Engineering Commons^™

Technology Assessment For Cybersecurity Organizational Readiness: Case Of Airlines Sector And Electronic Payment, Sultan Ayed Alghamdi, Tugrul Daim, Saeed Mohammed Alzahrani

Engineering and Technology Management Faculty Publications and Presentations

Payment processing systems have advanced significantly in the airline business. Because e-payments are easy, they have captured the attention of many companies in the aviation industry and are quickly becoming the dominant means of payment. However, as technology advances, fraud grows at a comparable rate. Over the years, there has been a surge in payment fraud incidents in the airline sector, reducing the platform's trustworthiness. Despite attempts to eliminate epayment fraud, decision-makers lack the technical expertise required to use the finest fraud detection and prevention assessments. This research recognizes the lack of an established decision model as a hurdle and …

Implementation Profile: Egot Derms Server/Client System (Doe-Psu-0000922-2), Tylor Slay, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

This implementation profile (IP) provides the scope and requirements necessary to implement a distributed energy resource management system (DERMS), which networks large numbers of DER within an energy grid of things (EGoT). This document originated as part of a U.S. DOE-funded project to develop a DERMS based on a set of rules known as the Energy Services Interface (ESI). The ESI serves as an umbrella, ensuring the information exchange between an aggregator and DER owners conforms to expectations: protect privacy, provide security, develop trustworthiness, and ensure interoperability. DERMS developers use the ESI to ensure that information exchange meets these expectations. …

Implementation Profile: Modeling Environment (Doe-Psu-0000922-3), Sean Keene, Midrar Adham, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

This implementation profile provides the scope, background, and requirements necessary to implement a Modeling Environment (ME) to test a Distributed Energy Resource (DER) Management System (DERMS). A DERMS is used by an aggregator to dispatch large numbers of DERs in order to provide grid services to a Grid Operator. The ME addresses scalability issues inherent to Hardware-in-the-Loop DERMS simulation; a large number of assets are needed in order to observe effects on the grid from deployment and dispatch of DERs.

Psu Derms Operating Manual And Egot System Reference (Doe-Psu-0000922-7), Tylor Slay, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

This document guides the user of the Portland State University Distributed Energy Resource Management System in configuration and normal operation. For direct access to the underlying code and its usage see the accompanying PSU EGoT System Reference. The system reference outlines all classes and methods used through the Energy Grid of Things system including applications, models, interfaces and the entity component system.

Energy Services Interface (Doe-Psu-0000922-1), Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

This document defines a set of rules known as the Energy Services Interface (ESI), which “establish a bi-directional, service-oriented, logical interface to support secure, trustworthy information exchange between an aggregator and distributed energy resources (DERs). These exchanges facilitate energy interactions between the DERs and the aggregator, thereby allowing the aggregator to provide grid services through dispatch of the DERs.” The ESI serves as an umbrella, ensuring the information exchange between an aggregator and DER owners conforms to expectations: protect privacy, provide security, develop trustworthiness, and ensure interoperability. DERMS developers use the ESI to ensure that information exchange meets these expectations.

Product Specification: Distributed Trust Model System (Doe-Psu-0000922-4), Narmada Sonali Fernando, Abdullah Barghouti, Robert B. Bass, John M. Acken

Electrical and Computer Engineering Faculty Publications and Presentations

A Distributed Trust Model (DTM) System is a supervisory component within an energy grid of things. The role of a DTM System is to implement the trust aspects of an energy services interface. The DTM System augments existing security measures by monitoring the communication between the various EGoT System actors and quantifying metrics of trust of each actor.

Product Specification: Distributed Control Module (Doe-Psu-0000922-5), Nicole Henderson, Kai Zeng, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

This product specification describes the architecture, implementation, and hardware descriptions of a Distributed Control Module (DCM) prototype. A DCM is an enabling technology for distributed energy resources (DER). DERs are grid-enabled generation, storage, and load devices that are owned by utility customers. DCMs enable information exchange between a distributed energy resource management system (DERMS) and DERs for the purpose of networking large numbers of DERs. The DCM prototype described within this document enables DER participation in a service-oriented aggregation system. A DERMS server provides IEEE 2030.5 smart energy resource services to DCM clients using a request/response information exchange process. DCMs …

Psu Esi Review (Doe-Psu-0000922-6), Tylor Slay, Jaime Kolln, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

A guide to developing an Energy Service Interface (ESI) was created as part of the Grid Modernization Laboratory Consortium 2.5.2 ESI project. The approach applies device-agnostic and service-oriented ESI principles and leverages documents such as the Interoperability Maturity Model and Common Grid Service Definitions to provide a methodology to review, develop, and update standards and profiles to engage distributed energy resources to provide grid services. This document evaluates the ESI developed by Portland State University’s Power Engineering Group under the Electric Grid of Things project funded by the U.S. Department of Energy. The evaluation explores the compliance of this specific …

