Preface
Contents
8th Workshop on Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2022)
Preface
Organization
General Chairs
Program Chairs
Publicity Chair
Program Committee
External Reviewers
Towards Comprehensive Modeling of CPSs to Discover and Study Interdependencies
1 Introduction
2 Related Work
3 Background
3.1 Graph Theory
3.2 Bond Graph
4 Method
4.1 BG2 Model
4.2 Dependency Identification Based on the BG2 Model
5 Case Study
5.1 BG2 Model of the System
5.2 Dependency Analysis
6 Conclusion
References
Coordinated Network Attacks on Microgrid Dispatch Function: An EPIC Case Study
1 Introduction
2 Dispatch Function for Islanded Microgrid Operation
3 Communication Protocols and Standards for Microgrid
4 Case Study: Attacks on Microgrid Dispatch Functions
4.1 EPIC System Overview
4.2 Attacks on IEC 61850-Based Communication Protocols
4.3 EPIC Modbus Communication Network
4.4 Coordinated Attacks Targeting Multiple Protocols
5 Conclusion
References
Adversarial Attacks and Mitigations on Scene Segmentation of Autonomous Vehicles
1 Introduction
2 Background
2.1 Semantic Segmentation
2.2 Adversarial Attack
3 Work Execution
3.1 Drawbacks of I-FGSM
3.2 Momentum-Based I-FGSM
3.3 Mitigation
4 Experiments and Results
4.1 Experiment Settings
4.2 Impact of Parameters
4.3 Defence
4.4 Discussions
5 Conclusion
References
Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions
1 Introduction
2 Time-Sensitive Networking
3 IEEE 802.1CB
4 Possible Security Risks
4.1 Sequence Numbering
4.2 Path Configuration
5 Existing Solutions
5.1 MACsec - 802.1AE-2018
5.2 MACsec - TSN-MIC
5.3 Chaos Cipher
5.4 KD and SC
6 Evaluation of Attacks and Solutions
7 Related Work
8 Conclusion
References
The Effects of the Russo-Ukrainian War on Network Infrastructures Through the Lens of BGP
1 Introduction
2 Preliminaries
2.1 BGP UPDATE
2.2 Outages
3 Measurements
3.1 Collecting and Analyzing BGP Data
3.2 Results and Discussion
4 Related Work
5 Conclusions
References
Cybersecurity Awareness for Small and Medium-Sized Enterprises (SMEs): Availability and Scope of Free and Inexpensive Awareness Resources
1 Introduction
2 Rationale and Research Objectives
3 Analysis and Findings
3.1 European Agencies and Organizations
3.2 EU Funded and National Projects
3.3 National Organizations from the EEA Countries and the United Kingdom
3.4 European Trade Associations and Federations
3.5 Private Organizations
4 Discussions and Conclusions
Appendix
References
A Framework for Developing Tabletop Cybersecurity Exercises
1 Introduction
2 Related Work
3 Methods
3.1 Recommendations from Literature
3.2 Recommendations from Academic Stakeholders
3.3 Recommendations from Industry Stakeholders
4 Results
4.1 Experiment 1
4.2 Experiment 2
4.3 Experiment 3
5 Discussion
6 Conclusion
References
A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems
1 Introduction
2 Related Work
2.1 Threat Modelling Methodologies
2.2 Risk Analysis Methodologies
3 System Model
3.1 Service-Oriented Scope Establishment and Valuation
3.2 Manual Composition or Automatic Decomposition of Assets
3.3 Correlation of Threats and Vulnerabilities
3.4 Risk Estimation
4 Dynamic Risk Analysis and Threat Modelling
5 Comparative Analysis
6 Conclusions
References
6th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2022)
Preface
Organization
General Chairs
Program Committee Chairs
Program Committee
OntoCyrene: Towards Ontology-Enhanced Asset Modelling for Supply Chains in the Context of Cyber Security
1 Introduction
2 Background
2.1 Business Process Model and Notation (BPMN)
2.2 Ontology
3 Related Works
4 Methodology
5 Design and Implementation
5.1 Architecture of OntoCyrene
5.2 OntoCyrene Class Hierarchy
