I. B. Shubinsky,E. N. Rozenberg

DOI: https://doi.org/10.21683/1729-2646-2023-23-3-38-45

2023-08-22

Dependability

Abstract:Aim . The paper aims to solve the problem of objective and confident functional safety (FS) evaluation of intelligent control systems (ICS). As regards ICS, the conventional methods, due to their particular features, do not allow for a sufficiently confident estimation of the actual state of FS. The above features include primarily the nondistinct architecture of ICS and the changing connections between the system elements. Methods . Substantiating ICS FS requires using the complete arsenal of known methods and means recommended in GOST 33432-2015 [1], including managerial measures defined by the requirements for the safety policy, program and case. The authors have analysed the capability to prove ICS FS using experimental, expert, analytical, technological, and simulation-based methods. The limitations of some methods as regards ICS FS substantiation have been established. Results . The authors suggest a heuristic graph-based semi-Markov (Markov) method of proving system FS. For the purpose of substantiating ICS FS, it is recommended using the heuristic graph-based method combined with the technological method defined in GOST R IEC 61508 [2–4]. They don’t only allow confidently evaluating the FS of intelligent systems, but developing recommendations for achieving acceptable safety levels of such systems.

Alexander Barabanov,Alexey Markov,Valentin Tsirlov

DOI: https://doi.org/10.48550/arXiv.1306.1953

2013-06-08

Cryptography and Security

Abstract:Traditional technologies of firewall testing are overlooked. A new formalized approach is presented. Recommendations on optimization of test procedures are given.

Alexey Markov

DOI: https://doi.org/10.48550/arXiv.1306.1958

2013-06-09

Abstract:An overview and classification of software testing models are done. Recommendations on the choice of models are proposed

Software Engineering

Pavel Zaporotskov,Rosreestr for Volgograd Region,

DOI: https://doi.org/10.15688/nbit.jvolsu.2020.4.3

2021-03-01

NBI Technologies

Abstract:Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

Michael Matthias Naumann,Stelian Mircea Olaru,Georg Sven Lampe,Fabian Pitz

DOI: https://doi.org/10.2478/picbe-2024-0043

2024-06-01

Proceedings of the International Conference on Business Excellence

Abstract:Abstract In the current global context, companies need a defined minimum level of information security to recognize and deal with related threats and risks. Due to market, customer or legal requirements, specifications and requirements for information security are implemented uniformly according to standards such as the information security management standard ISO/IEC 27001 or industry-specific standards such as Trusted Information Security Assessment Exchange - TISAX, ISO IEC 27019 Energy Utility Information Security Standard. The conformity to these standard requirements within the established management system is checked during periodically required audits. However, there are various reasons for which, even after many years of audits in companies, there are still insufficient process implementations for information security requirements. The aim of the paper is to analyze the status of conformity and thus also the process maturity in selected samples of companies that have already had information security management systems (ISMS) implemented for several years. In detail, the reasons for deviations from the minimum requirements with associated risks for the security of information in companies were analyzed, which allow conclusions to be drawn about possible process improvements. The paper also analyzes why, despite established measures and existing expertise, only a limited level of process maturity is achieved on average. Other possible approaches to the implementation procedure for dealing with non-conformities in information security are also considered. The results of this research show that there is a need for an adjusted continuous improvement process, which makes risks resulting from insufficient process maturity more visible. Proposals for such improvements are listed.

Patrick Stöckle,Michael Sammereier,Bernd Grobauer,Alexander Pretschner

DOI: https://doi.org/10.1109/AST58925.2023.00013

2023-03-10

Abstract:Insecure default values in software settings can be exploited by attackers to compromise the system that runs the software. As a countermeasure, there exist security-configuration guides specifying in detail which values are secure. However, most administrators still refrain from hardening existing systems because the system functionality is feared to deteriorate if secure settings are applied. To foster the application of security-configuration guides, it is necessary to identify those rules that would restrict the functionality. This article presents our approach to use combinatorial testing to find problematic combinations of rules and machine learning techniques to identify the problematic rules within these combinations. The administrators can then apply only the unproblematic rules and, therefore, increase the system's security without the risk of disrupting its functionality. To demonstrate the usefulness of our approach, we applied it to real-world problems drawn from discussions with administrators at Siemens and found the problematic rules in these cases. We hope that this approach and its open-source implementation motivate more administrators to harden their systems and, thus, increase their systems' general security.

