Collaborative Approaches for Cyber Security in Cyber-Physical Systems

Modern cyber domain is an extremely complex field to master. There are numerous capricious dependencies between networked systems and data. In cyber security, technology has a major role, but the knowledge and skills of the individuals combined with the incident response processes of the organisations are even more important assets. Those assets foster the cyber resilience of the organisation. The most effective ways to uphold these urgent assets are training and exercising. Cyber security exercises in particular have proven their efficiency in improving cyber security skillsets. During the cyber security exercises, it is possible to train cyber defence and incident response manoeuvres in stressful and hectic situations of being under cyber attack or intrusion. To achieve the capability to organise technical cyber security exercises with real attacks and real malware, technical training infrastructure mimicking real networks and systems is required. Such infrastructures are universally called cyber ranges or cyber arenas. Globally, cyber security exercises have become more common during the last decade, and there are several cyber ranges with diverse capabilities. Pooling and sharing the capabilities of cyber ranges raises the requirement to establish a cyber range technical federation. In this paper, a state-of-the-art implementation of the cyber range technical federation is introduced. In addition, the implementation demonstrated and evaluated during the Flagship 1 on-line cyber security exercise is discussed.

Cyber-physical systems (CPS) are smart computer systems that control or monitor machines through computer-based algorithms, which are vulnerable to both cyber and physical threats. Similar to the growing number of applications, CPS also employ classification algorithms as a tool for data analysis and continuous monitoring of the system. While the utility of data is significantly important in building an accurate and efficient classifier, a free access to original (raw) format of data is a crucial challenge due to privacy constraints. Therefore, it is tremendously important to train classifiers in a private setting in which the privacy of individuals is protected, while data remains still practically useful for building the model. In this chapter, we investigate the application of three privacy preserving models, namely anonymization, Differential Privacy (DP), and cryptography, to privatize data and evaluate the performance of two popular classifiers, Naïve Bayes and Support Vector Machine (SVM) over the protected data. Their performances are compared in terms of accuracy, training construction costs on the same data and in the same private environment. Finally, comprehensive findings on constructing the privacy preserved classifiers are outlined. The attack models against the training data and against the private classifier models are also discussed.

Usable Identity and Access Management (IAM) schemes are highly required to control and track users’ identity and access privileges for a safe and secure smart city. Any safety or security breach in critical infrastructures, e.g., smart financial solutions, smart transportation, and smart buildings, can disrupt the normal life of its residents. Studies have reported that traditional knowledge- and token-based IAM schemes are unable to fully secure these emerging use cases due to inherent security and usability issues in them. This chapter presents multi-modal biometric-based IAM schemes for smart payment apps, smart transportation, and smart buildings that can partially address the safety and security concerns of residents. We also describe the framework for designing risk-based, implicit, or continuous verification IAM schemes for such use cases.

In this chapter, we describe several security design patterns that collaboratively consider various cybersecurity aspects with the aim to ensure compliance with cybersecurity requirements for a certified cybersecurity and software update management system imposed by the recent United Nations regulations. Automated driving requires increasing networking of vehicles, which in turn expands their attack surface. The security design patterns enable the detection of anomalies in the firmware at boot, ensure secure communication in the vehicle and detect anomalies in in-vehicle communications, prevent unauthorized electronic control units from successfully transmitting messages, provide a way to transmit and aggregate security-related events within a vehicle network, and report to entities external to the vehicle. Using the example of a future high-level automotive Electrical/Electronic architecture, we also describe how these security design patterns can be used to become aware of the current attack situation and to react to it.

The technological development of recent years has made possible to improve the performance of mobile devices such as smartphones, tablets, smart TVs and wearable devices. This improvement has introduced the possibility of developing more complex applications able to manage sensitive user data. An example is represented by banking applications: they allow us to carry out all the financial operations that we can perform in a physical bank. Therefore, it is clear that in order to carry out these operations, we need a very high level of security to be sure that attackers do not use our account to transfer our money. Users typically install applications on their smartphones, without checking the required permissions before installation, because they do not know what risks they can encounter. Among the various malicious attacks that can be perpetrated, the collusive attack is emerging, as threat targeting devices based on the Android operating system. In this attack paradigm, two or more apps collaborate in some way to perform a malicious action that they are unable to do independently. Detection of colluding apps is a challenging task, as a matter of fact free and commercial antimalware analyse each app separately, hence fail to detect any joint malicious action performed by multiple collaborative apps through collusion. The contribution of this paper is a proposal of an explainable technique exploiting model checking, aimed to localise the malicious instructions in the application under analysis, by automatically identifying the bytecode instructions performing a malicious collusion and, for this reason, making the proposed method explainable.