Trust Model System For The Energy Grid Of Things Network Communications, Narmada Sonali Fernando, Zhongkai Zheng, John M. Acken, Robert B. Bass

Electrical and Computer Engineering Faculty Publications and Presentations

Network communication is crucial in the Energy Grid of Things (EGoT). Without a network connection, the energy grid becomes just a power grid where the energy resources are available to the customer uni-directionally. A mechanism to analyze and optimize the energy usage of the grid can only happen through a medium, a communications network, that enables information exchange between the grid participants and the service provider. Security implementers of EGoT network communication take extraordinary measures to ensure the safety of the energy grid, a critical infrastructure, as well as the safety and privacy of the grid participants. With the dynamic …

Technology Roadmap For Standards Of Healthcare Data Cyber Security: Influence Of Public Policy On Consumer Healthcare Cyber Security Protections, Alison Nalven, Courtney Wright, Jennifer Lynn Zeitouni, Nolan Thompson, Sara Ferdousi, Saumya Saxena

Engineering and Technology Management Student Projects

From the dot com boom to now the Internet of Things (IoT) and Machine Learning era, the evolving digital world that people live in has brought new challenges for protecting personal data and information. IoT devices, smart phones, numerous apps, and more, constantly collect personal health data with many positive intentions. However, the recent overturning of Roe vs. Wade by the United States Supreme Court has generated concerns in particular on who and how personal health data can be used by both governments and private companies with unintended consequences for users. Cyber security and regulations for protecting personal health data …

Healthcare Information Security Maturity Model Grande Ronde Hospital, Pallavi Agrawal, Riad Alharithi, Karthik Manjunath, Kamal Thapa, Eric Ingersoll, Sujitha Rajagopal

Engineering and Technology Management Student Projects

Technology offers significant advantages in improving the delivery of healthcare to patients. The technology creates electronic data associated with each patient. The data journey starts from the collection point, through the data warehouses that store the data, the application that processes the data, and the medium that transfers the data throughout the patient's life. Data collection starts with patients filling out web forms on a provider's website. This information is stored for the Healthcare organization in remote servers managed by developers and is shared with healthcare specialists, hospitals, labs, pharmacists, insurance providers, and billing software among many other healthcare workers. …

The Distributed Trust Model Applied To The Energy Grid Of Things, Narmada Sonali Fernando

Dissertations and Theses

Electric power system operators can manage distribution system utilization and usage by coordinating end customer usage of distributed energy resources. The end customers in this regard are Service Provisioning Customers, who provide their energy resources to a Grid Service Provider, which in turn dispatches large aggregations of distributed energy resources to provide reliable service to the power system. The security of this system relies upon information protection mechanisms, as described in IEEE 2030.5. However, in addition to preventive security measures, a monitoring function is required to ensure trustworthiness.

Trust models are a method to detect and respond to both expected …

A Method For Comparative Analysis Of Trusted Execution Environments, Stephano Cetola

Dissertations and Theses

The problem of secure remote computation has become a serious concern of hardware manufacturers and software developers alike. Trusted Execution Environments (TEEs) are a solution to the problem of secure remote computation in applications ranging from "chip and pin" financial transactions to intellectual property protection in modern gaming systems. While extensive literature has been published about many of these technologies, there exists no current model for comparing TEEs. This thesis provides hardware architects and designers with a set of tools for comparing TEEs. I do so by examining several properties of a TEE and comparing their implementations in several technologies. …

Exploring And Expanding The One-Pixel Attack, Umairullah Khan, Walt Woods

Undergraduate Research & Mentoring Program

In machine learning research, adversarial examples are normal inputs to a classifier that have been specifically perturbed to cause the model to misclassify the input. These perturbations rarely affect the human readability of an input, even though the model’s output is drastically different. Recent work has demonstrated that image-classifying deep neural networks (DNNs) can be reliably fooled with the modification of a single pixel in the input image, without knowledge of a DNN’s internal parameters. This “one-pixel attack” utilizes an iterative evolutionary optimizer known as differential evolution (DE) to find the most effective pixel to perturb, via the evaluation of …

Cyberpdx: A Camp For Broadening Participation In Cybersecurity, Wu-Chang Feng, Robert Liebman, Lois Delcambre, Michael Mooradian Lupro, Tim Sheard, Scott Britell, Gerald W. Recktenwald

University Studies Faculty Publications and Presentations

With society’s increasing dependence on technology infrastructure, the importance of securing the computers, networks, data, and algorithms that run our digital and physical lives is becoming critical. To equip the next generation of citizens for the challenges ahead, an effort is underway to introduce security content early in a student’s academic career. It is important that these efforts broaden participation and increase diversity in the field. While many camps and curricula focus on introducing technical content and skills related to cybersecurity, such approaches can prematurely limit how students view career opportunities in the field, potentially limiting those who ultimately pursue …

Stackguard: Automatic Adaptive Detection And Prevention Of Buffer-Overflow Attacks, Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang

Computer Science Faculty Publications and Presentations

This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.

We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard …