Computer Security: ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14–18, 2020, Revised Selected Papers

CyberICPS 2020 Preface
CyberICPS 2020 Organization
SECPRE 2020 Preface
SECPRE 2020 Organization
ADIoT 2020 Preface
ADIoT 2020 Organization
Contents
CyberICPS Workshop
Integrated Analysis of Safety and Security Hazards in Automotive Systems
1 Introduction
2 Related Work
3 Modeling
4 Formalization
4.1 Markov Decision Processes
5 Automating the Risk Analysis
5.1 HSM Integration
5.2 Infotainment Dependency
5.3 Redundant AI Sensors
5.4 Scalability
6 Conclusion and Future Work
References
Attack Path Analysis for Cyber Physical Systems
1 Introduction
2 Related Work
3 Discovering and Analyzing Attack Paths
3.1 Problem Formulation
3.2 Components of the Proposed Method
3.3 Input Data
3.4 The Proposed Method
3.5 Characteristics of the Method
4 Attacks Against the Navigational CPSs of the C-ES
5 Conclusions
References
Identifying and Analyzing Implicit Interactions in a Wastewater Dechlorination System
1 Introduction
2 Modeling and Analysis Approaches
2.1 System Modeling Approach
2.2 Approach for Identifying Implicit Interactions
2.3 Approach for Analyzing Implicit Interactions
2.4 Tool Support
3 System Modeling and Specification
3.1 Wastewater Dechlorination System Description
3.2 C2KASpecification of the WDS
3.3 Intended System Interactions
4 Identification and Analysis of Implicit Interactions
4.1 Identification of Implicit Interactions
4.2 Severity Analysis of Implicit Interactions
4.3 Exploitability Analysis of Implicit Interactions
4.4 Additional Observations
5 Validation of the Model and Analysis Results
5.1 Model Validation
5.2 Domain Expert Questionnaire
5.3 Questionnaire Results
6 Lessons Learned
7 Related Work
8 Concluding Remarks
References
A Survey of Cryptography-Based Authentication for Smart Grid Communication
1 Introduction
2 Related Work
3 Smart Grid Cryptography
3.1 Overview of Cryptography Schemes
4 Literature Overview
4.1 Elliptic Curve Cryptography
4.2 Literature Overview of ECC Algorithms for Smart Grid
5 Comparison of Cryptography Schemes for Smart Grids
5.1 Comparison of Security Properties of Cryptography Schemes
5.2 Performance Analysis of Cryptography Schemes
6 Limitations
7 Conclusion and Future Work
References
Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment
1 Introduction
1.1 The Need for Secure Coding Awareness
1.2 Standards, Industry, and Academic Efforts
1.3 Automatic Challenge Evaluation
1.4 Contributions of This Work
1.5 Paper Outline
2 Related Work
3 Sifu Platform
3.1 Problem Statement
3.2 Code-Entry Challenge Platform Architecture
4 Results
4.1 Challenge Feedback
4.2 Sifu Survey
4.3 Threats to Validity
5 Conclusions
References
IoT Vulnerability Scanning: A State of the Art
1 Introduction
2 Vulnerability Scanning: State-of-the-Art
2.1 Scanning Goals
2.2 Scanning Space
2.3 Scanning Challenges
2.4 Scanning Process
3 Nordic IoT and IIoT Telescope: Empirical Study
3.1 Nordic Connectivity
3.2 Vulnerability Scanning
4 Conclusion
References
Learning from Vulnerabilities - Categorising, Understanding and Detecting Weaknesses in Industrial Control Systems
1 Introduction
2 Connecting Sources of Data for Vulnerability Insights
3 Understanding and Classifying Vulnerabilities
4 Validating Our Categories and Detection Methods
5 Conclusion
References
Self Adaptive Privacy in Cloud Computing Environments: Identifying the Major Socio-Technical Concepts
1 Introduction
2 Self-adaptive Privacy Within Cloud Computing Environments (CCE)
3 Exploring Socio-technical Aspects
3.1 Users’ Social Aspects
3.2 Exploring Technical Privacy Aspects
4 Self Adaptive Privacy Concepts Within CCE
4.1 Social Layer:
4.2 Software Layer:
4.3 Infrastructure Layer:
4.4 Layers’ Interrelation:
5 Conclusion and the Future
References
SECPRE Workshop
Definition and Verification of Security Configurations of Cyber-Physical Systems
1 Introduction
2 Related Work
2.1 Cybersecurity and Feature Model Analysis
2.2 Ontologies and Security Requirements for Cybersecurity
3 Case Study of a Cyber-Physical System
4 Security Requirements for Cyber-Physical Systems
4.1 Representation of Security Requirements in JSON
4.2 Security Requirements for the Case Study
5 Verification of CPS Security Requirements by Using Feature Models
5.1 Feature Models
5.2 Catalogue of Feature Models for CPS
5.3 Verification Examples for the Case Study
6 Conclusion and Future Work
References
GDPR Compliance: Proposed Guidelines for Cloud-Based Health Organizations
1 Introduction
2 Challenges Faced by Organizations During GDPR Compliance
2.1 Principles Relating to Processing of Personal Data in GDPR
2.2 Other Security Aspects
3 Changes Introduced by the GDPR
3.1 Records of Processing Activities
3.2 Territorial Scope-Third Country Data Transfers
3.3 Data Protection Impact Assessment (DPIA)
3.4 Subjects’ Rights
3.5 Data Breach Notification
3.6 Data Protection Officer
3.7 Penalties
3.8 Controllers and Processors
3.9 Consent
3.10 Data Protection by Design and by Default
4 Key Aspects of the GDPR of Particular Relevance to Healthcare
4.1 Security
4.2 Request (Explicit) Consent
4.3 Change in the Way Medical Results Are Obtained
4.4 Strengthening of Data Subjects’ Rights
4.5 GDPR Roles
4.6 Security and Privacy Policies
5 Basis Tasks that Health Organizations Should Do for the Compliance with GDPR
5.1 Identify Categories of Subjects and Personal Data
5.2 Identification of Personal Data Sources and of Purpose of Processing
5.3 Selection and Determination of the Legal Basis for Each Processing of Personal Data
5.4 Determining the Period Personal Data Are Maintained
5.5 Special Actions for Compliance with the GDPR
6 Conclusions
References
Aligning the Concepts of Risk, Security and Privacy Towards the Design of Secure Intelligent Transport Systems
1 Introduction
2 Literature Review
3 Background Analysis
3.1 Risk Analysis
3.2 Security Requirements Engineering Analysis
3.3 Privacy Requirements Engineering Analysis
4 Concept Alignment
5 Conclusions
References
Identifying Implicit Vulnerabilities Through Personas as Goal Models
1 Introduction
2 Related Work
2.1 Finding Vulnerabilities Using Social Goal Modelling
2.2 Personas for Security
2.3 IRIS and CAIRIS
3 Approach
3.1 Conceptual Model
3.2 Modelling User Goal Contributions
3.3 Identifying Implicit Vulnerabilities
3.4 Tool-Support
4 Case Study
4.1 ACME Water Security Policy
4.2 User Goal Model Creation
4.3 ICT Awareness Implicit Vulnerabilities
4.4 Validating Vulnerabilities with Implicit Vulnerabilities
5 Discussion and Limitations
6 Conclusion
References
ADIoT Workshop
Cooperative Speed Estimation of an RF Jammer in Wireless Vehicular Networks
1 Introduction
2 Related Work
3 System Model and Assumptions
3.1 Considered Channel Models
3.2 Jammer Behavior
4 Joint Data and Jamming Signal Estimation
4.1 MSE Derivation
5 Jammer Speed Estimation
6 Numerical and Simulation Results for AWGN and Rayleigh Channels
6.1 Results for an AWGN Channel
6.2 Results for Rayleigh Fading Channel
6.3 Results for MSE Vs z2
7 Simulation Results for Vehicular Channel
7.1 Cooperative Jammer Speed Estimation Results
8 Conclusions
A Appendix
References
Extended Abstract: Towards Physical-Layer Authentication for Backscatter Devices
1 Introduction
2 Background
3 Related Work
4 Design Issues
4.1 Overview
4.2 Message Authentication Code
4.3 Preliminary Reliability Analysis
4.4 MAC Implementation
5 First Prototype
6 Discussion
7 Conclusions
References
P2Onto: Making Privacy Policies Transparent
1 Introduction
2 Related Works
3 Methodology
3.1 P2Onto Ontology
3.2 Mapping of the Policy Text into P2Oto Concepts
3.3 Privacy Rule Construction
4 Usage Scenario and Discussion
5 Conclusions
References
Extended Abstract - Transformers: Intrusion Detection Data in Disguise
1 Introduction
2 Background and Related Work
3 Context and Context Awareness
3.1 Definitions
3.2 Context and Context Awareness for IoT IDS
4 Situation and Situational Awareness
4.1 Definitions
4.2 Situation and Situational Awareness for IoT IDS
5 Comparison
6 Conclusion
References
Author Index