User preference of cyber security awareness delivery methods

Operating systems and programmes are more protected these days and attackers have shifted their attention to human elements to break into the organisation's information systems. As the number and frequency of cyber-attacks designed to take advantage of unsuspecting personnel are increasing, the significance of the human factor in information security management cannot be understated. In order to counter cyber-attacks designed to exploit human factors in information security chain, information security awareness with an objective to reduce information security risks that occur due to human related vulnerabilities is paramount. This paper discusses and evaluates the effects of various information security awareness delivery methods used in improving end-users’ information security awareness and behaviour. There are a wide range of information security awareness delivery methods such as web-based training materials, contextual training and embedded training. In spite of efforts to increase information security awareness, research is scant regarding effective information security awareness delivery methods. To this end, this study focuses on determining the security awareness delivery method that is most successful in providing information security awareness and which delivery method is preferred by users. We conducted information security awareness using text-based, game-based and video-based delivery methods with the aim of determining user preferences. Our study suggests that a combined delivery methods are better than individual security awareness delivery method.     

网络攻击下多智能体系统动态事件触发一致性

研究网络攻击下一般线性多智能体系统的动态事件触发一致性问题.考虑多智能体系统在受到网络攻击后,被攻击节点的状态会改变,导致与其相应的连接无法工作,设计修复策略恢复被攻击节点及其相应的连接,给出网络攻击下分布式事件触发控制协议.在静态事件触发机制基础上,通过引入动态阈值参数,提出动态事件触发机制.进一步,利用图论、线性矩阵不等式和李雅普诺夫函数方法,给出网络攻击下实现多智能体系统一致性的充分条件,并证明在所提出的动态事件触发条件下,能够有效避免芝诺行为.最后,通过仿真例子来验证理论结果的有效性.     

基于数字签名的车联网安全体系研究

车联网以智能网联汽车为信息交互感知主体,通过建立车-云-路-人消息互联传输体系,实现智慧交通智能管理、高效控制和及时调度。然而非法网络入侵与攻击导致车联网多通信场景存在安全隐患,为了解决通信各端身份识别问题和复杂通信场景下消息安全传输机制,身份认证技术成为车联网安全体系的重要保障。综述了国内外车联网研究现状和成果,说明了智能网联汽车平台、组件、通信体系,设计了基于数字签名的车联网安全架构;通过深入研究安全框架内在机理,进行架构的详细设计,将全生命周期安全保障机制融于设计中,实现了多场景全生命周期内的身份认证服务;通过分析LTE-V2X技术特点和V2X证书管理体系实际需要,提出面向LTE-V2X数字签名体系,可实际应用于LTE-V2X业务部署及系统开发设计。     

A new cost-saving and efficient method for patch management using blockchain

In the corporate environment, we use a variety of software. To increase security, patch management systems are used to manage software patches. This study analyzes existing patch management systems to identify security threats. Furthermore, we utilized blockchain to manage patches safely and efficiently. Using this research, vendors operating patch management systems can connect to the blockchain network to share the verified patch information. It also stores the public key information required to verify the integrity of the patch and the information generated during patch management in the block. This effectively monitors the patch management process. It also reduces patch management costs and improves security.

     

Design of secure operating systems with high security levels

Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: se- curity architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.     

Considering Operational Security Risk during System Development

Software products today are riddled with defects, some of which leave systems vulnerable to cyber-attacks. Although high-quality development processes can limit vulnerabilities, these processes alone aren't sufficient for operational security. The operational security of software-intensive systems is closely linked to the practices and techniques used during system design and development. In this article, we discuss OCTAVE within the context of analyzing an organization's potential operational security risks for a software-intensive system development project prior to actual deployment     

云环境下工业信息物理系统现场层安全策略决策方法

云环境下工业信息物理系统架构的转变使得工业现场设备更加暴露于网络攻击下,对工业现场层提出更高的安全需求.随着系统结构愈渐复杂,网络攻击更加智能,系统难以准确获取安全状态,传统的基于状态的安全决策方法将不能实现有效防护,对此提出一种工业信息物理系统现场层安全策略决策方法.首先,根据功能结构划分现场区域,分析潜在的攻击目标、攻击事件与系统防御策略间的关联性,构建攻击防御树;然后,从攻击和防护属性的视角,利用模糊层次分析法量化防御策略收益;接着,结合部分攻击状态构建部分可观的马尔可夫决策过程模型,通过求解模型得到最优安全策略;最后,以简化的田纳西-伊斯曼过程控制系统为对象验证所提出方法能够有效地决策出最优安全策略.     