5.3 OntoCyrene Object and Data Properties (Relationships)
5.4 Ontology Population
6 Evaluation
6.1 Evaluating the Ontology by Business Partners (CRF)
6.2 Ontology Evaluation Using Competency Questions
6.3 Ontology Evaluation Using OntoQA
7 Conclusion
References
Measuring the Adoption of TLS Encrypted Client Hello Extension and Its Forebear in the Wild
1 Introduction
2 Related Work
3 Protecting the SNI in TLS Handshakes
3.1 Background on ESNI
3.2 Background on ECH
4 Measurements
4.1 Setup
4.2 Results
5 Conclusions
References
4th Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2022)
Preface
Organization
Organizers
Program Committee
Influencing Factors for Users’ Privacy and Security Protection Behavior in Smart Speakers: Insights from a Swiss User Study
1 Introduction
2 Prior Research
2.1 Privacy and Security Threats of Smart Speaker Technology
2.2 Privacy and Security Perception and Concerns of Smart Speaker Users
2.3 Protective Behavior and Measures in Smart Speaker Usage
2.4 Research Question and Research Model
3 Methodology and Survey Design
4 Results
4.1 Usage of Smart Speakers
4.2 Factors Influencing Protective Measures
5 Discussion
6 Conclusion
References
Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach
1 Introduction
2 Background and Motivation
2.1 ISO 27001
2.2 EBIOS RM
2.3 MITRE ATT&CK
2.4 Motivation
3 State of the Art
4 Security Impact Analysis Framework
4.1 Know, Enter, Find, Exploit (KEFE) Process Model
4.2 KEFE Model Example
4.3 Conceptual Framework
5 Technical Foundation
6 Discussion
7 Conclusion
References
Data Protection Officers' Perspectives on Privacy Challenges in Digital Ecosystems
1 Introduction
2 Privacy in Digital Ecosystems
2.1 Digital Ecosystems
2.2 Data Protection Requirements
2.3 Related Work
3 Methodology
3.1 Interview Guidelines Design and Study Procedure
3.2 Participant Recruitment, Enrollment, and Background
3.3 Data Collection and Analysis
3.4 Ethical Considerations
4 Digital Ecosystems Overview
5 Data Protection Challenges
5.1 Implementing Legal Requirements
5.2 Implementing Data Subject Rights
5.3 Responsibility of Operators for the Entire Digital Ecosystem
5.4 Helpful (Future) Steps for More Effective Data Protection
6 Discussion and Implications
7 Conclusion
A Appendix – Semi-structured Interview
A.1 Introduction
A.2 Detailed Description of the Ecosystem
A.3 Privacy Challenges
A.4 Privacy Dashboards
References
Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours
1 Introduction
2 Enabling the Acquisition of Secure Behaviours
3 Beyond Secure Routines: Building Competence for Security Heroes''
4 The Need for Evaluation and Continuous Improvement
4.1Well - I Wouldn't Start from Here''
4.2 What is Success?
4.3 How to Evaluate Security Awareness
5 Conclusions and Recommendations
5.1 Board Members
5.2 For Executives
5.3 CISOs
5.4 Security Specialists
5.5 Security Awareness Specialists
References
3rd Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2022)
Preface
Organization
General Chairs
Program Committee Chairs
Program Committee
Towards Reverse Engineering of Industrial Physical Processes
1 Introduction
2 Background
3 A Black-Box Dynamic Analysis for Water Tank Systems
3.1 A Scanning Tool for Graph Analysis of PLC Registers
3.2 Business Process Analysis
3.3 Invariant Analysis
4 Running Example
5 A Methodology to Extrapolate Process Comprehension
5.1 Data Collection and Graph Analysis
5.2 Business Process Analysis
5.3 Process Invariants Analysis
5.4 Discussion
6 Conclusions, Related and Future Work
References
Solutions for Protecting the Space Ground Segments: From Risk Assessment to Emergency Response
1 Introduction
2 Background Analysis
2.1 Critical Infrastructures Crisis Management Process
2.2 Best Practices and Solutions for the Crisis Management Process in CIs
3 7SHIELD Project and Reference Architecture
4 Advanced 7SHIELD Solutions for Space Ground Segments
4.1 CIRP-RAT Tool
4.2 ENGAGE CSIM Solution
4.3 ERP Module
5 Conclusions and Future Work
References
Modelling and Simulation of Railway Networks for Resilience Analysis
1 Introduction
2 Modelling of the Network
2.1 Numerical Simulation Using CaESAR
2.2 Resilience Quantification
2.3 Criticality Assessment
2.4 Impact Propagation
3 Use Case
4 Results
5 Conclusion
References
HoneyChart: Automated Honeypot Management over Kubernetes
1 Introduction
2 Background
2.1 Honeypots
2.2 Kubernetes
2.3 Helm Charts
3 Implementation
3.1 Custom Honeypots
3.2 Pre-built Interfaces
3.3 Automated Port Mapping
4 Deployment
5 Conclusion
References
ComSEC: Secure Communications for Baggage Handling Systems
1 Introduction
2 Related Work
3 ComSEC
3.1 Bridged Interfaces
3.2 Netfilter Modules
3.3 Integrity Enforcer
3.4 Control Packets
3.5 Integrity Verifier
3.6 Alert Exportation Module
4 Implementation
5 Evaluation
6 Conclusion
References
Methodology for Resilience Assessment for Rail Infrastructure Considering Cyber-Physical Threats
1 Introduction
2 Threat Detection
3 Resilience Assessment
3.1 Metro Station Model
3.2 Simulation Specifications
3.3 Simulation Results
4 Metro and Train Infrastructure Network
4.1 Metro Grid
4.2 Agent-based Model
5 Conclusion and Outlook
References
Coverage-Guided Fuzzing of Embedded Systems Leveraging Hardware Tracing
1 Introduction
1.1 Fuzz Testing Embedded Systems
1.2 Hardware Tracing as Feedback Channel
1.3 Contributions
2 Setup for ``Bare-Metal'' Coverage-Guided Fuzz Testing
2.1 Evaluation of a Test Case
2.2 Specific Challenges of Traces Obtained via Periodic PC Sampling
3 Enabling Instruction Coverage-Guided Fuzzing
3.1 Combating False-Positive Detection
3.2 A Time-Efficient Seed Selection Strategy
4 Implementation and Evaluation
4.1 Target System Hardware
4.2 Example 1: Deeply Nested Conditional Statements
4.3 Example 2: Fuzz Testing a JSON Parser
5 Conclusion
References
Challenges and Pitfalls in Generating Representative ICS Datasets in Cyber Security Research
1 Introduction
2 Key Properties of a Representative ICS Dataset
3 Limitations of Existing ICS Datasets
4 Building Testbed for Generating Representative ICS Datasets
4.1 Technical Details About Our Testbed
4.2 Generation of ICS Datasets from Our Testbed
5 Related Work
6 Discussion and Conclusion
References
Securing Cyber-Physical Spaces with Hybrid Analytics: Vision and Reference Architecture
1 Introduction
2 Cyber-Physical Space Protection: A Hybrid Analytics Approach
2.1 Reference Architecture
3 Data Collection
3.1 Cyber Sources: Deep and Dark Web Pages
3.2 Physical Sources: IoT Devices
4 Data Anonymization
4.1 KGen: A Data Anonymization Tool for Structured Data
5 Data Analytics and Monitoring
5.1 Monitor and Analytics of a Physical Environment
5.2 Dark Web Analytics
6 Hybrid Analytic Services
7 Limitation and Threat to Validity
8 Discussion and Conclusion
8.1 Future Work
References
A Precision Cybersecurity Workflow for Cyber-physical Systems: The IoT Healthcare Use Case
1 Introduction
2 The Use Case: IoT Medical Healthcare Scenario
2.1 Security Issues in Telemedicine Ecosystem
2.2 Mitigation Techniques and Current Limitations
3 Methodology
4 Prototype and Experimental Results
4.1 Observe Phase - Determining the Variables and Correlations
4.2 Plan Phase - Establishing Thresholds and Rules
4.3 Do-Check-Act Cycle - A MQTT Monitor
5 Related Work
6 Conclusions
References
2nd International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT & SECOMANE 2022)
Preface
Organization
General Chairs
Program Committee Chairs
A Revisitation of Clausewitz's Thinking from the Cyber Situational Awareness Perspective
1 Introduction
2 Political and Military Objectives in Cyberwarfare
3 Digital Societies and War
4 Friction Forces on Cyberspace
4.1 Cyber Frictions
4.2 Leveraging the Cyber Fog of War
5 Centers of Gravity and Cyberspace
6 Decisive Conditions and Culminating Points
7 Conclusions
References
Examining 5G Technology-Based Applications for Military Communications
1 Introduction
2 Overview of Key Concepts About 5G Technology
3 Applications of 5G for Military Communications
3.1 Internet of Battle Things, Wearables and 5G
3.2 5G for Deployable Headquarters Communications
3.3 A 5G-UAV Ecosystem for Military Communications
3.4 Logistics and Training Applications
3.5 Enhanced Satellite Communications. A Use Case for 5G Non-terrestrial Networks (NTN)
4 5GPP Key Parameters on Military Applications
5 Conclusions
References
Design of a Validation Model of the Cognitive State in Military Operations in Cyberspace
1 Introduction
2 Theoretical Framework
2.1 Military Doctrine
2.2 Cibersecurity in OTAN
2.3 Decision Making
2.4 Stress
2.5 Effect of Cognitive State
3 Biometric Systems
3.1 Brain Computer Interface
4 Research Problem
5 Design of the Cognitive Assessment Model
6 Experiments and Results
6.1 Validation Proposal
6.2 Tests and Validation
6.3 Conclusions
6.4 Future Lines
References
Design and Validation of a Threat Model Based on Cyber Kill Chain Applied to Human Factors
1 Introduction
2 Background
2.1 Cognitive Biases
2.2 Cybersecurity in the Military Field and NATO
3 State of the Art
3.1 Related Works
3.2 Research Problem
4 Methodology
4.1 Cyber Kill Chain Structure
4.2 Reconnaissance Phase
4.3 Weaponization Phase
4.4 Delivery Phase
4.5 Expansion Phase
4.6 Persistence Phase
5 Case Study
5.1 Experimental Background
5.2 Methodology Application
5.3 Objectives Evaluation
6 Conclusion and Future Work
7 Annex I
7.1 Model validation
7.2 Validation Results
References
The Cloud Continuum for Military Deployable Networks: Challenges and Opportunities
1 Introduction
2 Motivation and Related Work
2.1 One Cloud to Rule Them All?
2.2 Fragmenting the Cloud into Fog, Edge and Mist
3 The Cloud Continuum for Military Deployable Networks
3.1 Tactical Edge
3.2 IoBT
3.3 Combat Cloud
3.4 Cyber-Physical Battlefield
3.5 Cyber Warfare
3.6 LEO and NTNs
3.7 Zero-Trust Security
3.8 Digital Twins
3.9 Summary and Research Insights
4 Future Trends and Challenges
4.1 Merging Serverless and Resourceless Computing
4.2 Federated Learning at the Edge
4.3 Energy Management in Constrained Environments
5 Conclusions
References
1st International Workshop on Election Infrastructure Security (EIS 2022)
Preface
Organization
General Chair
Program Committee Chairs
Steering Committee
Steering Committee Chair
Proceedings Chair
Publicity Chair
Program Committee
Ballot-Polling Audits of Instant-Runoff Voting Elections with a Dirichlet-Tree Model
1 Introduction
2 Methods
2.1 Election Audits and the Dirichlet-Tree Model
2.2 Choice of Prior Distribution
2.3 Data
2.4 Benchmarking Experiments
3 Results
3.1 Comparing the Priors
3.2 Pathological Examples
3.3 Bias Induced by Overly Informative Priors
3.4 Comparison with Existing Methods
4 Discussion
References
Non(c)esuch Ballot-Level Comparison Risk-Limiting Audits
1 Introduction: Efficient Risk-Limiting Audits
2 Assumptions
2.1 SHANGRLA Assorters
2.2 Mismatches Between the Numbers of Cards and CVRs
2.3 Limiting Risk When Imprinting and Retrieval Are Untrustworthy
3 Non(c)esuch RLAs
4 Implementation Considerations
5 Conclusion
References
Why Is Online Voting Still Largely a Black Box?
1 Introduction
2 Related Work
3 Background and Overview
3.1 End-to-End Verifiability
3.2 Black-Box System
3.3 Overview
4 Panel Responses from Specialists
4.1 Composition and Setup
4.2 Arguments on Current Election Organizers' Motivation
4.3 Action Proposals to Change Election Organizers' Motivation
5 Exploratory Study for Response Evaluation
5.1 Composition and Setup
5.2 Evaluation Methodology
5.3 Arguments on Current Election Organizers' Motivation
5.4 Action Proposals to Change Election Organizers' Motivation
6 Discussion
7 Conclusion
7.1 Summary
7.2 Outlook
References
Connecting Incident Reporting Infrastructure to Election Day Proceedings
1 Introduction
2 Related Works and Background
2.1 Current State of Incident Reporting with Elections
2.2 How Incidents Are Submitted
2.3 Information Technology Incident Management Systems
3 Survey Design Methodology
3.1 Survey Contents
3.2 Qualitative and Quantitative Analysis Methods
4 Results and Discussion
4.1 Qualitative Response Results
5 Framework for Election Day Incident Protocol Recommendations and Next Steps
5.1 Identification
5.2 Categorization
5.3 Prioritization
5.4 Response
5.5 Conclusion
References
Council of Europe Guidelines on the Use of ICT in Electoral Processes
1 Introduction
2 Development Process
2.1 Role of the Committee on Democracy and Governance
2.2 Process Description
3 Questionnaire
3.1 Definition
3.2 Overview
3.3 Result for ICT in Place
3.4 Result for National Regulatory Frameworks
4 Content of Guidelines CM(2022)10
4.1 G1 Principles and Requirements
4.2 G2 Usability and Accessibility
4.3 G3 Universally Accessible Alternative Solution
4.4 G4 Integrity and Authenticity
4.5 G5 Availability and Reliability
4.6 G6 Secrecy and Confidentiality
4.7 G7 Transparency
4.8 G8 Initial Evaluation
4.9 G9 Risk Management
4.10 G10 Member State's Capacities
4.11 G11 Member State's Responsibility
4.12 G12 Exceptional Circumstances
4.13 G13 Security
5 Discussion and Future Work
5.1 Relationship Between Guidelines CM(2022)10 and Recommendation CM/Rec(2017)5
5.2 Impact
5.3 Limitations
References
1st International Workshop on System Security Assurance (SecAssure 2022)
Preface
Organization
General Chair
Program Committee Chairs
Program Committee
Additional Reviewers
SAEOn: An Ontological Metamodel for Quantitative Security Assurance Evaluation
1 Introduction
2 Related Work
3 Quantitative Security Assurance Evaluation Metamodel
3.1 General Model Structure
3.2 Assurance Metrics Calculation
4 Ontology Design and Construction
4.1 Assurance Component Modeling
4.2 Assurance Metrics Modeling
4.3 Metrics Assignment Modeling
4.4 Individuals Creation
5 Ontology Evaluation
6 Conclusion
References
A Comparison-Based Methodology for the Security Assurance of Novel Systems
1 Introduction
2 Proposed Methodology
3 Example
3.1 Authentication with a Smartcard
3.2 Authentication with SplitKey
3.3 First Intermediate System
3.4 Second Intermediate System
3.5 Comparing the Second Intermediate System and the Smartcard System
3.6 Propagation of the Security Requirements
4 Conclusion
References
Automation of Vulnerability Information Extraction Using Transformer-Based Language Models
1 Introduction
1.1 Proposed Approach
1.2 Our Contributions
1.3 Paper Roadmap
2 Related Works
3 Background
4 Our Approach
4.1 Data Preparation
4.2 Co-reference Resolution
4.3 Application of NER
4.4 Experiments
4.5 Discussion
5 Conclusion
References
Product Incremental Security Risk Assessment Using DevSecOps Practices
1 Introduction
2 Incremental Risk Assessment and DevSecOps
2.1 DevSecOps Practices
2.2 The Need for Incremental and Continuous Risk Assessment
2.3 Requirements for Flexible Incremental Risk Assessment
2.4 Current Practices of Incremental Software Risk Assessment
3 Modeling DevSecOps and Incremental Risk Assessment Processes
3.1 Defining Core Risk Components
3.2 Input
3.3 Risk Assessment Computation Model
3.4 Incremental Risk Assessment Process for DevSecOps Approach
3.5 Composing Incremental Risk Assessment and DevSecOps Processes
4 Illustration of Benefits of Incremental Risk Assessment in DevSecOps
4.1 Secure Firewall Update Case Study
4.2 Implementation of Incremental Risk Assessment in a DevSecOps Process
5 Conclusion and Future Work
References
SLIME: State Learning in the Middle of Everything for Tool-Assisted Vulnerability Detection
1 Introduction
1.1 Background and Related Work
1.2 Contributions
2 Design of the SLIME Framework
2.1 Test Harness
2.2 MITM Actions
2.3 Example System
3 Automatic State Machine Annotation for Vulnerability Detection
3.1 Happy Path Bypass
3.2 Anomalous Message Access
3.3 Other Opportunities for Automated Support
4 Results
5 Conclusions
5.1 Limitations and Future Work
References
Author Index