The Internet of Things (IoT) is an environment of interconnected entities which are identifiable, usable and controllable via the Internet. Trust is necessary for a system such as the IoT as the entities involved should know the other entities they have to interact with. In order to guarantee trust in an IoT entity, it is useful to consider it during all its System Development Life Cycle (SDLC). The requirements phase is one of the first and the most important phases of the SDLC. In this phase, trust requirements must be elicited in order to guarantee that the built entity can be trusted. However, during this phase, it is possible to raise conflicts among requirements reflecting conflicting needs. Decision-making processes can be helpful in order to solve these issues. The Analytic Hierarchy Process (AHP) is a discipline that supports decision-makers in choosing between heterogeneous and conflicting alternatives, but it has several problems, especially if there are numerous parameters. Thus, we propose an AHP-like methodology called Pairwise Ordination Method (POM). Its aim is to solve issues among conflicting requirements deciding which one is the less important in order to modify or delete it, maximising the trust level of the IoT entity under development.

Trust negotiation is an approach for establishing trust between various entities that is especially useful in online environments. Entities may need to or want to establish a trust relationship in order to reach their goal, on which they can collaborate together. Its principle is to mutually and alternately exchange credentials between the participating entities so that their trust placed onto each other can gradually increase. Trust negotiation must also handle other issues that are important for its functionality. The first and the most important one is security. Entities must be securely authenticated in order to know who they communicate with. Also, they must be authorised for accessing confidential information about the other one, which is handled by specific rules defined in policies. Credentials themselves must be protected too in order to maintain their integrity and prevent malicious modifications and leakage. Privacy is another related issue. It is not always indispensable to protect privacy in order to establish trust, however, entities may be willing to do so. Trust negotiation may be required for many different scenarios and its processing can be carried out automatically without an active intervention from its participants. In this chapter, we analyse trust negotiation in terms of its functionality and possible implementations. We propose a way of how to design trust negotiation effectively for several scenarios since each of them may have different requirements for trust negotiation, such as the needs for security and privacy, the use of various negotiating strategies or the use of trusted authorities. We propose the way of how trust negotiation can be adapted for the specific needs required by its participants.

Cyber-Physical Systems (CPSs) is the key-pillar technology for the implementation of the Industry 4.0 concept. In the industrial sector, a physical entity with internet-enabled capabilities is an example of a CPS. Considering the criticality of the processes controlled by CPS, only authorized entities should have access to those systems under certain conditions. Existing access control approaches implemented in the industrial sector mainly rely on the roles that subjects may have to facilitate the separation of duty concept. However, context information and its mutability over time were out of the scope of implemented access control mechanisms. In this chapter, we investigate the application of the advanced access control paradigm to enable continuous control of Industrial Control Systems (ICS) usage according to context-aware security policies. We provide a framework description along with its implementation in a simulation environment. Finally, the obtained results regarding the system’s performance are outlined along with a discussion for potential improvement.

In highly dynamic and distributed computing environments (e.g., Cloud, Internet of Things (IoT), mobile, edge), robust access and usage control of assets is crucial. Since assets can be replicated in various locations on heterogeneous platforms and dynamic networks with unknown or partially authenticated users, the need for a uniform control mechanism is essential. The theory of Usage Control (UCON) is an example of such a mechanism to regulate access and usage of resources based on expressive polices and a loosely-coupled enforcement technology. However, in complex socio-technical systems, concerns about scalability, performance, modularity often arise, and existing UCON models and frameworks cannot meet such requirements. To tackle these concerns, we introduce UCON+, an improvement over existing UCON models, which adds continuous monitoring before granting and after revoking authorizations as well as policy administration and delegation. This chapter aggregates our recent contributions on the conceptual, architectural, and implementation level of UCON+, and provides a comprehensive reference to describe the current state-of-the-art and the novelties of UCON+.