Software Engineering

O I Bokova,O M Bulgakov,A S Etepnev,E A Rogozin

DOI: https://doi.org/10.1088/1742-6596/1479/1/012022

2020-03-01

Journal of Physics: Conference Series

Abstract:Abstract The article completes the cycle the articles by the authors assessing reliability of information security systems from the unauthorized access to automated systems. In includes previously unpublished materials. The article discloses main directions to improve methods and procedures for assessing reliability of the information security systems from the unauthorized access to automated systems. There is modification of the traditional static method to assess the functional reliability of the information security systems from the unauthorized access to investigate their operation in the dynamic (real) functioning mode and to quantify reliability of the information security systems, including development of adequate indicators, models and algorithms. Main stages and procedures for forming the reliability assessment method were developed as a technological scheme with demonstration of the main stages to implement the proposed methods in the current normative-technical documentation.

Valentyn Gaman,Serhii Kursin,Oleh Velychko,,,

DOI: https://doi.org/10.23939/istcmtm2023.03.047

2023-01-01

Measuring Equipment and Metrology

Abstract:The legal metrology covers measuring instruments (MI), the measurement results of which are used in calculations for consumed energy resources, in the fields of information protection, security, environmental protection, etc. Most modern MIs use microcontrollers or are controlled by computers. The software (SW) of such MIs provides an opportunity not only to automate the processes of measurement and calculation of results but also to ensure long-term storage and data transfer. The manufacturer is responsible for investigating and assessing all possible risks related to the MI SW. The task of the conformity assessment body is to assess the conformity of MIs adequately in general and software, in particular, to the established requirements based on the analysis of risk classes. Standards for information security risk management, information technology security assessment, and information technology security assessment criteria consider only general issues of software security and risk assessment without taking into account the scope of its application. The existing regulatory documents on software risk management were considered. Modern methods of assessing the risks of the MI SW were studied. To assess the risks of software of legally regulated MIs, a general classification of threats and vulnerabilities of MI SW was made. For choosing threats that affect functionality, only those that affect metrological characteristics during measurement are taken into account. Possible manifestations of the impact of threats on stored data can be their distortion or destruction, and transmissions of data can be data distortion during transmission or data loss due to a break in the telecommunications connection. A proposed simplified risk assessment methodology for assessing the compliance of MI SW without statistical data on the probabilities of threats and the amount of harm from the implementation of threats is presented. Risk is defined as the probability of harm due to a certain vulnerability, taking into account the conditional amount of harm.

Tomas Kulik,Brijesh Dongol,Peter Gorm Larsen,Hugo Daniel Macedo,Steve Schneider,Peter Würtz Vinther Tran-Jørgensen,Jim Woodcock

DOI: https://doi.org/10.48550/arXiv.2109.01362

2021-09-03

Abstract:In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this field.

Formal Languages and Automata Theory,Cryptography and Security

Alessandro Cimatti,Marco Roveri,Angelo Susi,Stefano Tonetta

DOI: https://doi.org/10.4204/EPTCS.20.7

2012-06-27

Abstract:The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both for requirements and for design validation. Nevertheless, while for the verification of the design, many formal techniques have been conceived and applied, the research on formal methods for requirements validation is not yet mature. The main obstacles are that, on the one hand, the correctness of requirements is not formally defined; on the other hand that the formalization and the validation of the requirements usually demands a strong involvement of domain experts. We report on a methodology and a series of techniques that we developed for the formalization and validation of high-level requirements for safety-critical applications. The main ingredients are a very expressive formal language and automatic satisfiability procedures. The language combines first-order, temporal, and hybrid logic. The satisfiability procedures are based on model checking and satisfiability modulo theory. We applied this technology within an industrial project to the validation of railways requirements.

Software Engineering

Weiguang Wang,Qingkai Zeng,Aditya P. Mathur

DOI: https://doi.org/10.1109/qsic.2012.34

2012-01-01

Abstract:Formal specification is usually employed to avoid ambiguity of security requirements. However, it is hard to assure correctness of this formal model and its conformance with security implementation. In this paper, a framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure. Formal requirements are verified following integrated steps and formulae. Verified specification is used as the basis for security functional test and a test criterion called strict schema coverage is developed to derive tests. The framework is supported by Z specification Based Security Assurance Toolkit (ZBSAT). Empirical results on Chinese Wall Model (CWM) policy and its implementation demonstrate its feasibility. In addition, comparison results of mutation test explore the efficiency of this test approach.

Eduardo dos Santos,Andrew Simpson,Dominik Schoop

DOI: https://doi.org/10.4204/EPTCS.271.7

2018-05-15

Abstract:Ensuring a car's internal systems are free from security vulnerabilities is of utmost importance, especially due to the relationship between security and other properties, such as safety and reliability. We provide the starting point for a model-based framework designed to support the security testing of modern cars. We use Communicating Sequential Processes (CSP) to create architectural models of the vehicle bus systems, as well as an initial set of attacks against these systems. While this contribution represents initial steps, we are mindful of the ultimate objective of generating test code to exercise the security of vehicle bus systems. We present the way forward from the models created and consider their potential integration with commercial engineering tools

Cryptography and Security,Software Engineering

Andrzej Bialas

DOI: https://doi.org/10.3390/s19112518

2019-06-01

Abstract:There are more and more applications of sensors in today's world. Moreover, sensor systems are getting more complex and they are used for many high-risk security-critical purposes. Security assurance is a key issue for sensors and for other information technology (IT) products. Still, sensor security facilities and methodologies are relatively poor compared to other IT products. That is why a methodical approach to the sensor IT security is needed, i.e., risk management, implementation of countermeasures, vulnerability removal, and security evaluation and certification. The author proposes to apply the main security assurance methodology specified in ISO/IEC 15408 Common Criteria to solve specific security problems of sensors. A new Common Criteria compliant method is developed which specifies the vulnerability assessment process and related data in a structured way. The input/output data of the introduced elementary evaluation processes are modeled as ontology classes to work out knowledge bases. The validation shows that sensor-specific knowledge can be acquired during the vulnerability assessment process and then placed in knowledge bases and used. The method can be applied in different IT products, especially those with few certifications, such as sensors. The presented methodology will be implemented in a software tool in the future.

Oleh Velychko,Oleh Hrabovskyi,Tetyana Gordiyenko

DOI: https://doi.org/10.15587/1729-4061.2019.175811

2019-08-13

Abstract:A comparative analysis of the results of conformity assessment of software for measuring instruments (MI) was carried out. For comparative evaluation, eight MI software with built-in and universal computers were selected. Selected MI software was preliminarily evaluated by methods and algorithms that are based on the requirements of national standards and documents of international and regional legal metrology organizations OIML and WELMEC. Based on the results of the analysis of the requirements of the WELMEC guidelines for testing MI software, generalized and particular indicators were selected for assessing the quality of MI software. Expressions to obtain the numerical value of each partial indicator for each generalized indicator was generated. For comparative evaluation, the analytic hierarchy process (AHP) was chosen, since it allows comparing and quantifying alternative solutions. For the purpose of relevant comparison, when evaluating a specific MI software, all compared elements were taken into account. The latter were grouped into generalized indicators, each of which was evaluated separately. Pairwise comparisons and all other stages of assessment using AHP were carried out on the basis of generalized indicators. For pairwise comparison of all quantitative and qualitative indicators with the presentation of the equation in a quantitative form, the Saati scale was used. The weight coefficients of each partial indicator were determined by the expert method. The main indicators for MI software with a built-in and universal computer were determined, which have the greatest impact on the results of conformity assessment. It was found that without the presentation of documentation and identification of MI software with built-in and universal computers, it is impossible to begin the conformity assessment procedure in accordance with the requirements. The test indicator of storage devices and the special test indicator of software for particular MI are some of the significant indicators. At the same time, the reading test indicator and the test indicator of software separation levels are practically not applicable and can be neglected.

Sayed Amir Reza Mortazavi,Faramarz Safi-Esfahani

DOI: https://doi.org/10.1007/s41870-019-00302-0

2019-04-22

International Journal of Information Technology

Abstract:Today, information is rapidly increasing. For most of this information, data security and protection from unauthorized access are of great importance. Maybe information is created by an individual or a few people, but creating security for the information should be done by all assets of hardware, software and people. This entails organizing all elements of the system, and training and monitoring the performance of the people. One of the standards provided for the creation of security is ISMS. This standard is intended to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a system in terms of security. ISMS receives several parameters from users, assesses the risks and offers some controls (guidelines) to improve them. Collecting primary parameters is also very important in ISMS. Usually these parameters are collected personally, which result in getting inaccurate outcomes. The most important parameters include confidentiality, integrity, availability, threat and vulnerability. This paper tries to provide a method based on checklists so that by assessing the users’ responses to these checklists, one can more accurately insert the vulnerability parameter value as a standard input of ISMS, in order to gain better outcomes, and more accurately perform choice of controls. In the assessment, the standard deviation method is calculated, and comparison between the common mode of ISMS and the proposed method shows that the latter works 30% better than the conventional method. People may refuse to respond sincerely due to different reasons, and the percentage of the results may differ, since the results are obtained as cross-sectional at a certain time.

Atif Mashkoor,Michael Leuschel,Alexander Egyed

DOI: https://doi.org/10.1109/icse-nier52604.2021.00009

2021-05-01

Abstract:Traditionally, practitioners use formal methods predominately for one half of the quality-assurance process: verification (do we build the software right?). The other half - validation (do we build the right software?) - has been given comparatively little attention. While verification is the core of refinement-based formal methods, where each new refinement step must preserve all properties of its abstract model, validation is usually postponed until the latest stages of the development, when models can be automatically executed. Thus mistakes in requirements or in their interpretation are caught too late: usually at the end of the development process. In this paper, we present a novel approach to check compliance between requirements and their formal refinement-based specification during the earlier stages of development. Our proposed approach - "validation obligations" - is based on the simple idea that both verification and validation are an integral part of all refinement steps of a system.

