facilitate smooth operations in avionics, automotive electronics, or telecommunication. New problems arise by the increasing employment, interconnection, and communication of embedded systems in heterogeneous environments: How secure are these embedded systems against attacks or breakdowns? Therefore, how can embedded systems be designed to be more secure? And how can embedded systems autonomically react to threats? Facing these questions, Sorin A. Huss is significantly involved in the exploration o

  2. E-Commerce Privacy and Security System

    Directory of Open Access Journals (Sweden)

    Kuldeep Kaur

    2015-05-01

    Full Text Available The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and emarketing will be increase.

  3. Sustainable Food Security Measurement: A Systemic Methodology

    Science.gov (United States)

    Findiastuti, W.; Singgih, M. L.; Anityasari, M.

    2017-04-01

    Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

  4. An Efficient Secure Real-Time Concurrency Control Protocol

    Institute of Scientific and Technical Information of China (English)

    XIAO Yingyuan; LIU Yunsheng; CHEN Xiangyang

    2006-01-01

    Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time performance significantly.

  5. Secure Automated Microgrid Energy System

    Science.gov (United States)

    2016-12-01

    Architecture SPPI Smart Power Purchase Initiative TOPR Task Order Proposal Request UEOC Utility and Energy Operations Center UCSD...including scenario analysis based on data acquired during the operational phases in San Diego, augmented with relevant time series data for weather . B... architecture ; • Integrating energy management functions on a cyber-secure platform to meet current Navy security standards, and be adaptable and scalable for

  6. Switching Of Security Lighting System Using Gsm

    Directory of Open Access Journals (Sweden)

    Bakare, B. I

    2015-01-01

    Full Text Available This paper shows how ATMEGA168 microcontroller can be used to remotely control security lighting via Short Message Service (SMS from a Global System for Mobile Communication (GSM phone anywhere outside the home. A Mobile phone is configured to transmit SMS signal to a home-based GSM modem. The GSM Modem then sends the received SMS to a ATMEGA168 microcontroller. The Microcontroller accesses the received SMS and Changes the State of the appliances if the received signal aggresses with a pre - set code. When this is done, the microcontroller then sends signal to the GSM modem which in turn send back a reply to the mobile phone via SMS. The system utilizes a LCD display with resolution of 96*64 using PCD8544 Driver/Controller to display the ON/OFF state of the lighting device.

  7. Applying New Network Security Technologies to SCADA Systems.

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P; Chavez, Adrian R.

    2006-11-01

    Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators. 4This page intentionally left blank.

  8. UGV: security analysis of subsystem control network

    Science.gov (United States)

    Abbott-McCune, Sam; Kobezak, Philip; Tront, Joseph; Marchany, Randy; Wicks, Al

    2013-05-01

    Unmanned Ground vehicles (UGVs) are becoming prolific in the heterogeneous superset of robotic platforms. The sensors which provide odometry, localization, perception, and vehicle diagnostics are fused to give the robotic platform a sense of the environment it is traversing. The automotive industry CAN bus has dominated the industry due to the fault tolerance and the message structure allowing high priority messages to reach the desired node in a real time environment. UGVs are being researched and produced at an accelerated rate to preform arduous, repetitive, and dangerous missions that are associated with a military action in a protracted conflict. The technology and applications of the research will inevitably be turned into dual-use platforms to aid civil agencies in the performance of their various operations. Our motivation is security of the holistic system; however as subsystems are outsourced in the design, the overall security of the system may be diminished. We will focus on the CAN bus topology and the vulnerabilities introduced in UGVs and recognizable security vulnerabilities that are inherent in the communications architecture. We will show how data can be extracted from an add-on CAN bus that can be customized to monitor subsystems. The information can be altered or spoofed to force the vehicle to exhibit unwanted actions or render the UGV unusable for the designed mission. The military relies heavily on technology to maintain information dominance, and the security of the information introduced onto the network by UGVs must be safeguarded from vulnerabilities that can be exploited.

  9. Information Security / 2002 Command & Control Research & Technology Symposium

    OpenAIRE

    Buddenberg, Rex

    2002-01-01

    Approved for public display, distribution unlimited 2002 Command & Control Research & Technology Symposium, Naval Postgraduate School, Code IS/Bu, Monterey,CA,93943 Security in information systems is a complex problem. Single solutions to complex problems don't exist and matching the appropriate solution (or more accurately, a set of solutions) to a requirement is necessary.

  10. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  11. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  12. Crew goal setting for security control

    OpenAIRE

    Wetter, Olive Emil; Hofer, Franziska; Jonas, Klaus

    2013-01-01

    This study investigated the effectiveness, efficiency, and robustness of simple goal setting in airport security control. As outcome, crew performance in terms of productivity (Experiment 1, field setting) was studied. Furthermore, the moderating role of negative and positive priming due to a previous task on the impact of goals (Experiment 2, laboratory setting) was analyzed. This research builds a bridge from goal setting theory to practice and prepares the grounds for its application in se...

  13. Robotic systems for homeland security

    Science.gov (United States)

    Esser, Brian; Miller, Jon; Huston, Dryver R.; Bourn, Phil

    2004-07-01

    This paper will present the concept of utilizing various mobile robotic platforms for homeland security. Highly specialized mobile robots equipped with the proper sensors and data processing capabilities have the ability to provide security and surveillance for a wide variety of applications. Large infrastructure components, such as bridges, pipelines, dams, and electrical power grids pose severe challenges for monitoring, surveillance, and protection against man-made and natural hazards. The structures are enormous, often with awkward and dangerous configurations that make it difficult, if not impossible, for continuous human surveillance. Properly outfitted robots have the potential to provide long-term surveillance without requiring continuous human supervision. Furthermore, these robotic platforms can have disaster mitigation capabilities such as evaluation of infrastructure integrity at the disaster site. The results presented will include proof-of-concept robotic platforms equipped with various sensor arrays, as well as discussion of design criteria for numerous homeland security applications.

  14. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  15. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  16. The Secure Electronic Voting System for Absentee

    OpenAIRE

    Her, Yong-Sork; Sakurai, Kouichi

    2002-01-01

    In this paper, we propose the absentee e-voting system based on security, completeness and verifiability. We use r-th residue cryptography for homomorphic encryption, ZKIP (Zero-Knowledge interactive proofs), RSA algorithm for the secure absentee e-voting.

  17. Robust Security System for Critical Computers

    Directory of Open Access Journals (Sweden)

    Preet Inder Singh

    2012-06-01

    Full Text Available Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used, but this system having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity, efficiency or in terms of security. In this paper a simple method is developed that provide more secure and efficient means of authentication, at the same time simple in design for critical systems. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by merging various security systems with each other i.e password based security with keystroke dynamic, thumb impression with retina scan associated with the users. This new method is centrally based on user behavior and users related security system, which provides the robust security to the critical systems with intruder detection facilities.

  18. Method for secure electronic voting system: face recognition based approach

    Science.gov (United States)

    Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

    2017-06-01

    In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

  19. Home Security System Using Gsm Modem

    Directory of Open Access Journals (Sweden)

    Mehek Potnis

    2015-04-01

    Full Text Available This paper mainly focuses on using wireless technology effectively for security. The system is SMS-based and uses wireless technology to revolutionize the standards of living. It uses a GSM Modem to send an SMS to the home owner in case of an intrusion. The project is realized by interfacing an infrared trans-receiver with an ATMEGA16 microcontroller and a GSM Module. As the system uses GSM technology, it provides ubiquitous access to the system for security.

  20. Situated Usability Testing for Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Greitzer, Frank L.

    2011-03-02

    While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused on matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.

  1. Situated Usability Testing for Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Greitzer, Frank L.

    2011-03-02

    While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused on matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.

  2. Banking Information System Security Risk Analysis and Control Measures%银行信息系统安全风险分析与控制对策

    Institute of Scientific and Technical Information of China (English)

    张春明; 燕辉

    2012-01-01

    银行是金融产业的核心构成,银行内部经营管理水平关系着社会产业结构的变动,对金融业经济实现效益增收有着较大的影响。信息时代背景下计算机技术在银行信息系统管理中的运用更加普遍,促进了银行内部办公自动化模式的形成。由于计算机系统自身存在漏洞及操作缺陷,往往导致银行信息系统承受着巨大的安全风险,不利于其长期性的市场经营。针对这一点,本文主要分析了银行信息系统安全风险的成因及控制策略。%Bank constitute the core of the financial industry, the bank management level relationships within the industrial structure of society changes, the financial sector to achieve economic benefits of income has a greater impact. The context of the information age of computer technology in the banking information system management application more generally, to promote the bank's internal model of the formation of office automation. As the computer operating system itself is flawed and defective, often leads to bank information systems are under enormous security risk, detrimental to their long-term market operations. On this point, this paper analyzes the banking information system security risk causes and control strategies.

  3. Dynamic security risk assessment and optimization of power transmission system

    Institute of Scientific and Technical Information of China (English)

    2008-01-01

    The paper presents a practical dynamic security region (PDSR) based dynamic security risk assessment and optimization model for power transmission system. The cost of comprehensive security control and the influence of uncertainties of power injections are considered in the model of dynamic security risk assessment. The transient stability constraints and uncertainties of power injections can be considered easily by PDSR in form of hyper-box. A method to define and classify contingency set is presented, and a risk control optimization model is given which takes total dynamic insecurity risk as the objective function for a dominant con-tingency set. An optimal solution of dynamic insecurity risk is obtained by opti-mizing preventive and emergency control cost and contingency set decomposition. The effectiveness of this model has been proved by test results on the New Eng-land 10-genarator 39-bus system.

  4. 10 CFR 95.49 - Security of automatic data processing (ADP) systems.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security of automatic data processing (ADP) systems. 95.49 Section 95.49 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.49 Security...

  5. Wide Area Measurement Based Security Assessment & Monitoring of Modern Power System: A Danish Power System Case Study

    DEFF Research Database (Denmark)

    Rather, Zakir Hussain; Chen, Zhe; Thøgersen, Paul

    2013-01-01

    Power System security has become a major concern across the global power system community. This paper presents wide area measurement system (WAMS) based security assessment and monitoring of modern power system. A new three dimensional security index (TDSI) has been proposed for online security...... monitoring of modern power system with large scale renewable energy penetration. Phasor measurement unit (PMU) based WAMS has been implemented in western Danish Power System to realize online security monitoring and assessment in power system control center. The proposed security monitoring system has been...

  6. Security Policy Based on Firewall and Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Hemdeep Kaur Bimbraw

    2014-11-01

    Full Text Available Firewalls are usually the first component of network security. They separate networks in different security levels by utilizing network access control policies. The major function of the firewall is to protect the private network from non-legitimate traffic. The main purpose of a firewall system is to control access to or from a protected network. It implements a network access policy by forcing connections to pass through the firewall, where they can be examined and evaluated. Intrusion detection is the process of monitoring and searching networks of computers and systems for security policy violations. Intrusion Detection Systems (IDSs are software or hardware products that automate this monitoring and analysis process. An IDS inspects all inbound and outbound network activity, system logs and events, and identifies suspicious patterns or events that may indicate a network or system attack from someone attempting to break into or compromise a system. The network security in today’s world is a major concern because of increasing threats from malicious users. Therefore, designing a correct network security policy is a challenging task. To design filtering rules to formulate a sound firewall security policy and implement intrusion detection system to capture network packets and detect attacks to fulfill this gap

  7. Security of practical quantum key distribution systems

    Energy Technology Data Exchange (ETDEWEB)

    Jain, Nitin

    2015-02-24

    This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

  8. Biometric Security - Fingerprint Recognition System

    Directory of Open Access Journals (Sweden)

    Alexandra Emanuela Vacarus

    2015-03-01

    Full Text Available The paper presents an application, FingerTouch that provides a secure method of storing usernames and passwords for different types of accounts by using biometric fingerprint authentication. Recent developments in the smartphone area regarding fingerprint authentication on mobile devices is discussed. The purpose of the application and the technologies that were used in the development are described. The features, architecture and implementation of the application are analyzed.

  9. ENDPOINT PROTECTION SECURITY SYSTEM FOR AN ENTERPRISE

    OpenAIRE

    Ruotsalainen, Petri

    2013-01-01

    The thesis subscriber was Metso Shared Services Ltd. The objective was to find out if Microsoft Forefront Endpoint Protection 2010 (FEP) would be secure and cost-effective enough system to fulfill the requirements of the company’s endpoint protection security system. Microsoft FEP was compared and benchmarked with some other most significant endpoint protection products based on the requirements and definitions of the subscriber. The comparison and evaluation were based on investigation a...

  10. Detection and intelligent systems for homeland security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical

  11. Critical infrastructure system security and resiliency

    CERN Document Server

    Biringer, Betty; Warren, Drake

    2013-01-01

    Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and

  12. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  13. Acquiring Secure Systems Through Information Economics

    Science.gov (United States)

    2015-05-01

    Acquiring Secure Systems Through Information Economics Chad Dacus Research Professor of Defense Economics Air Force Research Institute Dr. Pano...to 00-00-2015 4. TITLE AND SUBTITLE Acquiring Secure Systems Through Information Economics 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM...If adversary can hack into mission essential software/hardware, then mission is compromised • Mission assurance requires materiel solutions, educated

  14. Discussion on Security Protection System of Industrial Control System%工业控制系统信息安全防护体系解决方案探讨

    Institute of Scientific and Technical Information of China (English)

    李宁; 王潇茵; 经小川

    2015-01-01

    By analyzing the information security issues of Industry control system (ICS), facing the domestic development situation of ICS and security demand, a set of defense-in-depth for the security demand of ICS of our country are tentatively proposed. This defense system can be considered as a valuable approach for the secure information sharing between ICS and other systems, andmay play an important role for resisting the APT (Advanced Persistent Threat).%本文通过分析国外工业控制系统(ICS)信息安全事件,面向我国ICS发展现状及安全性需求,尝试性地提出了一套包含边界防护和内部防御的ICS信息安全纵深防护体系。希望通过本文的技术探讨,为实现ICS与外部系统在安全互联和数据共享发展趋势下抵抗针对ICS的APT(高级持续性威胁)攻击提供了参考。

  15. Birds of a Feather: Supporting Secure Systems

    Energy Technology Data Exchange (ETDEWEB)

    Braswell III, H V

    2006-04-24

    Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management, PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.

  16. Research on Assessment Model of Information System Security Based on Various Security Factors

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.

  17. Secure Mechanisms for E-Ticketing System

    Directory of Open Access Journals (Sweden)

    Toma Cristian

    2009-12-01

    Full Text Available

    The paper presents a secure authentication and encryption scheme for an automatic ticketing system based on symmetric and asymmetric cryptography. Some concepts and terms used in development of secure automatic ticketing system are presented. It is depicted an architecture of the secure automatic ticketing system with its components and their roles in this architecture. The section five presents the authentication and encryption scheme used for secure information from RFID cards. The authentication scheme is based on RSA and AES algorithms and it is inspired from SSL. Parts of this paper are in publishing process in [6], but the authentication and encryption scheme is described exclusivelly in this paper. The necessity of authentication and encryption scheme is given by the attack described in [7].

