Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Noor Suhani Sulaiman,Muhammad Ashraf Fauzi,Walton Wider,Jegatheesan Rajadurai,Suhaidah Hussain,Siti Aminah Harun

DOI: https://doi.org/10.3390/socsci11090386

2022-08-30

Social Sciences

Abstract:Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

English Else

Agria Rhamdhan,Nugroho Adi Wibowo,Muhamad Tegar Sabila,Ahmad Zainudin Mahfud,Dimas Febriyan Priambodo

DOI: https://doi.org/10.1109/ICE3IS59323.2023.10335475

2023-08-09

Abstract:In an increasingly digital environment, operating systems have developed to prioritize speed, efficiency, and security in order to satisfy the needs of its users. The importance of operating system security increases as more sensitive data is stored digitally. The DICARe method is used to conduct a systematic literature review in this study. The DICARe stands for define, identify, classify, analyze, and report. Five research questions were used to guide the evaluation process, focusing on topics including publication frequency, source nation, study design, OS types, and security concerns. Following the research questions, the researchers located 55 publications that satisfied all requirements and addressed the distribution and security challenges that arose from those papers.

Computer Science

Hussain Ahmad,Isuru Dharmadasa,Faheem Ullah,M. Ali Babar

DOI: https://doi.org/10.1145/3558001

2022-01-31

Abstract:Command, Control, Communication, and Intelligence (C3I) systems are increasingly used in critical civil and military domains for achieving information superiority, operational efficacy, and greater situational awareness. Unlike traditional systems facing widespread cyber-attacks, the sensitive nature of C3I tactical operations make their cybersecurity a critical concern. For instance, tampering or intercepting confidential information in military battlefields not only damages C3I operations, but also causes irreversible consequences such as loss of human lives and mission failures. Therefore, C3I systems have become a focal point for cyber adversaries. Moreover, technological advancements and modernization of C3I systems have significantly increased the potential risk of cyber-attacks on C3I systems. Consequently, cyber adversaries leverage highly sophisticated attack vectors to exploit security vulnerabilities in C3I systems. Despite the burgeoning significance of cybersecurity for C3I systems, the existing literature lacks a comprehensive review to systematize the body of knowledge on C3I systems' security. Therefore, in this paper, we have gathered, analyzed, and synthesized the state-of-the-art on the cybersecurity of C3I systems. In particular, this paper has identified security vulnerabilities, attack vectors, and countermeasures/defenses for C3I systems. Furthermore, our survey has enabled us to: (i) propose a taxonomy for security vulnerabilities, attack vectors and countermeasures; (ii) interrelate attack vectors with security vulnerabilities and countermeasures; and (iii) propose future research directions for advancing the state-of-the-art on the cybersecurity of C3I systems.

Cryptography and Security,Systems and Control

Manish Bhurtel,Danda B. Rawat

DOI: https://doi.org/10.3390/fi15070248

2023-07-25

Future Internet

Abstract:Operating systems play a crucial role in computer systems, serving as the fundamental infrastructure that supports a wide range of applications and services. However, they are also prime targets for malicious actors seeking to exploit vulnerabilities and compromise system security. This is a crucial area that requires active research; however, OS vulnerabilities have not been actively studied in recent years. Therefore, we conduct a comprehensive analysis of OS vulnerabilities, aiming to enhance the understanding of their trends, severity, and common weaknesses. Our research methodology encompasses data preparation, sampling of vulnerable OS categories and versions, and an in-depth analysis of trends, severity levels, and types of OS vulnerabilities. We scrape the high-level data from reliable and recognized sources to generate two refined OS vulnerability datasets: one for OS categories and another for OS versions. Our study reveals the susceptibility of popular operating systems such as Windows, Windows Server, Debian Linux, and Mac OS. Specifically, Windows 10, Windows 11, Android (v11.0, v12.0, v13.0), Windows Server 2012, Debian Linux (v10.0, v11.0), Fedora 37, and HarmonyOS 2, are identified as the most vulnerable OS versions in recent years (2021–2022). Notably, these vulnerabilities exhibit a high severity, with maximum CVSS scores falling into the 7–8 and 9–10 range. Common vulnerability types, including CWE-119, CWE-20, CWE-200, and CWE-787, are prevalent in these OSs and require specific attention from OS vendors. The findings on trends, severity, and types of OS vulnerabilities from this research will serve as a valuable resource for vendors, security professionals, and end-users, empowering them to enhance OS security measures, prioritize vulnerability management efforts, and make informed decisions to mitigate risks associated with these vulnerabilities.