操作系统安全验证形式化分析框架

结合当前形式化验证方法的特点和操作系统安全模型情况,本文提出了这些方法在操作系统安全分析中的应用。结合传统定理证明方法的优势,将模型检验方法纳入形式化安全分析体系当中,并分别提出了在安全分析中的应用情况。将用定理证明用于从模型到规则的分析,模型检验从实现中抽取模型,用于从实现到规则的分析。     

Physical layer privacy scheme for networked control systems

Control systems in general and networked controls systems in particular are vulnerable to harmful noise effect and malicious cyber-attacks that may have devastated outcomes on sensitive applications. One approach to address these threats is to introduce a stringent security and privacy schemes that able to protect the attacked systems. This paper addresses this issue by proposing a privacy scheme, for feedback signals, stemmed from the well-known spread spectrum principle and the information system theory. In order to confirm the efficiency of the proposed scheme in offering a good level of control system privacy, a theoretical analysis is provided and supported by a simulation example introduced to one of the relatively weak control systems to noise and malicious attacks namely Higher Order Iterative Learning Control (HOILC).     

UHD TV image enhancement using example-based spatially adaptive image restoration filter

This paper presents a novel image restoration algorithm using examples and truncated constrained least squares (TCLS) filter for ultra-high definition (UHD) television systems. The proposed approach consists of three steps: (i) generation of the patch dictionary using multiple-step image blurring, (ii) selection of the optimum patch based on the orientation and the amount of blurring, and (iii) combination of the selected patch in the dictionary and its filtered version by the TCLS restoration filter for reducing the patch mismatch error. In the proposed algorithm, a complicated point-spread-function (PSF) estimation process is replaced with the generation of multiple, differently blurred patches. Furthermore, the patch dictionary is made by orientation-based classification to reduce the time to search the optimum patch. Experimental results show that the proposed algorithm can restore more natural images with less synthetic artifacts than existing methods. The proposed method provides a significantly improved restoration performance over existing methods in the sense of both subjective and objective measures including peak-to-peak signal-to-noise ratio (PSNR) and structural similarity measure (SSIM).     

基于GQM模型的工业控制系统风险评估方法

风险评估是保证工业控制系统安全的重要机制，当前，信息安全和功能安全的耦合越来越紧密，考虑到不同组织的业务目标和运营环境多样化程度高，工控系统信息安全风险评估应紧密结合业务目标。基于目标-问题-度量（GQM）模型，从目标确定、问题描述、度量指标定义工控系统风险评估流程，以工控系统所承载的业务目标为指引，基于风险场景模型提出问题，围绕提出的问题收集信息，根据收集的信息和数据对度量指标进行关联分析和评价。最后，以PLC风险评估为实例，具体说明和验证了基于GQM模型的工业控制系统风险评估方法的有效性。     

产品数据管理系统的用户权限管理

通过对产品数据管理系统的分析，本文探讨了产品数据管理系统中数据、工作流程、活动、操作和角色之间的关系，提出了基于数据、工作流程、活动、操作和角色的用户权限管理的建模方法。通过在某航空企业PDM系统中建立用户权限管理模型的应用，证明了这种方法具有简单、规范、有效等特点，井可广泛应用于其它类型的复杂信息系统中。     

Impact of Human Vulnerabilities on Cybersecurity

Today, security is a major challenge linked with computer network companies that cannot defend against cyber-attacks. Numerous vulnerable factors increase security risks and cyber-attacks, including viruses, the internet, communications, and hackers. Internets of Things (IoT) devices are more effective, and the number of devices connected to the internet is constantly increasing, and governments and businesses are also using these technologies to perform business activities effectively. However, the increasing uses of technologies also increase risks, such as password attacks, social engineering, and phishing attacks. Humans play a major role in the field of cybersecurity. It is observed that more than 39% of security risks are related to the human factor, and 95% of successful cyber-attacks are caused by human error, with most of them being insider threats. The major human factor issue in cybersecurity is a lack of user awareness of cyber threats. This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations. This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information. Moreover, the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity, such as phishing attacks, passwords, attacks, and social engineering, are major problems that need to be addressed and reduced through proper awareness and training.     