     

  18. Secure Mechanisms for E-Ticketing System

    Directory of Open Access Journals (Sweden)

    Toma Cristian

    2009-12-01

    Full Text Available The paper presents a secure authentication and encryption scheme for an automatic ticketing system based on symmetric and asymmetric cryptography. Some concepts and terms used in development of secure automatic ticketing system are presented. It is depicted an architecture of the secure automatic ticketing system with its components and their roles in this architecture. The section five presents the authentication and encryption scheme used for secure information from RFID cards. The authentication scheme is based on RSA and AES algorithms and it is inspired from SSL. Parts of this paper are in publishing process in [6], but the authentication and encryption scheme is described exclusivelly in this paper. The necessity of authentication and encryption scheme is given by the attack described in [7].  

  19. Automated Analysis of Security in Networking Systems

    DEFF Research Database (Denmark)

    Buchholtz, Mikael

    2004-01-01

    It has for a long time been a challenge to built secure networking systems. One way to counter this problem is to provide developers of software applications for networking systems with easy-to-use tools that can check security properties before the applications ever reach the marked. These tools...... will both help raise the general level of awareness of the problems and prevent the most basic flaws from occurring. This thesis contributes to the development of such tools. Networking systems typically try to attain secure communication by applying standard cryptographic techniques. In this thesis...... attacks, and attacks launched by insiders. Finally, the perspectives for the application of the analysis techniques are discussed, thereby, coming a small step closer to providing developers with easy- to-use tools for validating the security of networking applications....

  20. Research on Security Control of Info-Net for Command Information System%指挥信息系统信息网络安全控制研究

    Institute of Scientific and Technical Information of China (English)

    金朝; 杨文; 李英华; 梁良

    2014-01-01

    针对指挥信息系统日益凸显的信息网络安全问题,分析了指挥信息系统结构模型及面临的安全威胁,在此基础上运用网络控制论的原理和方法,建立了指挥信息系统安全控制的基本框架和技术体系,明确了信息网络安全控制的核心内容和技术措施,并举例分析了信息网络安全控制系统的体系结构及组成功能,为有效保障指挥信息系统信息网络安全提供了新的途径和方法。%Focus on the security of Info-Net for command information system of our army,this paper analyses the configuration and the current safety threaten of command information system,use the theory and method of Network Cybernetics to establish basic framework and technology architecture of security control for command information system,defines the kernel and measures of security control, illustrates the architecture framework and function of security control system. It provides a new method to effectively protect the security of Info-Net for command information system.

  1. Secure VM for Monitoring Industrial Process Controllers

    Energy Technology Data Exchange (ETDEWEB)

    Dasgupta, Dipankar [ORNL; Ali, Mohammad Hassan [University of Memphis; Abercrombie, Robert K [ORNL; Schlicher, Bob G [ORNL; Sheldon, Frederick T [ORNL; Carvalho, Marco [Institute of Human and Machine Cognition

    2011-01-01

    In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicated host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.

  2. CORBA security services for health information systems.

    Science.gov (United States)

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7.

  3. ASLan++ — A Formal Security Specification Language for Distributed Systems

    DEFF Research Database (Denmark)

    Von Oheimb, David; Mödersheim, Sebastian Alexander

    2010-01-01

    This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both...... communication and application level. We introduce the main concepts of ASLan++ at a small but very instructive running example, abstracted form a company intranet scenario, that features non-linear and inter-dependent workflows, communication security at different abstraction levels including an explicit...... credentialsbased authentication mechanism, dynamic access control policies, and the related security goals. This demonstrates the flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system...

  4. A Review of the Security of Insulin Pump Infusion Systems

    Science.gov (United States)

    Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

    2011-01-01

    Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. PMID:22226278

  5. A Review of the Security of Insulin Pump Infusion Systems

    Energy Technology Data Exchange (ETDEWEB)

    Klonoff, David C. [Mills-Peninsula Health Services; Paul, Nathanael R [ORNL; Kohno, Tadayoshi [University of Washington, Seattle

    2011-01-01

    Insulin therapy has enabled diabetic patients to maintain blood glucose control to lead healthier lives. Today, rather than manually injecting insulin using syringes, a patient can use a device, such as an insulin pump, to programmatically deliver insulin. This allows for more granular insulin delivery while attaining blood glucose control. The insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this paper we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components including the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but we also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues both for now and in the future.

  6. Security, privacy and trust in cloud systems

    CERN Document Server

    Nepal, Surya

    2013-01-01

    The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

  7. A NEW INVENTION OF ALARM REMINDER LOCKING (ARL SECURITY SYSTEM

    Directory of Open Access Journals (Sweden)

    M.S.M. Effendi

    2016-02-01

    Full Text Available Alarm Reminder Locking (ARL Security System mainly focuses on a door security system, which can install in the door area to increase the security level for home, office room, hostel or other places. This system used Arduino Controller and Global System for Mobile Communication (GSM technology, which is the cheapest source to embed the security system to transmit the Short Message Service (SMS alert data. This device integrates three functions that are alarming, reminder and locked for a purpose of safety and connecting via mobile phone to remind the users through SMS. This device has a 3 modes of operation which is the system will be functional when the door is not improperly closed for the first reminder with the buzzer alert. The second mode is automated locked will be activated when users closed the door, but did not lock manually. Intrusion mode will activate while auto locked modes are interrupted without proper access. All this integrated system will provide high security access against intrusion occurrence. This security device will bring a new benefit to the user to consider about the userfriendly application, low power consumption and reasonable cost to install.

  8. Control systems under attack?

    CERN Document Server

    Lüders, Stefan

    2005-01-01

    The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...

  9. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  10. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  11. Windows 2012 Server network security securing your Windows network systems and infrastructure

    CERN Document Server

    Rountree, Derrick

    2013-01-01

    Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

  12. 基于动态强色散控制的光保密通信系统%Optical secure communication system based on dynamic strong dispersion control

    Institute of Scientific and Technical Information of China (English)

    蔡炬; 白秋剑

    2012-01-01

    提出一种全新的基于动态强色散控制原理的光保密通信方案.首先对基于动态强色散控制的保密通信原理进行阐述,根据给出的光保密通信系统结构原理图对整个系统构成及各部分功能进行了详细分析,然后搭建了一个高速仿真系统,对其可行性和系统性能进行了验证.最后展望了该方案在保密通信领域的应用前途.%A novel solution of optical secure communication system by using dynamic strong dispersion control is proposed. Its theoretical principle and system structure are presented firstly, and then its feasibility and performance are verified by simulation.

  13. Development of Small Marine Host Security and Remote Control System%小型船用主机安保与遥控系统的研制

    Institute of Scientific and Technical Information of China (English)

    劳志鸿; 陈荣保

    2013-01-01

      本文对一个小型船舶推进系统进行简要设计,以西门子S7-200可编程控制器为平台,以转速传感器等测量元件和比例调压阀等执行元件为手段,按照柴油主机工作需要设计安保系统,按照柴油主机的调速原则设计了遥控系统。%T his paper carried out the sim ple design based on a practical sm all ship propulsion system that de-pendson a Siem ensS7-200 PLC asa platform .Speed sensorm easuring elem entand proportionalpressure regulat-ing valve executive com ponents has been chosen as the m eans,in accordance w ith the diesel m ain engine w orking requirem ent to design the security system , and according to the speed control principle to design diesel m ain en-gine rem ote controlsystem .

  14. Design tools for complex dynamic security systems.

    Energy Technology Data Exchange (ETDEWEB)

    Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III (.; ); Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

    2007-01-01

    The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

  15. Enhanced ATM Security System using Biometrics

    Directory of Open Access Journals (Sweden)

    Selina Oko

    2012-09-01

    Full Text Available Because biometrics-based authentication offers several advantages over other authentication methods, there hasbeen a significant surge in the use of biometrics for user authentication in recent years. In this paper the existing security of the ATM (Automated Teller Machine system has been improved by integrating the fingerprint of the user into the banks database as to further authenticate it. This was achieved by modelling and building an ATM simulator that will mimic a typical ATM system. The end result is an enhanced biometric authenticated ATM system that ensures greater security and increased customers confidence in the banking sector.

  16. Microcontroller Based Home Security and Load Controlling Using Gsm Technology

    Directory of Open Access Journals (Sweden)

    Mustafijur Rahman

    2015-03-01

    Full Text Available "Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detection and lock system etc. Furthermore it has advanced security compared to other houses and can send a message to the user for action that occur inside his/her house while he/she is away from home. It can also allow a person to control appliances from a remote location by mobile phone using GSM technology.

  17. Implementing Improved Security and Encryption for Balloon Flight Systems

    Science.gov (United States)

    Denney, Andrew; Stilwell, Bryan D.

    The Columbia Scientific Balloon Facility uses a broad array of communication techniques be-tween its balloon-borne flight systems and ground command and control systems. These com-munication mediums vary from commercially available routing such as e-mail and IP based TCP/UDP protocols to military grade proprietary line-of-sight configurations; each with their own unique benefits and shortfalls. While each new advancement in technology improves secu-rity in some capacity, it does not always address the limitation of older, less advanced security or encryption capabilities. As the proliferation of newer, more commercially viable technologies become common place, safeguarding mission critical applications from unauthorized access and improve data integrity in the process becomes ever more necessary. Therefore, this paper will evaluate several security measures and methods of data encryption; including formalizing a standardized security philosophy that improves and addresses the mixture of established and emerging technologies.

  18. An integrated mobile system for port security

    Energy Technology Data Exchange (ETDEWEB)

    Cester, D. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Fabris, D. [INFN Sezione di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Lunardon, M.; Moretto, S. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Nebbia, G. [INFN Sezione di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Pesente, S.; Stevanato, L.; Viesti, G. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Neri, F.; Petrucci, S.; Selmi, S.; Tintori, C. [CAEN S.p.A., Via Vetraia 11, I-55049, Viareggio LU (Italy)

    2011-07-01

    An integrated mobile system for port security is presented. The system is designed to perform active investigations, by using the tagged neutron inspection technique, of suspect dangerous materials as well as passive measurements of neutrons and gamma rays to search and identify radioactive and special nuclear materials. (authors)

  19. Recent advances in systems safety and security

    CERN Document Server

    Stamatescu, Grigore

    2016-01-01

    This book represents a timely overview of advances in systems safety and security, based on selected, revised and extended contributions from the 2nd and 3rd editions of the International Workshop on Systems Safety and Security – IWSSS, held in 2014 and 2015, respectively, in Bucharest, Romania. It includes 14 chapters, co-authored by 34 researchers from 7 countries. The book provides an useful reference from both theoretical and applied perspectives in what concerns recent progress in this area of critical interest. Contributions, broadly grouped by core topic, address challenges related to information theoretic methods for assuring systems safety and security, cloud-based solutions, image processing approaches, distributed sensor networks and legal or risk analysis viewpoints. These are mostly accompanied by associated case studies providing additional practical value and underlying the broad relevance and impact of the field.

  20. A Highly Secure Mobile Agent System Architecture

    Science.gov (United States)

    Okataku, Yasukuni; Okutomi, Hidetoshi; Yoshioka, Nobukazu; Ohgishi, Nobuyuki; Honiden, Shinichi

    We propose a system architecture for mobile agents to improve their security in the environments of insecure networks and non-sophisticated terminals such as PDAs. As mobile agents freely migrate onto their favorite terminals through insecure networks or terminals, it is not appropriate for them to store some secret information for authentication and encryption/decryption. We introduce one and more secure nodes(OASIS NODE) for securely generating and verifying authentication codes. The each agent’s data are encrypted by a pseudo-chaos cipher mechanism which doesn’t need any floating processing co-processor. We’ve constructed a prototype system on a Java mobile agent framework, “Bee-gent" which implements the proposed authentication and cipher mechanisms, and evaluated their performances and their applicability to business fields such as an auction system by mobile agents.

  1. Artificial immune system applications in computer security

    CERN Document Server

    Tan, Ying

    2016-01-01

    This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

  2. Fuzzy assessment of health information system users' security awareness.

    Science.gov (United States)

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  3. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  4. Design and Implementation of GSM Based Automated Home Security System

    Directory of Open Access Journals (Sweden)

    Love Aggarwal

    2014-05-01

    Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

  5. Secure Dynamic access control scheme of PHR in cloud computing.

    Science.gov (United States)

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  6. Development of an integrated campus security alerting system ...

    African Journals Online (AJOL)

    Development of an integrated campus security alerting system. ... Nigerian Journal of Technology ... (IP) cameras and micro-switches for monitoring security situations thereby providing an immediate alerting signal to the security personnel.

  7. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  8. 安全操作系统中基于客体的保护机制%Security Policies Based on Object in Security-Enhanced Operating System

    Institute of Scientific and Technical Information of China (English)

    金雷; 林志强; 茅兵; 谢立

    2003-01-01

    Security of operation system is the basis of protecting computer system against attack. To resolve more and more problem in security area ,we need an operation system of great security. That require we find an effective method to develop an security-enhanced operation system to meet these needs. Access control is often used in modern operation system. It is based on identity affirm and enforces control to the resources that are required by the identify. In this oaoer we mainly discuss security nolicies based nn nhiect (Mac and Dac).

  9. Network Security Enhancement through Honeypot based Systems

    Directory of Open Access Journals (Sweden)

    S Deepa Lakshmi

    2015-02-01

    Full Text Available Computer Networks and Internet has become very famous nowadays since it satisfies people with varying needs by providing variety of appropriate services. Computer Networks have revolutionized our use of computers. Online bills, shopping, transactions and many other essential activities performed on the go by just a single click from our homes. Though it is a boon in this era, it also has its own risks and weaknesses too. Industries need to tussle to provide security to their networks and indeed not possible to offer a cent per cent security due to the intangible intelligence of hackers intruding into the network. This paper exploits the concept of honeypots for providing security to networks of industries which may not have custom intrusion detection systems or firewalls. The proposed model captures the various techniques used by hackers and creates a log of all hacker activities. Thus using this log, the production network system can be prevented from attackers.

  10. Accounting and Control in Ensuring Economic Security of the Organizations of Perm Region

    OpenAIRE

    2016-01-01

    The article deals with the urgent problem concerning the regional development as well as the specific organization, or to the development of an integrated system of economic security of the organization. The article discusses the importance of such an element of economic security (including the financial security) as the accounting and control as well as their possible violations. The authors substantiate their position on the relationship of the violations of accounting and control and also ...

  11. Blue Rose perimeter defense and security system

    Science.gov (United States)

    Blackmon, F.; Pollock, J.

    2006-05-01

    An in-ground perimeter security system has been developed by the Naval Undersea Warfare Center Division Newport based upon fiber optic sensor technology. The system, called Blue Rose, exploits the physical phenomenon of Rayleigh optical scattering, which occurs naturally in optical fibers used traditionally for Optical Time Domain Reflectometry techniques to detect sound and vibration transmitted by intruders such as people walking or running and moving vehicles near the sensor. The actual sensor is a single-mode optical fiber with an elastomeric coating that is buried in the ground. A long coherence length laser is used to transmit encoded light down the fiber. Minute changes in the fiber in response to the intrusion produce phase changes to the returning backscattered light signal. The return light signal contains both the actual intrusion sound and the location information of where along the fiber the intrusion has occurred. A digital, in-ground, Blue Rose system has been built and is now operational at NUWC. Due to the low cost of the optical fiber sensor and unique benefits of the system, the Blue Rose system provides an advantage in long perimeter or border security applications and also reduces security manning requirements and therefore overall cost for security.

  12. Security and Privacy Issues in Ehealthcare Systems: Towards Trusted Services

    Directory of Open Access Journals (Sweden)

    Isra’a Ahmed Zriqat

    2016-09-01

    Full Text Available Recent years have witnessed a widespread availability of electronic healthcare data record (EHR systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics, or other institutions. To improve the quality of healthcare service, EHRs could be potentially shared by a variety of users. This results in significant privacy issues that should be addressed to make the use of EHR practical. In fact, despite the recent research in designing standards and regulations directives concerning security and privacy in EHR systems, it is still, however, not completely settled out the privacy challenges. In this paper, a systematic literature review was conducted concerning the privacy issues in electronic healthcare systems. More than 50 original articles were selected to study the existing security approaches and figure out the used security models. Also, a novel Context-aware Access Control Security Model (CARE is proposed to capture the scenario of data interoperability and support the security fundamentals of healthcare systems along with the capability of providing fine-grained access control.

  13. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

    Science.gov (United States)

    Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

    2015-01-01

    NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

  14. A survey on the security of cyber-physical systems

    Institute of Scientific and Technical Information of China (English)

    Guangyu WU; Jian SUN; Jie CHEN

    2016-01-01

    Cyber-physical systems (CPSs) are integrations of computation, communication, control and physical processes. Typical examples where CPSs are deployed include smart grids, civil infrastructure, medical devices and manufacturing. Security is one of the most important issues that should be investigated in CPSs and hence has received much attention in recent years. This paper surveys recent results in this area and mainly focusses on three important categories:attack detection, attack design and secure estimation and control. We also discuss several future research directions including risk assessment, modeling of attacks and attacks design, counter-attack strategy and testbed and validation.

  15. Security Games for Cyber-Physical Systems

    DEFF Research Database (Denmark)

    Vigo, Roberto; Bruni, Alessandro; Yuksel, Ender

    2013-01-01

    The development of quantitative security analyses that consider both active attackers and reactive defenders is a main challenge in the design of trustworthy Cyber-Physical Systems. We propose a game-theoretic approach where it is natural to model attacker’s and defender’s actions explicitly...

  16. Wireless security system implemented in a mobile robot

    Directory of Open Access Journals (Sweden)

    Lemuel Uitzil

    2012-07-01

    Full Text Available This paper presents the design and implementation of a security system in which a mobile robot Lego NXT continuously monitors its surroundings while traveling in search of moving objects or people, considered unauthorized elements. An ultrasonic sensor is used for the monitoring. On suspicious movement detection, a warning signal is sent to a computer via Bluetooth technology. The mobile robot motion is observed with a camera that sends images to the computer controlling the robot remotely. The results indicate that the security system is reliable in 85% of cases.

  17. Security on Fingerprint Data Transfer System

    Directory of Open Access Journals (Sweden)

    Hinal Modi

    2015-11-01

    Full Text Available Nowadays, the data can undergo grave modifications (access to the credit cards, the transactions in e-commerce, espionage of the secret information in military domain, theft biometrics information especially through transmissions on the insecure network or internet. Where, it is necess ary to look a robust method to secure the data. In this work we are focusing on matching data pattern along with all security assurance, so that we can provide discrete wavelet transform watermarking and en-decryption using confusion and diffusion method. The encryption method is based on XORing the message bytes and, it is the key used for encryption and decryption that makes the process of cryptography secure because key was automatically taken by system. Its performance with biomet ric information (fingerprint using MATLAB 7.10(R20109.

  18. INTENSIFYING THE SECURITY IN RFID SYSTEMS

    Directory of Open Access Journals (Sweden)

    Jose Reena

    2015-11-01

    Full Text Available Although promising, RFID is not without its challenges, which arise from both technological and usage point of View. A common concern with RFID is data security. Data Security is a key area in RFID usage; with a limited number of public key cryptosystems on passive RFID platforms, the proposed algorithm makes use of Montgomery multiplication primitives to reduce the amount of computation required on the power constrained tag therefore making the proposition viable. Public key cryptography is being suggested for next generation RFID systems to reduce the number of possible attack vectors native to this type of technology. By estimating the area, power and time constraints of the RFID platform, it was determined that the area constraint was the critical variable in determining the maximum implementable security variable. Although the application of this algorithm has been targeted for passive HF RFID platforms, the algorithm could be used in other low power, sized constrained applications.

  19. Security on Fingerprint Data Transfer System

    Directory of Open Access Journals (Sweden)

    Hinal Modi

    2014-05-01

    Full Text Available Nowadays, the data can undergo grave modifications (access to the credit cards, the transactions in e-commerce, espionage of the secret information in military doma in, theft bio metrics information especially through transmissions on the insecure network or internet. Where, it is necessary to look a robust method to secure the data. In this work we a re focusing on matching data pattern along with all security assurance, so that we can provide discrete wavelet transform watermarking and en-decryption using confusion and diffusion method. The encryption method is based on XORing the message bytes and, it is the key used for encryption and decryption that makes the process of cryptography secure because key was automatically taken by system.Its performance with bio met ric information (finger print using MATLA B 7.10(R20109.

  20. Power Line Communication Based Home Security System

    Directory of Open Access Journals (Sweden)

    Sankalp N. Gujar

    2013-11-01

    Full Text Available The aim of this paper is to demonstrate the use of Power line (A.C mains based security system i.e. developing the hardware for a microcontroller module that is to be interfaced to sensors which will detect breaches in security and developing a power line communication modem for sending/receiving data from the microcontroller modules over the power line. As soon as any one of the sensors in an establishment is triggered, the microcontroller will send data to the power line communication modem over UART. The modem will then convert the incoming data into a packet, modulate it using ASK and transmit it over the power line through the coupling circuit. The modem at the security cabin will demodulate this packet and send it to the microcontroller over UART. The microcontroller then activates the alarm and displays the location and nature of the breach on the display

  1. Adaptive security systems -- Combining expert systems with adaptive technologies

    Energy Technology Data Exchange (ETDEWEB)

    Argo, P.; Loveland, R.; Anderson, K. [and others

    1997-09-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting.

  2. A Secure Time-Stamp Based Concurrency Control Protocol For Distributed Databases

    Directory of Open Access Journals (Sweden)

    Shashi Bhushan

    2007-01-01

    Full Text Available In distributed database systems the global database is partitioned into a collection of local databases stored at different sites. In this era of growing technology and fast communication media, security has an important role to play. In this paper we presented a secure concurrency control protocol (SCCP based on the timestamp ordering, which provides concurrency control and maintains security. We also implemented SCCP and a comparison of SCCP is presented in three cases (High, Medium and Low security levels. In this experiment, It is observed that throughput of the system decreases as the security level of the transaction increases, i.e., there is tradeoff between the security level and the throughput of the system.

  3. Infrared: A Key Technology for Security Systems

    Directory of Open Access Journals (Sweden)

    Carlo Corsi

    2012-01-01

    Full Text Available Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due to the coolers avoidance, low cost, and, overall, completely integrable with Silicon technology FPAs, especially designed and tailored for specific applications, smart sensors, has really been impacted with revolutionary and new ideas and system concepts in all the infrared fields, especially for security applications. Lastly, the advent of reliable Infrared Solid State Laser Sources, operating up to the Long Infrared Wavelength Band and the new emerging techniques in Far Infrared Submillimeter Terahertz Bands, has opened wide and new areas for developing new, advanced security systems. A review of all the items with evidence of the weak and the strong points of each item, especially considering possible future developments, will be reported and discussed.

  4. System and method for key generation in security tokens

    Energy Technology Data Exchange (ETDEWEB)

    Evans, Philip G.; Humble, Travis S.; Paul, Nathanael R.; Pooser, Raphael C.; Prowell, Stacy J.

    2015-10-27

    Functional randomness in security tokens (FRIST) may achieve improved security in two-factor authentication hardware tokens by improving on the algorithms used to securely generate random data. A system and method in one embodiment according to the present invention may allow for security of a token based on storage cost and computational security. This approach may enable communication where security is no longer based solely on onetime pads (OTPs) generated from a single cryptographic function (e.g., SHA-256).

  5. Virtual machine vs Real Machine: Security Systems

    Directory of Open Access Journals (Sweden)

    Dr. C. Suresh Gnana Das

    2009-08-01

    Full Text Available This paper argues that the operating system and applications currently running on a real machine should relocate into a virtual machine. This structure enables services to be added below the operating system and to do so without trusting or modifying the operating system or applications. To demonstrate the usefulness of this structure, we describe three services that take advantage of it: secure logging, intrusion prevention and detection, and environment migration. In particular, we can provide services below the guest operating system without trusting or modifying it. We believe providing services at this layer are especially useful for enhancing security and mobility. This position paper describes the general benefits and challenges that arise from running most applications in a virtual machine, and then describes some example services and alternative ways to provide those services.

  6. Security threat assessment of an Internet security system using attack tree and vague sets.

    Science.gov (United States)

    Chang, Kuei-Hu

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

  7. Enhanced ATM Security System using Biometrics

    OpenAIRE

    Selina Oko; Jane Oruh

    2012-01-01

    Because biometrics-based authentication offers several advantages over other authentication methods, there hasbeen a significant surge in the use of biometrics for user authentication in recent years. In this paper the existing security of the ATM (Automated Teller Machine) system has been improved by integrating the fingerprint of the user into the banks database as to further authenticate it. This was achieved by modelling and building an ATM simulator that will mimic a typical ATM system. ...

  8. Confidentiality and Security in Medical Information Systems

    Directory of Open Access Journals (Sweden)

    Victor Papanaga

    2008-11-01

    Full Text Available Behind the technologies Medical System contains different types of information including patient information also. The patient data is classified as confidential and is one of the patient rights based on World Health Organization declaration. There are several compromises in solutions selection based on hardware and software requirements, performance, usability, portability. This article presents the investigation results and proposes the secured solution principles for the medical system that deal with patient data.

  9. 基于RBAC的文件级分布式安全访问控制系统的研究%Research on a File Level Distributed Secure Access Control System Based on RBAC

    Institute of Scientific and Technical Information of China (English)

    王俊; 贾连兴; 姚海潮; 何建平

    2011-01-01

    访问控制技术能够有效避免对数据的非法访问,增强对用户行为的管理.依托分布式并行文件系统GlusterFS,结合RBAC思想,设计了一个文件级分布式安全访问控制系统—Distributed Secure Access Control System(DSAS).重点研究了存储系统中RBAC机制的实现方法,提出了基于角色证书的用户身份验证及角色授权机制.测试结果表明,DSAS系统在满足数据安全性需求的同时,同样能够较好地满足存储系统性能需求.%Access control technology can effectively avoid the unauthorized access for data and strengthen the management to the customer behavior. Depended on the distributed parallel file system GlusterFS and combined with the principles of RBAC, this paper designed a file level Distributed Secure Access Control System(DSAS), mainly studied the carrying out of RBAC mechanism method in the storage system, put forward customer identity verification and role authorization mechanism based on the role credential. Test results illustrated that DSAS system can be well fulfill the need for data reliability and security and the need for storage system performance.

  10. Global System for Mobile Communication Based Smart Home Security System

    Directory of Open Access Journals (Sweden)

    Amrit Zoad

    2014-07-01

    Full Text Available Home security system is needed for occupants' convenience and safety. In this paper, we present the design and implementation of an affordable, low power consumption, and GSM (Global System for Mobile Communication based wireless home security system. In existing system, the home network is engaged with non-wireless technology, where the installation and maintenance is difficult. So the system cost is very high. In our proposed system, these difficulties are overcome by introducing a wireless home network which contains a GPRS Gateway and three kinds of security nodes namely door security node, anti intrusion node and SMS node to inform the user. The nodes are easy installing. All the three nodes are connected to the microcontroller.

  11. Construction of Information Security System of the Drug Control Institution under the New Situation%新形势下药品检验机构信息安全体系的构建

    Institute of Scientific and Technical Information of China (English)

    李健; 陈为; 曹洪英

    2015-01-01

    Construction of information security system in drug control institutions is related to the safe and stable operation of the entire drug control organization. This paper introduces the challenges and management requirements in the ifeld of information security in our country under the current situation, summarizes the current situation of information security and risks. Form four aspects of principle and thinking and technical framework, technical measures, and operation and maintenance mode, the construction of information security system of drug control institutions is studied to provide the technical framework of information security in drug control institutions covering multiple levels of physics, host, application, network and data, so as to guarantee the safe and stable operation of drug control institutions.%药检机构信息安全体系建设关系整个药检机构的安全稳定运行,本文介绍了当前形势下我国信息安全领域面临的挑战和管理要求,总结了药检机构目前的信息安全现状和存在的风险,并从构建药检机构信息安全体系的原则与整体思路、技术架构、技术措施、管理运维模式4个方面进行研究,给出了构建覆盖物理、主机、应用、网络、数据多个层面的药检机构信息安全技术架构,以期达到有效保障药检机构安全稳定运行的目的。

  12. Command and Control during Security Incidents/Emergencies

    Energy Technology Data Exchange (ETDEWEB)

    Knipper, W. [NSTec

    2013-10-16

    This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

  13. Report: ECHO Data Quality Audit – Phase I Results: The Integrated Compliance Information System Needs Security Controls to Protect Significant Non-Compliance Data

    Science.gov (United States)

    Report #09-P-0226, August 31, 2009. End users of the Permit Compliance System and Integrated Compliance Information System National Pollutant Discharge Elimination System can override the Significant Non-Compliance data field without more access controls.

  14. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Data Security for Toxic... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997)...

  15. Globally reasoning about localised security policies in distributed systems

    CERN Document Server

    Hernandez, Alejandro Mario

    2012-01-01

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative way of model checking the not-yet-induced LTS, by using the system design directly. This may lead to over-approximation th...