Luyang Liu,Zaman Sajid,Costas Kravaris,Faisal Khan

DOI: https://doi.org/10.1016/j.psep.2024.03.088

IF: 7.8

2024-05-01

Process Safety and Environmental Protection

Abstract:Due to cyber threats, Process Control Systems (PCS) are increasingly at risk in the interconnected world. This review elucidates PCS's mounting cybersecurity challenges, underscored by past incidents. Utilizing the National Institute of Standards and Technology (NIST) framework, we emphasize the importance of a comprehensive approach to cybersecurity, spanning risk identification to its mitigation. This systematic framework comprises five pillars: risk identification, protective measures, active threat detection, timely incident response, and post-attack recovery. This study then delves into the range of cyber-attack detection algorithms, from traditional fault detection and isolation techniques to advanced machine learning-based methods, qualitative models, hybrid approaches, and signature-based methods. Notwithstanding the progress, research gaps, challenges, and a demand for a proactive path forward remain. This study proposes a path forward that integrates the digital system with a resilient control system to ensure the security of the process control systems and a harmonious blend of domain expertise and evolving technological innovations.

engineering, environmental, chemical

Muhammad Kashif,Sheraz Arshad Malik,Muhammad Abdullah,Muhammad Umair,Prince Waqas Khan

DOI: https://doi.org/10.14569/ijacsa.2018.090629

2018-01-01

Abstract:Cyber security plays an important role to secure the people who use internet via different electronic devices in their daily life. Some causes occurred all over world that people face problems when they connect their devices and system via internet. There are some highly sensitive data like biotechnology and military assets which are highly threatened by the hackers; cyber security plays a vital role in securing such data. Misusing the internet becomes a current issue in different sectors of life especially in social media, universities and government organizations. Internet is very useful for students in study institutes and employees who work in different organizations. Internet source gives the facility to people to fetch some information via internet. However, they must be protected when use the internet and secure for any unauthorized access. In this paper we have covered the different aspect of cyber security and Network security in the modern era. We have also tried to cover the threats in Intranet of organizations.

Houda Harkat,Luis M. Camarinha-Matos,João Goes,Hasmath F.T. Ahmed

DOI: https://doi.org/10.1016/j.cie.2024.109891

IF: 7.18

2024-02-01

Computers & Industrial Engineering

Abstract:In recent years, cyber-physical systems (CPS) have been to many vital areas, including medical devices, smart cars, industrial systems, energy grid, etc. As these systems increasingly rely on Internet, ensuring their security requirements, which are different from those of ordinary information technology systems, has become an important research topic. However, the area is not yet well structured and, therefore, it is essential to review and analyze recent work in this field to better understand the adopted approaches and also to identify corresponding gaps and future interesting research directions. This article is based on a systematic literature review that addresses core issues in CPS security. Part of the focus is placed on the defense mechanisms introduced to help the system fully recover from attacks. However, the framework devoted to risk/threat assessments has also been highlighted, as there is a substantial need to strengthen the systems architecture to be more proactive. In addition, the ethical and societal impact of CPS is emphasized since it is essential to get a vision of the unintended outcomes of the possible evolution of these systems.

computer science, interdisciplinary applications,engineering, industrial

Najat Tissir,Said El Kafhali,Noureddine Aboutabit

DOI: https://doi.org/10.1007/s40860-020-00115-0

2020-10-19

Journal of Reliable Intelligent Environments

Abstract:Cloud Computing is an emerging paradigm that is based on the concept of distributed computing. Its definition is related to the use of computer resources which are offered as a service. As with any novel technology, Cloud Computing is subject to security threats, vulnerabilities, and attacks. Recently, the studies on security impact include the interaction of software, people and services on the Internet and that is called cyber-security or cyberspace security. In spite of various studies, we still fail to define the needs of cybersecurity management in Cloud Computing. This paper principally focuses on a comprehensive study of Cloud Computing concerns, security, cybersecurity differences, ISO, and NIST standards. It aims at identifying the policies and the guidelines included in these standards as well as it provides a comprehensive Framework proposal to manage and prevent cyber risks in Cloud Computing taking into consideration the ISO 27,032, ISO 27,001, ISO 27,017 and NIST cybersecurity Framework CSF. In addition to that, our study pinpoints at the criteria that concern measuring the maturity of organizations that implement the framework. Our objective is to provide guidance to organizations on how to establish their proper approach of cybersecurity risk management in Cloud Computing or to complement their ‘already have’ processes.

Ejiofor Oluomachi,Akinsola Ahmed,Wahab Ahmed,Edozie Samson

DOI: https://doi.org/10.29322/IJSRP.14.02.2023.p14610

2024-04-17

Abstract:This article assesses the effectiveness of current cybersecurity regulations and policies in the United States amidst the escalating frequency and sophistication of cyber threats. The focus is on the comprehensive framework established by the U.S. government, with a spotlight on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and key regulations such as HIPAA, GLBA, FISMA, CISA, CCPA, and the DOD Cybersecurity Maturity Model Certification. The study evaluates the impact of these regulations on different sectors and analyzes trends in cybercrime data from 2000 to 2022. The findings highlight the challenges, successes, and the need for continuous adaptation in the face of evolving cyber threats

Cryptography and Security,Computers and Society

Bilgin Metin,Fatma Gül Özhan,Martin Wynn

DOI: https://doi.org/10.3390/electronics13214226

IF: 2.9

2024-10-29

Electronics

Abstract:As businesses increasingly adopt digital processes and solutions to enhance efficiency and productivity, they face heightened cybersecurity threats. Through a systematic literature review and concept development, this article examines the intersection of digitalisation and cybersecurity. It identifies the methodologies and tools used for cybersecurity assessments, factors influencing the adoption of cybersecurity measures, and the critical success factors for implementing these measures. The article also puts forward the concept of cybersecurity governance process categories, which are used to classify the factors uncovered in the research. Findings suggest that current information security standards tend to be too broad and not adequately tailored to the specific needs of small and medium-sized enterprises (SMEs) when implementing emerging technologies, like Internet of Things (IoT), blockchain, and artificial intelligence (AI). Additionally, these standards often employ a top-down approach, which makes it challenging for SMEs to effectively implement them, as they require more scalable solutions tailored to their specific risks and limited resources. The study thus proposes a new framework based on the Plan-Do-Check model, built around the cybersecurity governance process categories and the three core pillars of governance, culture and standards. This is essentially a bottom-up approach that complements current top-down methods, and will be of value to both information technology (IT) professionals as an operational guide, and to researchers as a basis for future research in this field.

engineering, electrical & electronic,computer science, information systems,physics, applied

Youssef Bassil

DOI: https://doi.org/10.48550/arXiv.1204.0197

2012-04-01

Operating Systems

Abstract:Operating systems are vital system software that, without them, humans would not be able to manage and use computer systems. In essence, an operating system is a collection of software programs whose role is to manage computer resources and provide an interface for client applications to interact with the different computer hardware. Most of the commercial operating systems available today on the market have buggy code and they exhibit security flaws and vulnerabilities. In effect, building a trusted operating system that can mostly resist attacks and provide a secure computing environment to protect the important assets of a computer is the goal of every operating system manufacturer. This paper deeply investigates the various security features of the two most widespread and successful operating systems, Microsoft Windows and Linux. The different security features, designs, and components of the two systems are to be covered elaborately, pin-pointing the key similarities and differences between them. In due course, a head-to-head comparison is to be drawn for each security aspect, exposing the advantage of one system over the other.

Muhammad Rizwan Asghar,Qinwen Hu,Sherali Zeadally

DOI: https://doi.org/10.1016/j.comnet.2019.106946

IF: 5.493

2019-12-01

Computer Networks

Abstract:<p>Industrial Control Systems (ICSs) play an important role in today's industry by providing process automation, distributed control, and process monitoring. ICS was designed to be used in an isolated area or connected to other systems via specialised communication mechanisms or protocols. This setup allows manufacturers to manage their production processes with great flexibility and safety. However, this design does not meet today's business requirements to work with state-of-the-art technologies such as Internet-of-Things (IoT) and big data analytics. In order to fulfil industry requirements, many ICSs have been connected to enterprise networks that allow business users to access real-time data generated by power plants. At the same time, this new design opens up several cybersecurity challenges for ICSs.</p><p>We review possible cyber attacks on ICSs, identify typical threats and vulnerabilities, and we discuss unresolved security issues with existing ICS cybersecurity solutions. Then, we discuss how to secure ICSs (<em>e.g.,</em> using risk assessment methodologies) and other protection measures. We also identify open security research challenges for ICSs, and we present a classification of existing security solutions along with their strengths and weaknesses. Finally, we provide future research directions in ICS security.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yuchong Li,Qinghui Liu