基于关键路径测试的安全补丁存在性检测

漏洞的修复对于应用软件的安全至关重要。为了能够及时地修复所有已知漏洞,安全防护人员需要准确地检测一个安全补丁是否被应用。提出一个基于关键路径的语义层面的漏洞补丁存在性检测工具PatchChecker,通过找寻一条在漏洞修复前后发生改变的路径,分析其语义特征,生成能代表漏洞补丁的签名信息;利用这一签名信息,在目标程序中找出对应路径进行比较,判断漏洞补丁的应用情况。PatchChecker通过聚焦于单一路径,在提升对细节变化检测能力的同时,避免了未知代码修改带来的干扰。实验表明,PatchChecker能够以较高的准确率检测漏洞补丁是否被应用。     

国家电网边缘计算应用安全风险评估研究

依据国家网络安全等级保护与风险评估系列标准以及电力信息系统特点,提出国家电网边缘计算应用安全的风险评估模型,然后采用漏洞扫描工具AWVS、AppScan分别对集成最新安全漏洞的开源Web应用靶机软件BWAPP进行安全漏洞评测与风险评估实验,再运用模糊层次分析法对Web应用安全进行综合安全评价。针对应用程序的安全检测实验结果整理安全评估数据,实现对国家电网边缘计算应用安全风险评估的实例化验证。     

A SCADA testbed for investigating cyber security vulnerabilities in critical infrastructures

Supervisory Control and Data Acquisition (SCADA) systems are widely used in critical infrastructures such as water distribution networks, electricity generation and distribution plants, oil refineries, nuclear plants, and public transportation systems. However, the increased use of standard protocols and interconnectivity has exposed SCADA systems for potential cyber-attacks. In recent years, the cyber-security of SCADA systems has become a hot issue for governments, industrial sectors and academic community. Recently some security solutions have been proposed to secure SCADA systems. However, due to the critical nature of SCADA systems, evaluation of such proposed solutions on real system is im-practical. In this paper, we proposed an easily scalable and reconfigurable virtual SCADA security testbed, which can be used for developing and evaluating SCADA specific security solutions. With Distributed Denial of Service (DDoS) and false data injection attack scenarios, we demonstrated how attackers could disrupt the normal operation of SCADA systems. Experimental results show that, the pro-posed testbed can be effectively used for cyber security assessment and vulner-ability investigation on SCADA systems. One of the outcomes of this work is a labeled dataset, which can be used by researchers in the area of SCADA security.     

基于图形同构理论的安全补丁比较技术研究

安全补丁比较技术能够有效地揭示同一程序两个相邻版本之间的差异。首先介绍了基于图形同构理论的指令级图形化安全补丁比较算法和控制流级结构化安全补丁比较算法；然后对这两种安全补丁比较方法进行了对比分析；最后介绍了控制流级结构化安全补丁比较原型系统的实现技术，并给出了使用三个Windows系统补丁对原型系统进行测试的结果。     

面向普适计算的自适应模糊访问控制方法

普适环境中的上下文信息是普适访问控制的关键因素,对主体的授权和对主体使用权限过程的控制具有决定性影响。系统安全强度和安全策略应随上下文的变化而动态改变。传统访问控制模型均未考虑上下文对安全强度和安全策略的动态影响,不适合普适计算环境。提出了普适环境下安全强度和安全策略随上下文动态变化的思想,基于区间值模糊集合理论建立了上下文信息相关的产生式规则,设计了一种简单高效的区间值模糊访问控制方法,以提高普适计算系统中安全强度和安全策略的自适应性,更符合普适环境。     

基于D-AHP和TOPSIS的火电厂控制系统信息安全风险评估

火电厂控制系统信息安全风险评估往往存在主观性强和不确定性等问题,而这些问题会对评估结果产生一定影响.对此,提出一种基于D 数偏好关系改进层次分析法(D-AHP)和逼近理想解排序法(TOPSIS)的电厂控制系统信息安全风险评估方法.根据工业控制系统风险评估的相关行业标准,识别工业控制系统的资产、威胁、脆弱性及现有安全措施,建立评估指标体系和层次结构模型.针对评估专家经验差异导致的评估信息不确定性,先使用D-AHP方法求解各指标影响权重,再使用TOPSIS法求出专家权重,最后得到电厂控制系统信息安全风险值.实例分析表明了所提出方法的有效性,同时提高了评估结果的正确性.