  16. Using a Cluster for Securing Embedded Systems

    Directory of Open Access Journals (Sweden)

    Mohamed Salim LMIMOUNI

    2016-09-01

    Full Text Available In today's increasingly interconnected world, the deployment of an Intrusion Detection System (IDS is becoming very important for securing embedded systems from viruses, worms, attacks, etc. But IDSs face many challenges like computational resources and ubiquitous threats. Many of these challenges can be resolved by running the IDS in a cluster to allow tasks to be parallelly executed. In this paper, we propose to secure embedded systems by using a cluster of embedded cards that can run multiple instances of an IDS in a parallel way. This proposition is now possible with the availability of new low-power single-board computers (Raspberry Pi, BeagleBoard, Cubieboard, Galileo, etc.. To test the feasibility of our proposed architecture, we run two instances of the Bro IDS on two Raspberry Pi. The results show that we can effectively run multiple instances of an IDS in a parallel way on a cluster of new low-power single-board computers to secure embedded systems.

  17. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  18. Security analysis of interconnected AC/DC systems

    DEFF Research Database (Denmark)

    Eriksson, Robert

    2015-01-01

    This paper analyses N-1 security in an interconnected ac/dc transmission system using power transfer distribution factors (PTDFs). In the case of a dc converter outage the power needs to be redistributed among the remaining converter to maintain power balance and operation of the dc grid. The red......This paper analyses N-1 security in an interconnected ac/dc transmission system using power transfer distribution factors (PTDFs). In the case of a dc converter outage the power needs to be redistributed among the remaining converter to maintain power balance and operation of the dc grid...... voltage control design consider the power distribution for a converter outage. By proper design and utilizing the proposed method increases the N-1 security and the secure transfer limits. This article proposes a method which minimizes the 2-norm of the sum of the PTDFs with constraints of not violating...... any line or transformer limits. Simulations were performed in a model of the Nordic power system where a dc grid is placed on top. The simulation supports the method as a tool to consider transfer limits in the grid to avoid violate the same and increase the security after a converter outage....

  19. Shared Electronic Health Record Systems: Key Legal and Security Challenges.

    Science.gov (United States)

    Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

    2017-05-01

    Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

  20. Cyber Security: Critical Infrastructure Controls Assessment Framework

    Science.gov (United States)

    2011-05-01

    recoverability Storm and Lightning Fire Chemical Leakage Nuclear Leakage n ercep on & Spoofing, Hacking Sabotage or Vandalism 4 capability 5...Action  10. ICS – Infrastructure Control System 11. IEC  – International Electrochemical  Commission 12. IED – Intelligent Electronic Devices 13 IEEE

  1. Secure Data Network System (SDNS) network, transport, and message security protocols

    Science.gov (United States)

    Dinkel, C.

    1990-03-01

    The Secure Data Network System (SDNS) project, implements computer to computer communications security for distributed applications. The internationally accepted Open Systems Interconnection (OSI) computer networking architecture provides the framework for SDNS. SDNS uses the layering principles of OSI to implement secure data transfers between computer nodes of local area and wide area networks. Four security protocol documents developed by the National Security Agency (NSA) as output from the SDNS project are included. SDN.301 provides the framework for security at layer 3 of the OSI Model. Cryptographic techniques to provide data protection for transport connections or for connectionless-mode transmission are described in SDN.401. Specifications for message security service and protocol are contained in SDN.701. Directory System Specifications for Message Security Protocol are covered in SDN.702.

  2. The security system at European airports - Tour d’Horizon

    NARCIS (Netherlands)

    Rekiel, J.; de Wit, J.

    2013-01-01

    This paper aims to provide an analysis of the existing security system at European airports. At first, the security is defined and the considerations of the air passenger security on the ground and in the air are discussed. Subsequently, current aspects shaping the European aviation security policy

  3. The security system at European airports - Tour d’Horizon

    NARCIS (Netherlands)

    Rekiel, J.; de Wit, J.

    2013-01-01

    This paper aims to provide an analysis of the existing security system at European airports. At first, the security is defined and the considerations of the air passenger security on the ground and in the air are discussed. Subsequently, current aspects shaping the European aviation security policy

  4. The university computer network security system

    Institute of Scientific and Technical Information of China (English)

    张丁欣

    2012-01-01

    With the development of the times, advances in technology, computer network technology has been deep into all aspects of people's lives, it plays an increasingly important role, is an important tool for information exchange. Colleges and universities is to cultivate the cradle of new technology and new technology, computer network Yulu nectar to nurture emerging technologies, and so, as institutions of higher learning should pay attention to the construction of computer network security system.

  5. The Information Security Management System, Development and Audit

    OpenAIRE

    Traian SURCEL; Cristian AMANCEI

    2007-01-01

    Information security management system (ISMS) is that part of the overall management system, based on a business risk approach, that it is developed in order to establish, implement, operate, monitor, review, maintain and improve information security

  6. The Information Security Management System, Development and Audit

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available Information security management system (ISMS is that part of the overall management system, based on a business risk approach, that it is developed in order to establish, implement, operate, monitor, review, maintain and improve information security

  7. [The security system of SIEMENS digital linear accelerator].

    Science.gov (United States)

    Wang, Jianping

    2013-03-01

    The security system plays an important role to protect the safety of patients and equipment in radiotherapy. The principle and structure of three kinds of security system of the Siemens digital linear accelerator were analyzed with some examples.

  8. Home Automation and Security System Using Android ADK

    Directory of Open Access Journals (Sweden)

    Deepali Javale

    2013-03-01

    Full Text Available Today we are living in 21st century where automation is playing important role in human life. Home automation allows us to control household appliances like light, door, fan, AC etc. It also provides home security and emergency system to be activated. Home automation not only refers to reduce human efforts but also energy efficiency and time saving. The main objective of home automation and security is to help handicapped and old aged people which will enable them to control home appliances and alert them in critical situations.This paper put forwards the design of home automation and security system using Android ADK. The design is based on a standalone embedded system board Android ADK(Accessory Development Kit at home. Home appliances are connected to the ADK and communication is established between the ADK and Android mobile device or tablet. The home appliances are connected to the input/output ports of the embedded system board and their status is passed to the ADK. We would develop an authentication to the system for authorized person to access home appliances. The device with low cost and scalable to less modification to the core is much important. It presents the design and implementation of automation system that can monitor and control home appliances via android phone or tablet.

  9. 49 CFR 1542.207 - Access control systems.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  10. A Security Framework for Systems of Systems

    NARCIS (Netherlands)

    Trivellato, Daniel; Zannone, Nicola; Etalle, Sandro

    2011-01-01

    Systems of systems consist of a wide variety of dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, this new paradigm has a strong impact on system

  11. Designing a Secure Point-of-Sale System

    DEFF Research Database (Denmark)

    Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

    2006-01-01

    This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

  12. Security Risks, Low-tech User Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems

    Energy Technology Data Exchange (ETDEWEB)

    Paul, Nathanael R [ORNL; Kohno, Tadayoshi [University of Washington, Seattle

    2012-01-01

    Portable implantable medical device systems are playing a larger role in modern health care. Increasing attention is now being given to the wireless control interface of these systems. Our position is that wireless security in portable implantable medical device systems is just a part of the overall system security, and increased attention is needed to address low-tech security issues.

  13. Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

    CERN Document Server

    Hilker, Michael

    2008-01-01

    Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.

  14. A threat intelligence framework for access control security in the oil industry

    Science.gov (United States)

    Alaskandrani, Faisal T.

    The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

  15. Tender evaluation and selection of condition security system for gas turbine (and boiler-) control; Offerte-evaluatie en selectie van conditiebewakingssyteem voor gasturbine- (en ketel-) bewaking

    Energy Technology Data Exchange (ETDEWEB)

    De Ruijter, J.A.F. [KEMA Procesautomatisering en Informatietechnologie, Arnhem (Netherlands)

    1994-12-31

    Condition control systems for gas turbines and boilers in electric power generating plants can play an important part in improving the efficiency, in increasing the availability and in realizing state-dependent maintenance. On the basis of a specification document, tenders for condition control systems for gas turbines are invited at different suppliers, focusing on thermodynamic performance control. Also attention was paid to possibilities to extend the control with mechanical control for the gas turbines and with control modules for the other sections of the power generating units (boiler and steam turbines). One condition control system, based on the DATM4-system of Boyce Engineering International has been chosen and will be demonstrated in unit 10 of the power plant Bergum of the Dutch electric utility EPON

  16. Security for small computer systems a practical guide for users

    CERN Document Server

    Saddington, Tricia

    1988-01-01

    Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

  17. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  18. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  19. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  20. Security Management in a Multimedia System

    Science.gov (United States)

    Rednic, Emanuil; Toma, Andrei

    2009-01-01

    In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

  1. The User-level Security of Mobile Communication Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    This paper studies the user-level security of mobile systems. The current mobile phone users trust the invisible security of the 2G systems. The evolution from the second-generation mobile systems (2G) to the third generation systems (3G) will introduce the threats and opportunities of the Internet to the world of mobile communications. From the technical point of view, the new security requirements are similar to the security requirements met with today in a company Intranet environment. There is, however, one great difference; the charge paid for accessing the service. In future the users of mobile systems will have to be more aware of the security issues.

  2. Appropriateness of using integrated security systems for better protection against terroristic threats to objects of high importance, vulnerable to acts of sabotage

    OpenAIRE

    Rogozhin, Alexander; Drimba, Stanislav; Gerba, Julius

    2008-01-01

    Questions of integrated security systems design of a large industrial object of vital importance, and choice of the optimal construction option, are described in the article. A structure of integrated security system, providing complete security of objects, is suggested by means of the following subsystems integration: access control, video surveillance, security and fire protection alarm system and life-support control.

  3. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  4. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  5. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, de...

  6. Security Techniques for Sensor Systems and the Internet of Things

    Science.gov (United States)

    Midi, Daniele

    2016-01-01

    Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

  7. A systemic and cognitive approach for IoT security

    OpenAIRE

    Riahi, Arbia; Natalizio, Enrico; Challal, Yacine; Mitton, Nathalie; Iera, Antonio

    2014-01-01

    Invited Paper; International audience; The Internet of Things (IoT) will enable objects to become active participants of everyday activities. Introducing objects into the control processes of complex systems makes IoT security very difficult to address. Indeed, the Internet of Things is a complex paradigm in which people interact with the technological ecosystem based on smart objects through complex processes. The interactions of these four IoT components, person, intelligent object, technol...

  8. Intelligent Facial Recognition Systems: Technology advancements for security applications

    Energy Technology Data Exchange (ETDEWEB)

    Beer, C.L.

    1993-07-01

    Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g., fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.

  9. Access control and personal identification systems

    CERN Document Server

    Bowers, Dan M

    1988-01-01

    Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

  10. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

    Science.gov (United States)

    Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

    2015-01-01

    NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

  11. Security Processing for High End Embedded System with Cryptographic Algorithms

    Directory of Open Access Journals (Sweden)

    M.Shankar

    2012-01-01

    Full Text Available This paper is intended to introduce embedded system designers and design tool developers to the challenges involved in designing secure embedded systems. The challenges unique to embedded systems require new approaches to security covering all aspects of embedded system design from architecture to implementation. Security processing, which refers to the computations that must be performed in a system for the purpose of security, can easily overwhelm thecomputational capabilities of processors in both low- and highendembedded systems. The paper also briefs on the security enforced in a device by the use of proprietary security technology and also discusses the security measures taken during the production of the device. We also survey solution techniques to address these challenges, drawing from both current practice and emerging esearch, and identify open research problems that will require innovations in embedded system architecture and design methodologies.

  12. A Holistic and Immune System inspired Security Framework

    OpenAIRE

    Mwakalinga, G. Jeffy; Yngström, Louise; Kowalski, Stewart

    2009-01-01

    This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve t...

  13. A secure identification system using coherent states

    Institute of Scientific and Technical Information of China (English)

    He Guang-Qiang; Zeng Gui-Hua

    2006-01-01

    A quantum identification system based on the transformation of polarization of a mesoscopic coherent state is proposed. Physically, an initial polarization state which carries the identity information is transformed into an arbitrary elliptical polarization state. To verify the identity of a communicator, a reverse procedure is performed by the receiver. For simply describing the transformation procedure, the analytical methods of Poincare sphere and quaternion are adopted. Since quantum noise provides such a measurement uncertainty for the eavesdropping that the identity information cannot be retrieved from the elliptical polarization state, the proposed scheme is secure.

  14. Information Systems Security Products and Services Catalogue.

    Science.gov (United States)

    1992-01-01

    Guardian -90 Trusted XENIX Trusted XENIX running on 286/386 Clones A Series OS 1100 OS 1100/2200 Release SB3R6 VSLAN 5.0 SVS/OS CAP 1.0...486-6579 William J. Buer (408) 725-6000 Product Description Security Enhanced VMS - C/B Guardian -90 - C 4-2b.2 III. Network Systems and Network... Diablo 630 HP LaserJet + (HP-PCL) HP 7475A Plotter (HP-GL) Memory: 2MB RAM (3MB RAM optional), 1MB ROM Paper Size: Letter, Legal, A4, envelopes

  15. Agricultural pest control programmes, food security and safety | Eze ...

    African Journals Online (AJOL)

    Agricultural pest control programmes, food security and safety. ... of some of the pests to the chemical pesticides, coupled with potential health hazards on the ... or post harvest treatments and basic information regarding the individual farmer or ...

  16. Securing Communication in Ambient Networks for Speech Therapy Systems

    Directory of Open Access Journals (Sweden)

    ZAHARIA, M. H.

    2007-11-01

    Full Text Available One of the most present issues of computer wireless networks is the security. Comparing with their wired counterpart, the wireless networks not only accentuate some of the well-known security vulnerabilities but they are subject of new and specific ones. Among the existing wireless networks the ad hoc ones are the most exposed to attacks and collusions due to the absence of any centralized control. The most efficient way to ensure the communication secrecy, inclusively for ad hoc wireless networks, is the cryptography. From many reasons, following from specific operating conditions, the employment of asymmetric key techniques and Public Key Infrastructure is not a realistic choice. In the networks with a large number of nodes, as wireless sensor networks, a large number of secret keys are involved in order to ensure the communication secrecy. While dynamicity is one of the essential features of mobile wireless networks, when nodes may leave or join the network and in the absence of a centralized control entity, the management of secret keys is crucial. The paper presents the main aspects of mobile wireless networks security and focuses on the key management issue in ad-hoc wireless networks.In this paper the problem of securing mobile devices used in ambient networks for speech therapy is presented. The main target consists in making various mobile devices involved in speech therapy to maintain both the confidentiality of personal data of the patient and also to avoid interference when simultaneous communicate with the control center. Due to non-technical type of user all password management will be made automatic by the control system. As result the mobile device will have a user transparent security layer added. The problem of people from isolated community treatment is also solved by this approach.