Cataldo Basile,Gabriele Gatti,Francesco Settanni

2024-05-06

Abstract:Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

Cryptography and Security

Yu.S. Tverskoy,I.A. Kolesov,A.V. Golubev,I.K. Muravyov,J.A. Gaidina,,,,,

DOI: https://doi.org/10.17588/2072-2672.2022.3.045-056

2022-06-30

Vestnik IGEU

Abstract:Modern production machinery is equipped with multifunctional automated process control systems (APCS) based on software and hardware complexes (SHC) of a network hierarchical structure. The experience of designing and operating multifunctional process control systems proves that the efficiency of the systems being developed significantly depends on the array of problems at different stages of the technology design and system modernization. It is to be developed, both at the fundamental level of local automatic control systems and at a higher level of hierarchical system structure. At the same time, special attention is paid to the software failure, which is fixed, as a rule, by periodically updating all the content. For process control systems, such an approach under the operation conditions of power equipment is unacceptable. In this regard, the effectivity problems of complex systems are to be classified in terms of technological process factors, the theory of automatic control and instrumental factors associated with the proper software implementation. As a theoretical basis to solve the problem of information sufficiency and synthesis of structurally stable systems, the methods of potentials and coordinates of the thermodynamics of irreversible processes are used. The testing method is applied as a tool to analyze and diagnose software and hardware tools. The authors have defined three groups of factors: system, controller and local. The task to analyze the conformity of information and algorithmic support means to expert and verify the absence of defects in the software of a multifunctional system and the fulfillment of the declared requirements. The automated testing system is a unified environment to analyze the execution of test scenarios. It provides continuous validation and verification of the information and algorithmic support of the SHC. In particular, a methodology has been developed to carry out resource tests of the software and hardware complex and checking the operation of the mechanisms for backing up, synchronizing, and replacing its components by simulating failures in the processor modules, hardware and software components. A set of methodological factors has been defined to develop advanced software and hardware systems for process control systems. It significantly affects the adequacy of the information and algorithmic support of a complex system. A technology of automated testing of software and hardware tools of the SHC has been developed. Methods to solve interdisciplinary problems are generalized. The authors recommend solving the problems at the earlier stages of a complex system design. The proposed technology to develop and diagnose automatically software and hardware of the SHC by implementing a single environment to study, compare and detect the defects of the SHC software throughout the entire life cycle of the process control system allows you to identify and eliminate the mutual negative influence of the SHC components both at the development stage and at the stage of the subsequent system organization, including solving the problem of information security at the stage of system installation and operation. The developed approach to solve complex interdisciplinary problems that require solution at the early stages of designing complex systems makes it possible to avoid fundamentally erroneous decisions and increase the competitiveness of the SHC as a systemically important APCS complex at the time of installation.

Mukund Bhole,Wolfgang Kastner,Thilo Sauter

DOI: https://doi.org/10.1109/ETFA52439.2022.9921549

2023-06-22

Abstract:Todays industrial control systems consist of tightly coupled components allowing adversaries to exploit security attack surfaces from the information technology side, and, thus, also get access to automation devices residing at the operational technology level to compromise their safety functions. To identify these concerns, we propose a model-based testing approach which we consider a promising way to analyze the safety and security behavior of a system under test providing means to protect its components and to increase the quality and efficiency of the overall system. The structure of the underlying framework is divided into four parts, according to the critical factors in testing of operational technology environments. As a first step, this paper describes the ingredients of the envisioned framework. A system model allows to overview possible attack surfaces, while the foundations of testing and the recommendation of mitigation strategies will be based on process-specific safety and security standard procedures with the combination of existing vulnerability databases.

Software Engineering,Systems and Control

Zhou Jiang,Li Zheng,Fujiang Liu,Qing Xiang

DOI: https://doi.org/10.1109/ieem.2011.6118251

2011-01-01

Abstract:The overall framework and principles of conformance and testing have been described by the series standards of ISO/IEC 9646. However, those standards fail to present a feasible tool to execute the testing. In this paper, a new practical conformance testing method based on standard is presented. First, the system under test(SUT) answers to the Implementation Conformance Statement (ICS) proforma designed by the testing laboratory based on the basis standard, then the corresponding use cases for testing could be settled based on the answers and the testing proforma could be designed accordingly, establishing a practical mechanism to instantiate the Executable Test Suite (ETS) with the Abstract Test Suite (ATS). Additionally, a number of experiments were performed to certify the validity of our method. The results indicate that the method can be popularized in the field of standardization.