The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software-defined networking (SDN) addresses pressing networking problems such as network virtualization and data center complexity. By separating the control plane from the data plane, SDN introduces a new abstraction layer. This new abstraction layer is typically implemented by means of a so-called SDN controller. SDN applications can interact with the controller to ensure network functionality....
Programmable Logic Controllers are used for smart homes, in production processes or to control critical infrastructures. Modern industrial devices in the control level are often communicating over proprietary protocols on top of TCP/IP with each other and SCADA systems. The networks in which the controllers operate are usually considered as trustworthy and thereby they are not properly secured. Due...
As Supervisory Control and Data Acquisition (SCADA) and Industrial and Automation Control System (IACS) architectures became more open and interconnected, some of their remotely controlled processes also became more exposed to cyber threats. Aspects such as the use of mature technologies and legacy equipment or even the unforeseen consequences of bridging IACS with external networks have contributed...
Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in embedded devices. However, existing attestation schemes are either static and cannot detect control-flow attacks, or require instrumentation of software incurring high performance overheads. To overcome these limitations, we present LO-FAT, the first...
To support the flexibility and the different protocol operations and applications provided by today's internet, modern routers rely on high-performance reliable general-purpose multi-core packet processing systems. Such processing systems are programmable and have replaced the traditional fixed-logic hardware in the data path of such routers. This programmability introduces a lot of vulnerabilities...
Against the background of data explosion and cloud computing, this paper investigates a branch of the cloud computing technology which is known as VDI (virtual desktop infrastructure). Users can access data and information via cloud desktops with the endpoint devices. The paper studies OpenStack - a famous open-source cloud platform which has been widely used, and introduces a secure, optimized and...
To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address...
Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are...
Process Control Systems (PCSs) are the operating core of Critical Infrastructures (CIs). As such, anomaly detection has been an active research field to ensure CI normal operation. Previous approaches have leveraged network level data for anomaly detection, or have disregarded the existence of process disturbances, thus opening the possibility of mislabelling disturbances as attacks and vice versa...
With the ongoing shift of network services to the application layer also the monitoring systems focus more on the data from the application layer. The increasing speed of the network links, together with the increased complexity of application protocol processing, require a new way of hardware acceleration. We propose a new concept of hardware acceleration for flexible flow-based application level...
The Service Level Management [SLM] is the process of managing the cloud resources and services. Also, it is the process of managing and deploying the recourses, providing the services based on demand, control the service, monitor the service and report the service. The Service Level Management defines the process of allocating the resources, managing the resources, SLA negation, controlling the service,...
Cobit 4.1 defines a number of IT processes; each of which consists of several activities. A process is controlled by several control objectives. All processes share the same maturity attributes. Cobit 4.1 however does not define any assessment method to determine the maturity of IT processes. This paper reviews current assessment methods and identifies their drawbacks. This paper then proposes an...
Cloud Computing is a term which allows user to access the set applications to perform a group of functions or tasks on the internet enabled devices. The cloud has been divided into three types: private, public and hybrid which are briefly described in this paper. SaaS, IaaS and PaaS are the services of the cloud. Cloud is generally provided by the third party, thus it faces few security challenges...
SDN-enabled networks offer a great degree of flexibility, programmability and support for multiple applications. Applications running on top of a SDN controller could further benefit if network state information were made available to them as part of the SDN framework. Our work investigates the requirements for abstracting network state on the control plane. We intend to show that, by meeting these...
Programmable Logic Controller (PLC) technology plays an important role in the automation architectures of several critical infrastructures such as Industrial Control Systems (ICS), controlling equipment in contexts such as chemical processes, factory lines, power production plants or power distribution grids, just to mention a few examples. Despite their importance, PLCs constitute one of the weakest...
It is very challenging to secure industrial control systems from malwares and protect the system under control. Recent malwares have been specifically targeting public infrastructures like power grids/plants. Protecting against these malwares is challenging as they are configured with deep knowledge of the controller and system under control. Industrial plants are complex systems and hence needs a...
The purpose of this paper is to describe the complexity of an Automated Border Control (ABC) context and the factors influencing the experience passengers and border guards have when interacting with ABC systems. Automated border control is expected to make border checks quicker and more efficient as well reducing the cost. At the same time, the purpose is to enhance the level of border security....
An approach for the design and placement of Intelligent Checkers (ICs) is presented along with an application to enhance the security and safety of a water purification system. Each IC, a smart sensor with a one-way outgoing communication over the network, monitors in real-time the status of one or more physical processes and raises an alarm when the monitored process measurements violate predefined...
We mitigate malicious software threats to industrial control systems, not by bolstering perimeter security, but rather by using application-specific configurable hardware to monitor and possibly override software operations in real time at the lowest (I/O pin) level of a system-on-chip platform containing a micro controller augmented with configurable logic. The process specifications, stability-preserving...
Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.