DOI: https://doi.org/10.1016/j.egyr.2021.08.126

IF: 5.2

2021-11-01

Energy Reports

Abstract:At present, most of the economic, commercial, cultural, social and governmental activities and interactions of countries, at all levels, including individuals, non-governmental organizations and government and governmental institutions, are carried out in cyberspace. Recently, many private companies and government organizations around the world are facing the problem of cyber-attacks and the danger of wireless communication technologies. Today’s world is highly dependent on electronic technology, and protecting this data from cyber-attacks is a challenging issue. The purpose of cyber-attacks is to harm companies financially. In some other cases, cyber-attacks can have military or political purposes. Some of these damages are: PC viruses, knowledge breaks, data distribution service (DDS) and other assault vectors. To this end, various organizations use various solutions to prevent damage caused by cyber-attacks. Cyber security follows real-time information on the latest IT data. So far, various methods had been proposed by researchers around the world to prevent cyber-attacks or reduce the damage caused by them. Some of the methods are in the operational phase and others are in the study phase. The aim of this study is to survey and comprehensively review the standard advances presented in the field of cyber security and to investigate the challenges, weaknesses and strengths of the proposed methods. Different types of new descendant attacks are considered in details. Standard security frameworks are discussed with the history and early-generation cyber-security methods. In addition, emerging trends and recent developments of cyber security and security threats and challenges are presented. It is expected that the comprehensive review study presented for IT and cyber security researchers will be useful.

energy & fuels

Kashif Ishaq,Sidra Fareed

2023-08-26

Abstract:In the wake of the arrival of digital media, the Internet, the web, and online social media, a flood of new cyber security research questions have emerged. There is a lot of money being lost around the world because of cyber-attacks. As a result, cyber security has emerged as one of the world's most complex and pressing issues. Cyber security experts from both industry and academia institutions are now analyzing current cyber-attacks occurring around the world and developing various strategies to defend systems from possible cyber-threats and attacks. This paper examines recent cyber security attacks as well as the financial losses incurred as a result of the growing number of cyber-attacks. Our findings indicate that the majority of the research chosen for this study focused solely on a small number of widespread security flaws, such as malware, phishing, and denial-of-service attacks. A total of over 50 major studies that have been published in reputable academic journals and conferences have been chosen for additional examination. A taxonomy of cyber-attacks elements that is based on the context of use in various environments has also been suggested, in addition to a review of the most recent studies on countermeasures for cyber-attacks being the state of the art. Lastly, the research gaps in terms of open issues have been described in order to offer potential future directions for the researchers working in the field of cyber security.

Cryptography and Security

Robert Bazuku,Anaamotulim Anab,Seth Gyemerah,Mohammed I. Daabo

DOI: https://doi.org/10.9734/ajrcos/2023/v16i4380

2023-10-20

Asian Journal of Research in Computer Science

Abstract:This article presents an overview of computer operating systems (OS) and emerging trends. OS is simply defined as an interface between computer hardware and the user. The objective of the study is to investigate the emerging trends of OS and to find out the direction of OS for modern computing systems. To achieve this goal the paper looks at the concepts of OS, its underlying architectures and evolution. The papers also outline the components of the OS provide knowledge on security issues with OS architectures and provide best practices to secure OS. The paper found out that the current trends in OS include IoT OS, Cloud OS, AI-powered OS, Blockchain OS, Hybrid OS and Container OS. The paper compares the strengths and weaknesses of the major OS. The Paper proposes a double-layer security approach where the OS is hardened with security policies and embedding security protocols in the Hardware architecture of the OS. It was discovered that every technology comes with its unique architecture and OS. This makes it worrisome for engineers to crack their brains to develop such a system. The paper further proposes the development of a universal OS for all architectures leaving room for further expansion while mitigating power consumption issues by incorporating green computing technology in the design architecture.

Abdelhadi Zineddine,Oumaima Chakir,Yassine Sadqi,Yassine Maleh,Gurjot Singh Gaba,Andrei Gurtov,Kapal Dev