  17. Designing Fuzzy Rule Based Expert System for Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2016-01-01

    The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

  18. A Multilevel Transaction Problem for Multilevel Secure Database Systems and its Solution for the Replicated Architecture

    Science.gov (United States)

    1992-01-01

    interesting a research issue. An algorithm for this case, using a multiversion technique, will be the subject of future work. In addition, there is a...34 Multiversion Concurrency Control for Multilevel Secure Database Systems" in Proceedings of the IEEE Symposium on Security and Privacy, pp. 369-383...Oakland, CA May 1990. 7. William T. Maimone and Ira B. Greenberg, "Single-Level Multiversion Schedulers for Multilevel Secure Database Systems" in

  19. Random digital encryption secure communication system

    Science.gov (United States)

    Doland, G. D. (Inventor)

    1982-01-01

    The design of a secure communication system is described. A product code, formed from two pseudorandom sequences of digital bits, is used to encipher or scramble data prior to transmission. The two pseudorandom sequences are periodically changed at intervals before they have had time to repeat. One of the two sequences is transmitted continuously with the scrambled data for synchronization. In the receiver portion of the system, the incoming signal is compared with one of two locally generated pseudorandom sequences until correspondence between the sequences is obtained. At this time, the two locally generated sequences are formed into a product code which deciphers the data from the incoming signal. Provision is made to ensure synchronization of the transmitting and receiving portions of the system.

  20. Secure Logistic Management System Using Wireless Technologies

    Directory of Open Access Journals (Sweden)

    K.R. Prasanna

    2012-06-01

    Full Text Available This study proposes an idea of solving problems arising in logistics management, with the aid of wireless communication technologies like RFID, GSM and GPS. This study includes the modules of goods delivery status, vehicle location tracking, overloading of goods, interlocking system and finding out the misplaced goods. The integrated system consists of RFID and GPS technology for goods count and vehicle tracking. Overloading of goods is identified with the help of the weight sensors. If the goods are misplaced, the secure system will indicate the authorized base station and will not allow the vehicle to move. If the wrong goods are taken out from the cargo the buzzer will be ON and the message will be intimated to the concerned person through GSM.

  1. Security aspects of RFID communication systems

    Science.gov (United States)

    Bîndar, Valericǎ; Popescu, Mircea; Bǎrtuşicǎ, Rǎzvan; Craciunescu, Razvan; Halunga, Simona

    2015-02-01

    The objective of this study is to provide an overview of basic technical elements and security risks of RFID communication systems and to analyze the possible threats arising from the use of RFID systems. A number of measurements are performed on a communication system including RFID transponder and the tag reader, and it has been determined that the uplink signal level is 62 dB larger than the average value of the noise at the distance of 1m from the tag, therefore the shielding effectiveness has to exceed this threshold. Next, the card has been covered with several shielding materials and measurements were carried, under similar conditions to test the recovery of compromising signals. A very simple protection measure to prevent unauthorized reading of the data stored on the card has been proposed, and some electromagnetic shielding materials have been proposed and tested.

  2. Selection of Model in Developing Information Security Criteria for Smart Grid Security System

    CERN Document Server

    Ling, Amy Poh Ai

    2011-01-01

    At present, the "Smart Grid" has emerged as one of the best advanced energy supply chains. This paper looks into the security system of smart grid via the smart planet system. The scope focused on information security criteria that impact on consumer trust and satisfaction. The importance of information security criteria is perceived as the main aspect to impact on customer trust throughout the entire smart grid system. On one hand, this paper also focuses on the selection of the model for developing information security criteria on a smart grid.

  3. Security in the CernVM File System and the Frontier Distributed Database Caching System

    CERN Document Server

    Dykstra, David

    2014-01-01

    Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently both CVMFS and Frontier have added X509-based integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

  4. Security in the CernVM File System and the Frontier Distributed Database Caching System

    Energy Technology Data Exchange (ETDEWEB)

    Dykstra, D.; Blomer, J. [CERN

    2014-01-01

    Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

  5. Research on Framework Design of Industrial Control System for Cyber-Security Defenses%工业控制系统网络安全防护体系研究

    Institute of Scientific and Technical Information of China (English)

    陈亚亮; 杨海军; 姚钦锋; 戴沁芸

    2013-01-01

    文章在阐述工业控制系统(ICS)网络概念与特点的基础上,深入分析其安全威胁及脆弱性,提出运用“深度防御”思想,以ICS资产功能及重要性为安全域划分依据,从技术与管理两个维度设计适用于ICS的网络安全防护体系。%Security threats and vulnerabilities are analyzed in depth in this paper, which is based on the network concept and the characteristic of the industrial control system (ICS). Subsequently, Framework design of industrial control system for cyber-security defenses is proposed by the use of“defense-in-depth”thought, combining with technology and management measures, separating the function and the importance of ICS asset into several security zones.

  6. Preventive Security-Constrained Optimal Power Flow Considering UPFC Control Modes

    Directory of Open Access Journals (Sweden)

    Xi Wu

    2017-08-01

    Full Text Available The successful application of the unified power flow controller (UPFC provides a new control method for the secure and economic operation of power system. In order to make the full use of UPFC and improve the economic efficiency and static security of a power system, a preventive security-constrained power flow optimization method considering UPFC control modes is proposed in this paper. Firstly, an iterative method considering UPFC control modes is deduced for power flow calculation. Taking into account the influence of different UPFC control modes on the distribution of power flow after N-1 contingency, the optimization model is then constructed by setting a minimal system operation cost and a maximum static security margin as the objective. Based on this model, the particle swarm optimization (PSO algorithm is utilized to optimize power system operating parameters and UPFC control modes simultaneously. Finally, a standard IEEE 30-bus system is utilized to demonstrate that the proposed method fully exploits the potential of static control of UPFC and significantly increases the economic efficiency and static security of the power system.

  7. The enhancement of security in healthcare information systems.

    Science.gov (United States)

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  8. PECULIARITIES OF CONSTRUCTION PROFILES OF SECURITY SYSTEMS OF INFORMATION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Olga V. Lukinova

    2015-01-01

    Full Text Available Examines the specific issues of building functional and technological profiles of the security systems to ensure the safety of information systems in the paradigm of functional standardization; shows a view of the system of protection based on the model of OSE/RM; studied the composition and structure of the concept of "defense mechanism" for the purpose of profiling third instalment correction representation of the system of protection.

  9. Secure Open Systems an Investigation of Current Standardisation Efforts for Security in Open Systems

    Science.gov (United States)

    1992-06-01

    promofeonderzoek SEDIS (Securable Distributed Information Systems). Dit projekt beoogt inzicht te verwerven in. en bij te dragen aan beveiliging in gedistribueerde...no direct communication between peers, except at the lowest level. The vertical arrows denote the actual route of the flow. Figure 1: Elements of an

  10. InkTag: Secure Applications on an Untrusted Operating System.

    Science.gov (United States)

    Hofmann, Owen S; Kim, Sangman; Dunn, Alan M; Lee, Michael Z; Witchel, Emmett

    2013-01-01

    InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.

  11. New technology for food systems and security.

    Science.gov (United States)

    Yau, N J Newton

    2009-01-01

    In addition to product trade, technology trade has become one of the alternatives for globalization action around the world. Although not all technologies employed on the technology trade platform are innovative technologies, the data base of international technology trade still is a good indicator for observing innovative technologies around world. The technology trade data base from Sinew Consulting Group (SCG) Ltd. was employed as an example to lead the discussion on security or safety issues that may be caused by these innovative technologies. More technologies related to processing, functional ingredients and quality control technology of food were found in the data base of international technology trade platform. The review was conducted by categorizing technologies into the following subcategories in terms of safety and security issues: (1) agricultural materials/ingredients, (2) processing/engineering, (3) additives, (4) packaging/logistics, (5) functional ingredients, (6) miscellaneous (include detection technology). The author discusses examples listed for each subcategory, including GMO technology, nanotechnology, Chinese medicine based functional ingredients, as well as several innovative technologies. Currently, generation of innovative technology advance at a greater pace due to cross-area research and development activities. At the same time, more attention needs to be placed on the employment of these innovative technologies.

  12. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Science.gov (United States)

    2010-02-23

    ... Security Management System of Records AGENCY: Privacy Office; DHS. ACTION: Notice of Privacy Act system of... to update and reissue Department of Homeland Security/ALL--023 Personnel Security Management System... routine uses of this system have been reviewed and updated to reflect the personnel security...

  13. Secure Documents Sharing System for Cloud Environments

    OpenAIRE

    Abolafya, Natan

    2012-01-01

    With the current trend of cloud services available in every market area in IT business, it is somewhat surprising that security services are not migrated to the cloud widely. Security as a Service (SECaaS) model is hardly popular at the moment even though the infrastructure of the cloud, or web, can support most of the functionalities of conventional distributed security services. Another uncommon phenomenon in the cloud is sharing secure files with multi-tenant support. This kind of service ...

  14. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  15. Planning Security Services for IT Systems

    OpenAIRE

    Henderson, Marie; Page, Howard Philip

    2014-01-01

    Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a 'business tool'.

  16. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  17. Primary, secondary and tertiary frequency control in dynamic security analyses of electric power interconnections

    Directory of Open Access Journals (Sweden)

    Ivanović Milan

    2012-01-01

    Full Text Available This paper presents the incorporation of primary, secondary and tertiary frequency control in the dynamic security analyses of electric power interconnections. This was done in accordance with the wider environment of the existing state of the Serbian power system. The improved software for dynamic security analysis has been tested on the regional transmission network, which includes power systems of Serbia, Montenegro, Bosnia and Herzegovina, Croatia, Hungary, Macedonia, Romania, Bulgaria, Greece and Albania.

  18. Quantitative Vulnerability Assessment of Cyber Security for Distribution Automation Systems

    Directory of Open Access Journals (Sweden)

    Xiaming Ye

    2015-06-01

    Full Text Available The distribution automation system (DAS is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS. The results demonstrate the reasonability and effectiveness of the proposed methodology.

  19. 智能安全稳控系统在风电集中接入电网中的应用%Application of Intelligent Security and Stability Control System to Power Grid with Large Scale Wind Power

    Institute of Scientific and Technical Information of China (English)

    王春华; 郭雷; 王建勋; 高培生

    2012-01-01

    吉林省松原、白城地区(简称松白)电网大量风电集中接入,火电亦超常规发展,并且电磁环网问题突出,送出压力与日俱增,同塔并架的500 kV输电通道故障失去后存在严重的稳定问题.为此在该区域8个厂站配置了安全稳定控制装置,组成松白电网智能安全稳定控制系统.系统采取分区分层设计,自动获取电网信息和识别故障类型,根据预设策略采取快速切风电、再切火电的措施保证电网安全稳定运行.介绍了松白电网安全稳定控制系统的配置、设计、策略及仿真计算情况.结果表明,此系统可以保证电网严重故障后的安全稳定运行,提高松白电网的输送能力.%Increasing power transmission pressures are brought on Songbai power grid of Jilin province by concentrated accession of wind power and thermal power. And serious stability problems will be caused by the 500 kV multiple-circuit transmission lines at concurrent fault. An intelligent security and stability control system was built for Songbai power grid in order to solve those problems, which consists of stability control devices in eight stations (power plants). The system is designed by using layering and zoning strategy and can automatically identify the power grid information and fault types and rapidly cut off the wind power plants and thermal power plants in turn to protect the stability of power system according to the preset strategy. The configuration, control strategy, design and simulation analysis of the regional security and stability control system for Songbai power grid are presented in this paper. Results show that the security and stability control system can guarantee security and stable operation of power grid and improve the power supply ability of Songbai power grid.

  20. A Review of Cyber-Physical Energy System Security Assessment

    DEFF Research Database (Denmark)

    Rasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde

    2017-01-01

    to the consumption side. This transition entails that the future power system evolves into a complex cyber-physical energy system (CPES) with strong interactions between the power, communication and neighboring energy systems. Current power system security assessment methods are based on centralized computation...... and N-1 contingencies, while these risks should still be considered in the future CPES, additional factors are affecting the system security. This paper serves as a review of the challenges entailed by transforming the power system into a CPES from a security assessment perspective. It gives...... an indication of theoretical solutions to CPES challenges and proposes a new framework for security assessment in CPES....

  1. Security administration plan for HANDI 2000 business management system

    Energy Technology Data Exchange (ETDEWEB)

    Wilson, D.

    1998-09-29

    This document encompasses and standardizes the integrated approach for security within the PP and Ps applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document`s acceptance and will provide guidance through implementation efforts and, as a ``living document`` will support the operations and maintenance of the system.

  2. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  3. Hardware mechanisms and their implementations for secure embedded systems

    OpenAIRE

    QIN, JIAN

    2005-01-01

    Security issues appearing in one or another form become a requirement for an increasing number of embedded systems. Those systems, which will be used to capture, store, manipulate, and access data with a sensitive nature, have posed several unique and urgent challenges. The challenges to those embedded system require new approaches to security covering all aspects of embedded system design from architecture, implementation to the methodology. However, security is always treated by embedded sy...

  4. Credibility and Security of Weighing System for Large Structure Object

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    The weighing system designed for large structure object is mainly composed of three parts. The part of hydraulic system is made up of hydraulic cylinders, high pressure hydraulic hoses and electric pumps; the part of computer controlling system comprises pressure sensors, displacement sensors, data acquisitions, RS 485 network and the computer controlling model; the part of loading system is composed of the fulcrum structure and the concrete girder. The measurement principle and composition of the weighing system are discussed in this paper. Credibility and security of the weighing system are fully considered during the design phase. The hydraulic system is controlled by pilot operated check valves in case of the sudden loss of system pressure. The states of all gauges and RS485 network are monitored by computer controlling system functioning in different modules. When the system is running incorrectly, it will be switched to manual mode and givealarm. The finite element method is employed to analyze fulcrum structure so that the system has enough intensity to be lifted. Hence the reliability of the whole system is enhanced.

  5. An Access Control Model of Virtual Machine Security

    Directory of Open Access Journals (Sweden)

    QIN Zhong-yuan

    2013-07-01

    Full Text Available Virtualization technology becomes a hot IT technolo gy with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most con cerned. In this paper an access control model is proposed which combines the Chinese Wall a nd BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall security model. This model can be used to safely co ntrol the resources and event behaviors in virtual machines. Experimental results show its eff ectiveness and safety.

  6. Secure Communication and Access Control for Mobile Web Service Provisioning

    CERN Document Server

    Srirama, Satish Narayana

    2010-01-01

    It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.

  7. Optimization of power systems with voltage security constraints

    Science.gov (United States)

    Rosehart, William Daniel

    As open access market principles are applied to power systems, significant changes in their operation and control are occurring. In the new marketplace, power systems are operating under higher loading conditions as market influences demand greater attention to operating cost versus stability margins. Since stability continues to be a basic requirement in the operation of any power system, new tools are being considered to analyze the effect of stability on the operating cost of the system, so that system stability can be incorporated into the costs of operating the system. In this thesis, new optimal power flow (OPF) formulations are proposed based on multi-objective methodologies to optimize active and reactive power dispatch while maximizing voltage security in power systems. The effects of minimizing operating costs, minimizing reactive power generation and/or maximizing voltage stability margins are analyzed. Results obtained using the proposed Voltage Stability Constrained OPF formulations are compared and analyzed to suggest possible ways of costing voltage security in power systems. When considering voltage stability margins the importance of system modeling becomes critical, since it has been demonstrated, based on bifurcation analysis, that modeling can have a significant effect of the behavior of power systems, especially at high loading levels. Therefore, this thesis also examines the effects of detailed generator models and several exponential load models. Furthermore, because of its influence on voltage stability, a Static Var Compensator model is also incorporated into the optimization problems.

  8. Instrumentation, Control, and Intelligent Systems

    Energy Technology Data Exchange (ETDEWEB)

    2005-09-01

    Abundant and affordable energy is required for U.S. economic stability and national security. Advanced nuclear power plants offer the best near-term potential to generate abundant, affordable, and sustainable electricity and hydrogen without appreciable generation of greenhouse gases. To that end, Idaho National Laboratory (INL) has been charged with leading the revitalization of nuclear power in the U.S. The INL vision is to become the preeminent nuclear energy laboratory with synergistic, world-class, multi-program capabilities and partnerships by 2015. The vision focuses on four essential destinations: (1) Be the preeminent internationally-recognized nuclear energy research, development, and demonstration laboratory; (2) Be a major center for national security technology development and demonstration; (3) Be a multi-program national laboratory with world-class capabilities; (4) Foster academic, industry, government, and international collaborations to produce the needed investment, programs, and expertise. Crucial to that effort is the inclusion of research in advanced instrumentation, control, and intelligent systems (ICIS) for use in current and advanced power and energy security systems to enable increased performance, reliability, security, and safety. For nuclear energy plants, ICIS will extend the lifetime of power plant systems, increase performance and power output, and ensure reliable operation within the system's safety margin; for national security applications, ICIS will enable increased protection of our nation's critical infrastructure. In general, ICIS will cost-effectively increase performance for all energy security systems.

  9. Secure Wireless Embedded Systems Via Component-based Design

    DEFF Research Database (Denmark)

    Hjorth, Theis S.; Torbensen, R.

    2010-01-01

    This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure...... communication component for distributed wireless embedded devices. The components communicate using the Secure Embedded Exchange Protocol (SEEP), which has been designed for flexible trust establishment so that small, resource-constrained, wireless embedded systems are able to communicate short command messages...

  10. Secure wireless embedded systems via component-based design

    DEFF Research Database (Denmark)

    Hjorth, T.; Torbensen, R.

    2010-01-01

    This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure...... communication component for distributed wireless embedded devices. The components communicate using the Secure Embedded Exchange Protocol (SEEP), which has been designed for flexible trust establishment so that small, resource-constrained, wireless embedded systems are able to communicate short command messages...

  11. STAFF PERFORMANCE CONTROL AND SECURITY OF CORPORATE INFORMATION RESOURCES

    Directory of Open Access Journals (Sweden)

    Elena Alexandrovna MAXIMOVA

    2014-01-01

    Full Text Available The paper considered the study of corporate manpower’ operation and information security for corporate data resources that evidenced necessity of controlling opera-tion of employees for both productive work performance and the secured corporate database as well. The study suggested the monitoring of work performance’ efficien-cy in the staff done with a specific technique, with a symbolic model drafted for soft wiring.

  12. Security System for Mobile Voting with Biometrics

    Directory of Open Access Journals (Sweden)

    Laurentiu Marinescu

    2015-09-01

    Full Text Available For centuries, voting has been a democratic right and way to choose our politicians. Nowadays, the voting process became a major issue in order to avoid crucial vulnerabilities like multiple voting, missing ballot papers, electoral fraud and miscount votes in an election. To prevent those leaks in our current voting system and to improve other factors like time-consuming and reducing cost of resources, I decided to implement a secured mobile voting system on android.In today’s era, the number of people that possess a smart-phone is larger and larger and also the advanced stage of technology can concur to a reliable solution for voting.The architecture of this system will contain the mobile application that need to be installed on a mobile device, also will contain a server to compute multiple operations (face detection, face recognition and matching the face with the existing ones, matching unique id of the smart-phone with the one stored in database based on user personal identification number and a server database. Firstly, an introduction about the subject and system is presented. Problem formulation will contain a research about this topic. Solution of the problem is presented in four subsections: architecture of the system, implementation, face recognition verifier and other solutions.

  13. Exploration of Provincial and Regional Two Level Substation Security Risk Prevention and Control System Construction%省地两级变电站安防风险防控体系建设探索

    Institute of Scientific and Technical Information of China (English)

    肖安南; 张城玮; 戴先玉

    2013-01-01

    Through establishing standardized the maintenance management system of security system , se-curity risk classification management and neural network risk early warning are implemented , in two level of province and region setting risk analysis , online inspection and field monitoring officers .Effectively tracking the rectification results , to achieve closed-loop management , the level of substation security risk prevention and control is improved .%通过建立规范化的安防系统运维管理体系,实行安防风险分类管理、神经网络风险预警,在省地两级均设置风险分析、在线稽查和现场监控专责人员。有效跟踪隐患整改结果,实现问题的闭环管理,提高变电站安防风险防控水平。

  14. Multiagent voltage and reactive power control system

    Directory of Open Access Journals (Sweden)

    I. Arkhipov

    2014-12-01

    Full Text Available This paper is devoted to the research of multiagent voltage and reactive power control system development. The prototype of the system has been developed by R&D Center at FGC UES (Russia. The control system architecture is based on the innovative multiagent system theory application that leads to the achievement of several significant advantages (in comparison to traditional control systems implementation such as control system efficiency enhancement, control system survivability and cyber security.

  15. Health security and disease control: lessons from Mexico.

    Science.gov (United States)

    Frenk, Julio; Gómez-Dantés, Octavio

    2011-12-30

    This paper discusses the controversy between top-down, disease-focused, vertical programs, on the one hand, and activities that have been horizontally integrated into health services, on the other, using as a reference the public health initiatives developed in Mexico in the context of a recent comprehensive health care reform. The main message is that it is possible to achieve a synthesis between vertical and horizontal strategies, and also between public health and personal health care programs. Public health and personal care are the two sides of the health system coin, and both are central to a comprehensive concept of health security. Investments in epidemiological surveillance and response clearly contribute to the control of threats facing nation-states, such as pandemics and biological warfare. At the same time, investments in the protection of individuals from threats that endanger their health would also make our world a safer place.

  16. Secure Communication System Basedon Chaosin Optical Fibre

    Institute of Scientific and Technical Information of China (English)

    Pak L Chu; Fan Zhang; William Mak; Robust Lai

    2003-01-01

    @@ 1 Introduction Recently, there have been intense research activities on the study of synchronized chaos generated by fibre lasers [1] and its application to secure communication systems . So far, all studies concentrate on two aspects:[2].So far,all studies concentrate on two aspects:(1) the effect of the transmission channel between the transmitter and the receiver has been neglected, and (2)the chaos and the signal are carried by one wavelength.Both theoretical and experimental investigations make these two assumptions. In the experiments, the transmission fibre is invariably short, in the order of tens of metres. Hence its dispersion and nonlinear effects are negligible. The fibre laser responsible for the generation of chaos is often designed to lase at one wavelength only.

  17. Education Organization Baseline Control Protection and Trusted Level Security

    Directory of Open Access Journals (Sweden)

    Wasim A. Al-Hamdani

    2007-12-01

    Full Text Available Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and the National Institution of Standards and Technology.All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA – and release some personal information.The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services has very special characteristics other than an enterprise or comparative organizationThis paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards, Testing and Modifying (if needed.

  18. The method of a joint intraday security check system based on cloud computing

    Science.gov (United States)

    Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

    2017-01-01

    The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

  19. Security Analysis of the Electronic Management System for a Total Site Utility System

    DEFF Research Database (Denmark)

    Manso Cortes, Oscar

    2016-01-01

    This paper presents the Security Analysis of the Electronic Management System (EMS) of a Total Site Utility System as proposed under the scope of the Efenis project. The Efenis project has been funded by the European Commission via the seventh framework programme (EC FP7) with the aim to improve...... process integration by applying novel methods of total site targeting. 16 different international partners, including 10 academic institutions and 6 industrial companies, have been participating in this project. A model of the EMS system is presented with the aim to integrate it on a Total Site Utility...... System in order to achieve a reliable implementation capable of accomplishing the mission of the Efenis project. The results also provide the design, implementation and deployment of a modular security system that helps to provide the security controls recommended during the analysis....

  20. A Calculus for Control Flow Analysis of Security Protocols

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Nielson, Hanne Riis; Nielson, Flemming

    2004-01-01

    analysis methodology. We pursue an analysis methodology based on control flow analysis in flow logic style and we have previously shown its ability to analyse a variety of security protocols. This paper develops a calculus, LysaNS that allows for much greater control and clarity in the description...

  1. A novel anti-theft security system for photovoltaic modules

    Science.gov (United States)

    Khan, Wasif Ali; Lim, Boon-Han; Lai, An-Chow; Chong, Kok-Keong

    2017-04-01

    Solar farms are considered as easy target for thieves because of insufficient protection measures. Existing anti-theft approaches are based on system level and are not very preventive and efficient because these can be bypassed with some technical knowledge. Additionally, it is difficult for security guards to tackle them as robbers come in a form of a gang equipped with heavy weapons. In this paper, a low power auto shut-off and non-destructive system is proposed for photovoltaic (PV) modules to achieve better level of security at module level. In proposed method, the power generation function of the PV module will be shut-off internally and cannot be re-activated by unauthorized personnel, in the case of theft. Hence, the PV module will not be functional even sold to new customers. The system comprises of a microcontroller, a low power position sensor, a controllable semiconductor switch and a wireless reactive-able system. The anti-theft system is developed to be laminated inside PV module and will be interconnected with solar cells so it becomes difficult for thieves to temper. The position of PV module is retrieved by position sensor and stored in a microcontroller as an initial reference value. Microcontroller uses this stored reference value to control power supply of PV module via power switch. The stored reference value can be altered using wireless circuitry by following authentication protocol. It makes the system non-destructive as anti-theft function can be reset again by authorized personnel, if it is recovered after theft or moved for maintenance purposes. The research component includes the design of a position sensing circuit, an auto shut-off circuit, a reactive-able wireless security protection algorithm and finally the integration of the multiple circuits.

  2. Air quality in quarters and system of personal security

    Directory of Open Access Journals (Sweden)

    L.L. Goshka

    2010-10-01

    Full Text Available In the article climatic systems are considered as systems of personal security. Roles of State, building proprietors, inhabitants in the formation of climate favorable for health are analysed. Regulated heat and air conditioning systems are considered particularly, because they can give personal security in temperature.

  3. Android Based Total Security for System Authentication

    Directory of Open Access Journals (Sweden)

    Mithil Vasani

    2015-04-01

    Full Text Available In this Paper [5], A highly severe menace to any computing device is the impersonation of an authenticate user. The most frequent computer authentication scheme is to use alphanumerical usernames and passwords. But the textual passwords are prone to dictionary attacks, eves dropping, shoulder surfing and social engineering. As such, graphical passwords have been introduced as an alternative to the traditional authentication process. Though the graphical password schemes provide a way of making more user friendly passwords, while increasing the level of security, they are vulnerable to shoulder surfing. To address this problem, text can be used in combination with the colors and images to generate the session passwords, thereby making a stronger authentication means. In general, session passwords are those that can be used only once and for every new session, a new password is engendered. This paper [7] describes a method of implementing two factor authentication using mobile phones. The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. The proposed system involves using a mobile phone as a software token for One Time Password generation. The generated One Time Password is valid for only a short user defined period of time and is generated by factors that are unique to both, the user and the mobile device itself. Additionally, an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. The proposed method has been implemented and tested. Initial results show the success of the proposed method.

  4. Common Control System Vulnerability

    Energy Technology Data Exchange (ETDEWEB)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an

  5. Secure Wireless Communication and Optimal Power Control under Statistical Queueing Constraints

    CERN Document Server

    Qiao, Deli; Velipasalar, Senem

    2010-01-01

    In this paper, secure transmission of information over fading broadcast channels is studied in the presence of statistical queueing constraints. Effective capacity is employed as a performance metric to identify the secure throughput of the system, i.e., effective secure throughput. It is assumed that perfect channel side information (CSI) is available at both the transmitter and the receivers. Initially, the scenario in which the transmitter sends common messages to two receivers and confidential messages to one receiver is considered. For this case, effective secure throughput region, which is the region of constant arrival rates of common and confidential messages that can be supported by the buffer-constrained transmitter and fading broadcast channel, is defined. It is proven that this effective throughput region is convex. Then, the optimal power control policies that achieve the boundary points of the effective secure throughput region are investigated and an algorithm for the numerical computation of t...

  6. System security assessment in real-time using synchrophasor measurements

    DEFF Research Database (Denmark)

    Jóhannsson, Hjörtur; Wache, Markus

    2013-01-01

    assessment and sheds light on ongoing research activities that focus on exploiting wide-area synchrophasor measurements for real-time security assessment of sustainable power systems. At last, an mathematical mapping enabling informative visualization of the system state in respect to aperiodic rotor angle...... measures to ensure stable and secure operation of the system are necessary. Time stamped synchrophasor measurements lay the foundation for development of new real-time applications for security and stability assessment. The paper provides overview of existing solutions for synchrophasor based security...

  7. Henon CSK Secure Communication System Using Chaotic Turbo Codes

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    In this paper,the authors design a novel chaotic secure communication system, which has high security and good errorcorrecting capability. Firstly, the Henon Chaos Shift Keying (CSK) modulation block is presented. Secondly,chaotic turbo encod er/decoder (hard decision) is introduced. Thirdly, this chaotic secure communication system, which comprises the Henon CSK modulation block and chaotic turbo en coder in a serially concatenated form, is shown. Furthermore, a novel two step encryption scheme is proposed, which is based on the chaotic turbo e ncoded Henon CSK secure communication system.

  8. Hierarchical Policy Model for Managing Heterogeneous Security Systems

    Science.gov (United States)

    Lee, Dong-Young; Kim, Minsoo

    2007-12-01

    The integrated security management becomes increasingly complex as security manager must take heterogeneous security systems, different networking technologies, and distributed applications into consideration. The task of managing these security systems and applications depends on various systems and vender specific issues. In this paper, we present a hierarchical policy model which are derived from the conceptual policy, and specify means to enforce this behavior. The hierarchical policy model consist of five levels which are conceptual policy level, goal-oriented policy level, target policy level, process policy level and low-level policy.

  9. Implementation of Secured Car Parking Management System Using Verilog HDL

    Directory of Open Access Journals (Sweden)

    Bhavana CHENDIKA

    2015-07-01

    Full Text Available Present days usage of motor vehicles are increased day by day, it causes the pollution, traffic congestion and parking place problems. In this paper we proposed a secured car parking management system using Verilog HDL. This system has two main modules Module-1: Slot identification for parking and LCD display screens, Module-2: Security indicator will provide security to the car, if unauthorized person want to vacant the car. These modules are modeled in Verilog HDL and implemented on FPGA.

  10. Implementing message systems in multilevel secure environments: Problems and approaches

    Science.gov (United States)

    Martins, G. R.; Gaines, R. S.

    1982-07-01

    A study of the problems of building multilevel secure message systems. The need for such systems in the government and commercial sectors is growing. Designs are strongly affected by (1) the granularity of security protection (at the level of folders, messages, paragraphs, or words) and (2) planned departures from the Bell-LaPadula security model, for user convenience. A Taxonomy of design alternatives is defined, and 16 specific approaches are described and compared.

  11. System security in the space flight operations center

    Science.gov (United States)

    Wagner, David A.

    1988-01-01

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

  12. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    CERN Document Server

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  13. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  14. Building Safe and Secure Systems with AADL

    Science.gov (United States)

    2015-02-15

    Deadlock/starvation Latency Resource Consumption Bandwidth CPU time Power consumption Data precision/ accuracy Temporal correctness Confidence Data...University Security Policy Verification Component integration and composition Partitions share the same level with their tasks Partitions contain objects at...the same security level Communication Policies Communication share the same level A shared device manages objects at the same level 21 AADL meeting

  15. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  16. Deception used for Cyber Defense of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  17. Research of data transmission security in videoconference system

    Institute of Scientific and Technical Information of China (English)

    LIU Yan-long; WANG Chun-lei; SUN Zhi-tao

    2007-01-01

    Many coal enterprises have built the videoconference systems on their LAN(Local Area Network). As the development of these enterprises, their organizations are distributed over our country and even over the world. Therefore, the videoconference systems have to run over WAN (Wide Area Network). Normally, the structure of a videoconference system is center_division including MCU (multi control unit) and participants. No QoS and security assurance are available now because all videoconference system is based on TCP/IP. Therefore, the system stability is absolutely depended on the Network.This paper discussed how to anti ARP attacking. The method discussed in this paper is based on TCP/IP.

  18. IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION

    Directory of Open Access Journals (Sweden)

    MATÚŠ HORVÁTH

    2009-12-01

    Full Text Available Information security should be today a key issue in any organization. With the implementation of information security management system (ISMS the organization can identify and reduce risks in this area. This the area of information security management covers a numbers of ISO / IEC 27000 standards, which are based on best practice solutions. However, smaller organizations are often discourages with the implementation of these systems, because of fear of high cost and complexity. Especially due to the fact that the standards does not strictly require implementation of all security controls it is possible to implement these systems in small-size organizations. In this article, we want to point on this fact through describing practical experience with ISMS implementation in small-size organization.

  19. A secure and synthesis tele-ophthalmology system.

    Science.gov (United States)

    Wei, Zhuo; Wu, Yongdong; Deng, Robert H; Yu, Shengsheng; Yao, Haixia; Zhao, Zhigang; Ngoh, Lek Heng; Han, Lim Tock; Poh, Eugenie W T

    2008-10-01

    This paper describes a secure and synthesis ophthalmology telemedicine system, referred to as TeleOph. Under a Secure Socket Layer (SSL) channel, patient prerecorded data can be safely transferred via the Internet. With encrypted videoconference and white-board, the system not only supports hospital-to-clinic consultation, but also supplies hospital-tohospital joint discussion. Based on Directshow technology (Microsoft Corporation, Redmond, WA), video cameras connected to the computer by firewire can be captured and controlled to sample video data. By using TWAIN technology, the system automatically identifies networked still cameras (on fundus and slitlamp devices) and retrieves images. All the images are stored in a selected format (such as JPEG, DICOM, BMP). Besides offline-transferring prerecorded data, the system also supplies online sampling of patient data (real-time capturing from remote places). The system was deployed at Tan Tock Seng Hospital, Singapore and Ang Mo Kio, Singapore, where 100 patients were enrolled in the system for examination. TeleOph can be successfully used for patient consultation, and hospital joint discussion. Meanwhile, TeleOph can supply both offline and online sampling of patient data.

  20. A Survey of Security of Multimodal Biometric Systems

    Directory of Open Access Journals (Sweden)

    Suvarnsing G. Bhable

    2015-12-01

    Full Text Available A biometric system is essentially a pattern recognition system being used in adversarial environment. Since, biometric system like any conventional security system is exposed to malicious adversaries, who can manipulate data to make the system ineffective by compromising its integrity. Current theory and design methods of biometric systems do not take into account the vulnerability to such adversary attacks. Therefore, evaluation of classical design methods is an open problem to investigate whether they lead to design secure systems. In order to make biometric systems secure it is necessary to understand and evaluate the threats and to thus develop effective countermeasures and robust system designs, both technical and procedural, if necessary. Accordingly, the extension of theory and design methods of biometric systems is mandatory to safeguard the security and reliability of biometric systems in adversarial environments.

  1. A Secure Key Management Scheme for Heterogeneous Secure Vehicular Communication Systems

    Institute of Scientific and Technical Information of China (English)

    SUN Zhili

    2016-01-01

    Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular commu⁃nication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key manage⁃ment schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The security managers (SMs) play a key role in the framework by retrieving the vehicle departure information, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more efficient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effective⁃ness and efficiency of the proposed framework: Our GKM results demonstrate that probability⁃based BR reduces rekeying cost compared to the benchmark scheme, while the blockchain decreases the time cost of key transmission over heterogeneous net⁃works.

  2. Development of an Attack-Resistant and Secure SCADA System using WSN, MANET, and Internet

    Directory of Open Access Journals (Sweden)

    N. Rajesh kumar

    2014-06-01

    Full Text Available Industrial Control Systems (ICS are open to security attacks when they are integrated with IT systems and wireless technologies for enhanced processing and remote control. These Critical Infrastructures (CIs are highly important as they provide service for an entire nation and causes serious danger even when interrupted for a while. Some of the common SCADA (Supervisory Control and Data Acquisition systems involve energy and water distribution systems. In this paper, the energy distribution SCADA system comprising several substations is considered. A secure framework is proposed that combines the energy control system with Wireless Sensor Networks (WSNs, Mobile Ad hoc Networks (MANETs, and the Internet, providing anomaly prevention and status management. SCADA attacks occur at the state estimators of the power systems which are used to route power flows and detect faulty devices. These estimators are located in the SCADA control center which is a sensitive area and measurements must be transmitted over a secure communication channel. The attack-resistance of the SCADA system is enhanced by increasing the hardness and complexity of the attack problem. The Attack-Resistant and Secure (ARS SCADA system is evaluated against existing techniques like NAMDIA (Network-Aware Mitigation of Data Integrity Attacks, Retrofit IDS (Intrusion Detection System, and CSBF (Critical State-Based Filtering for enhancing the attack-resistance and security of SCADA systems. It is found that the performance of ARS SCADA system is good compared to the existing methods in terms of maximum normalized attack impact and latency.

  3. Proposal of SNS Membership Qualification System for Information Security

    OpenAIRE

    佐藤, 直; 岡田, 康義; Naoshi, SATO; Yasuyoshi, OKADA; 情報セキュリティ大学院大学 情報セキュリティ研究科; Institute of Information Security

    2013-01-01

    For assuring information security of SNS, the paper proposes introducing the SNS membership qualification system which uses 3 types of licenses and certifications; SNS membership license, security inspection certificate and access visa. It further describes related organization and operating image of the proposed system, and finally discusses effects and issues on the proposal from technical and sociological viewpoints.

  4. Towards an automated security awareness system in a virtualized environment

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2012-07-01

    Full Text Available virtualized system used to determine the current security awareness levels of users on a shared platform accessing the Internet. The system uses virtual machines to provide users with access to the Internet, assess the security awareness levels of the users...

  5. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  6. Physical layer approaches for securing wireless communication systems

    CERN Document Server

    Wen, Hong

    2013-01-01

    This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

  7. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  8. Securing Information Systems in an Uncertain World Enterprise Level Security (Invited Paper

    Directory of Open Access Journals (Sweden)

    William R. Simpson

    2016-04-01

    Full Text Available Increasing threat intrusions to enterprise computing systems have led to a formulation of guarded enterprise systems. The approach was to put in place steel gates and prevent hostile entities from entering the enterprise domain. The current complexity level has made the fortress approach to security implemented throughout the defense, banking, and other high trust industries unworkable. The alternative security approach presented in this paper is the result of a concentrated fourteen year program of pilots and research. Its distributed approach has no need for passwords or accounts and derives from a set of tenets that form the basic security model requirements. At each step in the process it determines identities and claims for access and privileges. These techniques are resilient, secure, extensible, and scalable. They are currently being implemented for a major enterprise, and are a candidate for other enterprise security approaches. This paper discusses the Enterprise Level Security architecture, a web-based security architecture designed to select and incorporate technology into a cohesive set of policies and rules for an enterprise information system. The paper discusses the history, theoretical underpinnings, implementation decisions, current status, and future plans for expansion of capabilities and scale.

  9. Department of Energy security program needs effective information systems

    Energy Technology Data Exchange (ETDEWEB)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program.

  10. COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

    Directory of Open Access Journals (Sweden)

    Nisha Mariam Varughese

    2014-07-01

    Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

  11. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Science.gov (United States)

    2010-05-19

    ... Transportation Security Administration. Information in this system also includes records related to the... occurred during passenger or property screening would be covered by this system. Portions of this system... information system of records has been compromised. Another routine use permits the release of information to...

  12. Communication, control and security challenges for the smart grid

    CERN Document Server

    Muyeen, SM

    2017-01-01

    The Smart Grid is a modern electricity grid allowing for distributed, renewable intermittent generation, partly owned by consumers. This requires advanced control and communication technologies in order to provide high quality power supply and secure generation, transmission and distribution. This book outlines these emerging technologies.

  13. Windows And Linux Operating Systems From A Security Perspective

    CERN Document Server

    Bassil, Youssef

    2012-01-01

    Operating systems are vital system software that, without them, humans would not be able to manage and use computer systems. In essence, an operating system is a collection of software programs whose role is to manage computer resources and provide an interface for client applications to interact with the different computer hardware. Most of the commercial operating systems available today on the market have buggy code and they exhibit security flaws and vulnerabilities. In effect, building a trusted operating system that can mostly resist attacks and provide a secure computing environment to protect the important assets of a computer is the goal of every operating system manufacturer. This paper deeply investigates the various security features of the two most widespread and successful operating systems, Microsoft Windows and Linux. The different security features, designs, and components of the two systems are to be covered elaborately, pin-pointing the key similarities and differences between them. In due ...

  14. Cyber Security Test Strategy for Non-safety Display System

    Energy Technology Data Exchange (ETDEWEB)

    Son, Han Seong [Joongbu University, Geumsan (Korea, Republic of); Kim, Hee Eun [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber security has been a big issue since the instrumentation and control (I and C) system of nuclear power plant (NPP) is digitalized. A cyber-attack on NPP should be dealt with seriously because it might cause not only economic loss but also the radioactive material release. Researches on the consequences of cyber-attack onto NPP from a safety point of view have been conducted. A previous study shows the risk effect brought by initiation of event and deterioration of mitigation function by cyber terror. Although this study made conservative assumptions and simplifications, it gives an insight on the effect of cyber-attack. Another study shows that the error on a non-safety display system could cause wrong actions of operators. According to this previous study, the failure of the operator action caused by a cyber-attack on a display system might threaten the safety of the NPP by limiting appropriate mitigation actions. This study suggests a test strategy focusing on the cyber-attack on the information and display system, which might cause the failure of operator. The test strategy can be suggested to evaluate and complement security measures. Identifying whether a cyber-attack on the information and display system can affect the mitigation actions of operator, the strategy to obtain test scenarios is suggested. The failure of mitigation scenario is identified first. Then, for the test target in the scenario, software failure modes are applied to identify realistic failure scenarios. Testing should be performed for those scenarios to confirm the integrity of data and to assure effectiveness of security measures.

  15. Evaluation of a Cyber Security System for Hospital Network.

    Science.gov (United States)

    Faysel, Mohammad A

    2015-01-01

    Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

  16. SECURES: system for reporting gunshots in urban environments

    Science.gov (United States)

    Page, Edward A.; Sharkey, Brian

    1995-05-01

    SECURESTM (System for the Effective Control of Urban Environment Security) is being developed to support local law enforcement in the critical problem of gun-related violence on America's streets. Once deployed, SECURES will instantaneously detect, recognize, and pinpoint the location of gunfire, and transmit this finding to the police dispatcher or directly to scout cars in the vicinity. Local law enforcement and trauma care resourses will be able to respond quickly, thereby dramatically increasing the probability of arrest of the gunman and survival of the victim. SECURES will employ an air-acoustic detection grid composed of small, low-cost, battery powered sensor modules, called Pole Units. These modules will be located on utility poles and buildings primarily at city block intersections, and consists of an acoustic sensor, signal processing electronics, and a transmitter. Development efforts have concentrated on i) developing and testing algorithms capable of identifying gunshots with an extremely low false alarm rate, ii) developing ultra- low power electronics capable of reliable operation for long periods in outdoor environments, and iii) determining the RF communications design. Pole Unit prototype electronics and gunshot identification algorithms have been developed and successfully tested on an extensive database of recorded gunshots and background noises.

  17. Advanced Technologies for Intelligent Systems of National Border Security

    CERN Document Server

    Simek, Krzysztof; Świerniak, Andrzej

    2013-01-01

    One of the world’s leading problems in the field of national security is protection of borders and borderlands. This book addresses multiple issues on advanced innovative methods of multi-level control of both ground (UGVs) and aerial drones (UAVs). Those objects combined with innovative algorithms become autonomous objects capable of patrolling chosen borderland areas by themselves and automatically inform the operator of the system about potential place of detection of a specific incident. This is achieved by using sophisticated methods of generation of non-collision trajectory for those types of objects and enabling automatic integration of both ground and aerial unmanned vehicles. The topics included in this book also cover presentation of complete information and communication technology (ICT) systems capable of control, observation and detection of various types of incidents and threats. This book is a valuable source of information for constructors and developers of such solutions for uniformed servi...

  18. A REVIEW on EFFICIENT MUTUAL AUTHENTICATION RFID SYSTEM SECURITY ANALYSIS

    Directory of Open Access Journals (Sweden)

    S.Vijay Anand

    2013-02-01

    Full Text Available This article describes the technical fundamentals of RFID systems and the associated standards. Specifically, it addresses the security and privacy aspects of this relatively new and heterogeneous Radio Technology. It relates the security requirements, threats and the implemented mechanisms. Then the current security and privacy proposals and their enhancements are presented. This paper would be a useful reference article for beginners as well as experts.

  19. Evaluation on Electronic Securities Settlements Systems by AHP Methods

    Science.gov (United States)

    Fukaya, Kiyoyuki; Komoda, Norihisa

    Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

  20. Enhancing Information Systems Security in Educational Organizations in KSA through proposing security model

    Directory of Open Access Journals (Sweden)

    Hussain A.H. Awad

    2011-09-01

    Full Text Available It is well known that technology utilization is not restricted for one sector than the other anymore, Educational organizations share many parts of their information systems with commercial organizations. In this paper we will try to identify the main characteristics of information systems in educational organizations, then we will propose a model of two parts to enhance the information systems security, the first part of the model will handle the policy and laws of the information system, the second part will provide a technical approach on how to audit and subsequently maintain the security of information system.

  1. System for Secure Integration of Aviation Data

    Science.gov (United States)

    Kulkarni, Deepak; Wang, Yao; Keller, Rich; Chidester, Tom; Statler, Irving; Lynch, Bob; Patel, Hemil; Windrem, May; Lawrence, Bob

    2007-01-01

    The Aviation Data Integration System (ADIS) of Ames Research Center has been established to promote analysis of aviation data by airlines and other interested users for purposes of enhancing the quality (especially safety) of flight operations. The ADIS is a system of computer hardware and software for collecting, integrating, and disseminating aviation data pertaining to flights and specified flight events that involve one or more airline(s). The ADIS is secure in the sense that care is taken to ensure the integrity of sources of collected data and to verify the authorizations of requesters to receive data. Most importantly, the ADIS removes a disincentive to collection and exchange of useful data by providing for automatic removal of information that could be used to identify specific flights and crewmembers. Such information, denoted sensitive information, includes flight data (here signifying data collected by sensors aboard an aircraft during flight), weather data for a specified route on a specified date, date and time, and any other information traceable to a specific flight. The removal of information that could be used to perform such tracing is called "deidentification." Airlines are often reluctant to keep flight data in identifiable form because of concerns about loss of anonymity. Hence, one of the things needed to promote retention and analysis of aviation data is an automated means of de-identification of archived flight data to enable integration of flight data with non-flight aviation data while preserving anonymity. Preferably, such an automated means would enable end users of the data to continue to use pre-existing data-analysis software to identify anomalies in flight data without identifying a specific anomalous flight. It would then also be possible to perform statistical analyses of integrated data. These needs are satisfied by the ADIS, which enables an end user to request aviation data associated with de-identified flight data. The ADIS

  2. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  3. Microcontroller Based Home Security and Load Controlling Using Gsm Technology

    OpenAIRE

    Mustafijur Rahman; A. H. M. Zadidul Karim; Sultanur Nyeem; Faisal Khan; Golam Matin

    2015-01-01

    "Home automation" referred to as 'Intelligent home' or 'automated home', indicates the automation of daily tasks with electrical devices used in homes. This could be the control of lights or more complex chores such as remote viewing of the house interiors for surveillance purposes. The emerging concept of smart homes offers a comfortable, convenient and safe and secure environment for occupants. These include automatic load controlling, fire detection, temperature sensing, and motion detecti...

  4. Design of an information system for the Security Department of Lawrence Livermore Laboratory

    Energy Technology Data Exchange (ETDEWEB)

    Reid, W.R.

    1978-12-01

    The main objective of this project is to show the development and design of an information system to meet the needs and requirements of the Security Department of Lawrence Livermore Laboratory (LLL). The information system is designed to use data collected by the CAIN Access Control System and to provide Security with reliable and useful reports. These reports are designed to increase the efficiency of the Security Department in performing its functions as well as to automate several manual procedures. The project design is created to be implemented using computer facilities available at LLL and adhering to standards of the Data Processing Services Department.

  5. Cyber Security Scenarios and Control for Small and Medium Enterprises

    Directory of Open Access Journals (Sweden)

    Nilaykumar Kiran SANGANI

    2012-01-01

    Full Text Available As the world advances towards the computing era, security threats keeps on increasing in the form of malware, viruses, internet attack, theft of IS assets / technology and a lot more. This is a major concern for any form of business. Loss in company’s status / liability / reputation is a huge downfall for a running business. We have witnessed the attacks getting carried out; large firm’s data getting breached / government bodies’ sites getting phished / attacked. These huge entities have technology expertise to safeguard their company’s interest against such attacks through investing huge amounts of capital in manpower and secure tools. But what about SMEs? SMEs enrich a huge part of the country’s economy. Big organizations have their own security measures policy which ideally is not applied when it comes to a SME. The aim of this paper is to come out with an Information Security Assurance Cyber Control for SMEs (ISACC against common cyber security threats implemented at a cost effective measure.

  6. SECURE TRACKING AND TRANSPORT SYSTEM USING RWP AND GPS

    Directory of Open Access Journals (Sweden)

    Silky Verma

    2013-06-01

    Full Text Available In the present era where technology has become a part of our life, every day new applications are developed in every field to serve mankind. Many applications have been developed using GPS (globalpositioning system such as aquatic and spacecraft routing, surveying and mapping, precise time reference etc. GPS (global positioning system enables everyday activities such as banking, mobile phone operations, and even the control of power grids by allowing well harmonized hand-off switching and accurate time. The main contribution of this paper is tracking and transportation of object in a secured way using RWP and GPS. To assure the security of the tracking and tracing application we introduce a method to evaluate the one-hop distance between the target object and all the cooperative nodes in the object’s view. A key factor that increases the project’s accuracy and performance is GPS, a common example of wireless which can be interfaced to provide location and time information in all weather conditions. GPS has become a widely adopted and useful tool for commerce, scientific uses, tracking, and investigation. We control the ground session with RWP (random way point using AODV routing protocol. DOP (dilution of precision.

  7. Improved information security using robust Steganography system

    CERN Document Server

    Juneja, Mamta

    2010-01-01

    Steganography is an emerging area which is used for secured data transmission over any public media.Steganography is a process that involves hiding a message in an appropriate carrier like image or audio. It is of Greek origin and means "covered or hidden writing". The carrier can be sent to a receiver without any one except the authenticated receiver knowing the existence of this information. In this paper, a specific image based steganography technique for communicating information more securely between two locations is proposed. The author incorporated the idea of secret key and password security features for authentication at both ends in order to achieve high level of security. As a further improvement of security level, the information has been permuted, encoded and then finally embedded on an image to form the stego image. In addition segmented objects extraction and reassembly of the stego image through normalized cut method has been carried out at the sender side and receiver side respectively in ord...

  8. Secure physical layer using dynamic permutations in cognitive OFDMA systems

    DEFF Research Database (Denmark)

    Meucci, F.; Wardana, Satya Ardhy; Prasad, Neeli R.

    2009-01-01

    This paper proposes a novel lightweight mechanism for a secure Physical (PHY) layer in Cognitive Radio Network (CRN) using Orthogonal Frequency Division Multiplexing (OFDM). User's data symbols are mapped over the physical subcarriers with a permutation formula. The PHY layer is secured...... of the permutations are analyzed for several DSA patterns. Simulations are performed according to the parameters of the IEEE 802.16e system model. The securing mechanism proposed provides intrinsic PHY layer security and it can be easily implemented in the current IEEE 802.16 standard applying almost negligible...

  9. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  10. SECURITY SYSTEM FOR DATA USING STEGANOGRAPHY AND CRYPTOGRAPHY (SSDSC

    Directory of Open Access Journals (Sweden)

    Ayman Wazwaz1

    2016-08-01

    Full Text Available Security System for Data using Steganography and Cryptography (SSDSC is a set of hardware and software components that will be used to send secured documents through the internet. Some of the software will be loaded into a microcontrollers in order to increase the complexity and security. The data will be encrypted using the Advanced Encryption Standard (AES algorithm with a key from the Raspberry PI microcontroller and hide it inside an image using Least Significant Bit (LSB algorithm, the data will be invisible. The image will be transmitted and received through the internet, the receivers will extract the hidden data from the image and decrypt it to have the original data with the image. Complicating the steps of hiding and encryption will reduce the possiblity of intrusin of secured documents, and the process will be trasparent to the user to increase security without affecting the normal steps and the behavior in secured documents exchange.

  11. SMS BASED REMOTE CONTROL SYSTEM

    Directory of Open Access Journals (Sweden)

    Reecha Ranjan Singh , Sangeeta Agrawal , Saurabh Kapoor ,S. Sharma

    2011-08-01

    Full Text Available A modern world contains varieties of electronic equipment and systems like: TV, security system, Hi-fi equipment, central heating systems, fire alarm systems, security alarm systems, lighting systems, SET Top Box, AC (Air Conditioner etc., we need to handle, ON/OFF or monitor these electrical devices remotely or to communicate with these but, if you are not at the home or that place and you want to communicate with these device. So the new technology for handled these devices remotely and for communication to required the GSM, mobile technology, SMS (short message service and some hardware resources. SMS based remote control for home appliances is beneficial for the human generation, because mobile is most recently used technology nowadays.

  12. Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

    Energy Technology Data Exchange (ETDEWEB)

    Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

    2015-04-01

    While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implemented a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.

  13. Hierarchical-partitioned Voltage Control Under Security Safeguard System of Microgrid%微电网安全防御体系下电压分层分区控制

    Institute of Scientific and Technical Information of China (English)

    张玮亚; 李永丽; 孙广宇; 靳伟; 李小叶

    2015-01-01

    现有微电网安全防御体系缺少保护和紧急控制与微电网局部和全局电压控制的配合方案,无法保障故障后的电压质量。针对接入大量分布式电源(DG)、含多公共连接点(PCC)的公共微电网,提出了一种微电网安全防御体系下电压分层分区控制(HPVC)方案,HPVC 基于电压控制型DG接收PCC区域控制器信号主动参与电压控制,以微电网保护动作完成故障切除时刻为界分两阶段完成:第1阶段控制区域孤岛形成前各分区 PCC 电压不超越相电压安全带,降低 DG 脱网几率;第2阶段实施具有相电压偏差反时限特性的自适应电压恢复控制,实现区域孤岛形成后各分区电压的平滑恢复,辅助微电网完成分区自愈及重新并网,解决了电压控制的“点—面”矛盾,实现了微电网安全防御体系下电压质量的全局综合优化。最后在Simulink中建立IEEE P1547.4典型微电网拓扑,仿真结果验证了该方案的有效性和可行性。%The existing security safeguard system of microgrid lacks complementary schemes between protection and emergency control and local and global voltage control,thus unable to meet the user demand for post-fault voltage quality.A voltage-controlled distributed generator (DG) based hierarchical-partitioned voltage control (HPVC) strategy for multiple DGs is proposed to solve the voltage quality problems for microgrid with single point of common coupling (PCC) and multiple PCCs. The strategy is implemented in two stages at the boundary of fault clearing.The first stage is aimed to control the phase voltage not exceeding the voltage security region before island-mode is formed,which requires low DG capacity and reduces the offline probability;the second stage introduces the inverse-time phase-voltage deviation control to recover the voltage after island-mode is developed,achieving zonal self-healing and restoring grid-connected mode,thereby solving the

  14. Security and Privacy in Cyber-Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.; MacDonald, Douglas G.; Crawford, Cary E.

    2016-08-30

    As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them across application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.

  15. Channels: Runtime System Infrastructure for Security-typed Languages

    Science.gov (United States)

    2008-10-01

    Department of the Air Force contract number FA8750-07-2- 0036. The U.S. Government has for itself and others acting on its behalf an unlimited, paid-up...8] B. Hicks, S. Rueda , T. Jaeger, and P. McDaniel. From trusted to secure: Building and executing applications that enforce system security. In

  16. Analysis and characterization of security regions in power systems

    Energy Technology Data Exchange (ETDEWEB)

    1979-01-01

    Progress is repoted in a study performed to investigate the concept of security regions in the context of power system security analysis. The background and motivation for this research, the results of 2 years of work, and proposed future studies are discussed. (LCL)

  17. Security analysis - from analytical methods to intelligent systems

    Energy Technology Data Exchange (ETDEWEB)

    Lambert-Torres, G.; Silva, A.P. Alves da; Ferreira, C. [Escola Federal de Engenharia de Itajuba, MG (Brazil); Mattos dos Reis, L.O. [Taubate Univ., SP (Brazil)

    1994-12-31

    This paper presents an alternative approach to Security Analysis based on Artificial Neural Network (ANN) techniques. This new technique tries to imitate the human brain and is based on neurons and synopses. A critical review of the ANN used in Power System Operation problem solving is made, while structures to solve the Security Analysis problems are proposed. (author) 7 refs., 4 figs.

  18. Microcontroller Protocol for Secure Broadcast in Controller Area Networks

    Directory of Open Access Journals (Sweden)

    B.Vijayalakshmi

    2014-04-01

    Full Text Available Controller Area Network is a bus commonly used by controllers inside vehicles and in various industrial control applications. In the past controllers were assumed to operate in secure perimeters, but today these environments are well connected to the outside world and recent incidents showed them extremely vulnerable to cyber-attacks. To withstand such threats, one can implement security in the application layer of CAN. Here we design, refine and implement a broadcast authentication protocol based on the well known paradigm of using key-chains and time synchronization, a commonly used Mechanism in wireless sensor networks, which allows us to take advantage from the use of symmetric primitives without the need of secret shared keys during broadcast. But, as process control is a time critical operation we make several refinements in order to improve on the authentication delay. For this we study several trade-offs to alleviate shortcomings on computational speed, memory and bandwidth up to the point of using reduced versions of hash functions that can assure ad hoc security. To prove the efficiency of the protocol

  19. Secure Remote Access Issues in a Control Center Environment

    Science.gov (United States)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  20. The Design and Realization of Household Intelligent Security System

    Directory of Open Access Journals (Sweden)

    Huang Sheng-Bo

    2016-01-01

    Full Text Available It is known that Smart home has brought great convenience to the lives of humans. However, we have attached quantities of interest in its security as the development of technology goes on. According to the security requirements at the moment, we introduce the scheme of smart home security system based on ZigBee, and design system hardware and software process. By applying a STC89C52 microcontroller, our system is able to accurately detect and give alarms automatically to house fire, harmful gases and thefts.