DOI: https://doi.org/10.1016/j.compeleceng.2024.109137

2024-04-01

Abstract:Cybersecurity assessments are critical for ensuring that security measures in organizational infrastructures, systems, and applications meet necessary requirements. Given the significant HTTPS vulnerabilities exposed in recent years, assessing HTTPS deployments is increasingly important. However, there has been no systematic literature review (SLR) comparing different cybersecurity assessment methods specifically for HTTPS deployment security issues. This study aims to address this gap by identifying, analyzing, and comparing various HTTPS deployment assessment methods documented in scientific literature. Our approach involved a structured research methodology with specific inclusion and exclusion criteria for selecting relevant methods. The review utilizes 16 comparison metrics, divided into two categories: critical security metrics, focusing on assessment metrics adopted and the number of vulnerabilities evaluated by each method, and additional metrics assessing the methods’ applicability and effectiveness in real-world scenarios. The findings indicate varied adoption rates of these metrics among the reviewed cybersecurity assessment methods, highlighting the absence of a standardized approach using common, well-defined security metrics for HTTPS deployment assessment. In contrast, merging all the comparison metrics outlined in this review would enable a more in-depth assessment of HTTPS deployment security issues, enhance the quality of reported results, and lead to the development of a more practical assessment method.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Nan Sun,Chang-Tsun Li,Hin Chan,Md Zahidul Islam,Md Rafiqul Islam,Warren Armstrong

DOI: https://doi.org/10.1109/ACCESS.2022.3187211

2022-03-05

Abstract:Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance. Utilizing cybersecurity standards and certifications can provide guidance for vendors to design and manufacture secure Information and Communication Technology (ICT) products as well as provide a level of assurance of the security functionality of the products for consumers. Hence, employing security standards and certifications is an effective strategy for risk management and cyber assurance. In this work, we begin with investigating the adoption of cybersecurity standards and certifications by surveying 258 participants from organizations across various countries and sectors. Specifically, we identify adoption barriers of the Common Criteria through the designed questionnaire. Taking into account the seven identified adoption barriers, we show the recommendations for promoting cybersecurity standards and certifications. Moreover, beyond cybersecurity standards and certifications, we shed light on other risk management strategies devised by our participants, which provides directions on cybersecurity approaches for enhancing cyber assurance in organizations.

Cryptography and Security

Deval Bhamare,Maede Zolanvari,Aiman Erbad,Raj Jain,Khaled Khan,Nader Meskin

DOI: https://doi.org/10.48550/arXiv.2002.04124

2020-02-10

Cryptography and Security

Abstract:Industrial Control System (ICS) is a general term that includes supervisory control & data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). ICSs are often found in the industrial sectors and critical infrastructures, such as nuclear and thermal plants, water treatment facilities, power generation, heavy industries, and distribution systems. Though ICSs were kept isolated from the Internet for so long, significant achievable business benefits are driving a convergence between ICSs and the Internet as well as information technology (IT) environments, such as cloud computing. As a result, ICSs have been exposed to the attack vectors used in the majority of cyber-attacks. However, ICS devices are inherently much less secure against such advanced attack scenarios. A compromise to ICS can lead to enormous physical damage and danger to human lives. In this work, we have a close look at the shift of the ICS from stand-alone systems to cloud-based environments. Then we discuss the major works, from industry and academia towards the development of the secure ICSs, especially applicability of the machine learning techniques for the ICS cyber-security. The work may help to address the challenges of securing industrial processes, particularly while migrating them to the cloud environments.

Mohammad Kamrul Hasan,AKM Ahasan Habib,Zarina Shukur,Fazil Ibrahim,Shayla Islam,Md Abdur Razzaque

DOI: https://doi.org/10.1016/j.jnca.2022.103540

IF: 7.574

2023-01-01

Journal of Network and Computer Applications

Abstract:The smart grid (SG) system is an intelligent technology that facilitates the integration of green technology and environmental aspects, which is a two-way communication system for information transformation, power generation, and distribution. The development and application of communication technology in the traditional power system deployed the SG cyber-physical system. The SG systems have a complex architecture that contains critical devices and Internet of Things (IoT)-based infrastructures. These critical infrastructures and devices are faced with cyber-attacks. Therefore, the SG systems required lots of research to protect these attacks from economic damage, security deficits, national grid security, and life loss. This paper comprehensively reviews SG cyber-physical and cyber security systems, standard protocols, and challenges. We discussed the SG model, key elements, advanced distribution management system (ADMS), supervisory control and data acquisition (SCADA), and advanced metering infrastructure framework (AMI). Then, we discussed the SG cyber-physical system communication standards and protocols. We present a correlation between SG cyber-physical system communication technology, standards and protocols, and application. Then, we thoroughly study cyber security principles, standards, and protocols. Finally, we discuss some challenges for SG cyber-physical systems, cyber-attacks, and cyber security systems and recommend some solutions for future research. This study provided a deep understanding of the cyber security systems and standards and proposed direction for future research in smart grid system applications.

computer science, interdisciplinary applications, software engineering, hardware & architecture