Computer Sciences Commons^™

Scada System Security: Accounting For Operator Error And Malicious Intent, Ryan Kilbride, Jeremy Straub, Eunjin Kim

Jeremy Straub

Supervisory control and data acquisition (SCADA) systems are becoming more and more com-monplace in many industries today. Industries are making better use of software and large scale control systems to run efficiently, without the need for large amounts of oversight. Security is a particularly large issue with such systems, however. A human must still be involved to ensure smooth operation in the event of catastrophic system error, or unusual circumstanc-es. Human involvement presents problems: operators could make mistakes, configure the system to operate sub-optimally or take malicious actions. This imple-mentation of SCADA security aims to combat these problems.

Teaching Cybersecurity Using The Cloud, Khaled Salah, Mohammad Hammoud, Sherali Zeadally

Information Science Faculty Publications

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our …

An Electroencephalogram (Eeg) Based Biometrics Investigation For Authentication: A Human-Computer Interaction (Hci) Approach, Ricardo J. Rodriguez

CCE Theses and Dissertations

Encephalogram (EEG) devices are one of the active research areas in human-computer interaction (HCI). They provide a unique brain-machine interface (BMI) for interacting with a growing number of applications. EEG devices interface with computational systems, including traditional desktop computers and more recently mobile devices. These computational systems can be targeted by malicious users. There is clearly an opportunity to leverage EEG capabilities for increasing the efficiency of access control mechanisms, which are the first line of defense in any computational system.

Access control mechanisms rely on a number of authenticators, including “what you know”, “what you have”, and “what you …

Cybersecurity Vulnerabilities In Medical Devices: A Complex Environment And Multifaceted Problem, Patricia A.H. Williams, Andrew J. Woodward

Research outputs 2014 to 2021

The increased connectivity to existing computer networks has exposed medical devices to cybersecurity vulnerabilities from which they were previously shielded. For the prevention of cybersecurity incidents, it is important to recognize the complexity of the operational environment as well as to catalog the technical vulnerabilities. Cybersecurity protection is not just a technical issue; it is a richer and more intricate problem to solve. A review of the factors that contribute to such a potentially insecure environment, together with the identification of the vulnerabilities, is important for understanding why these vulnerabilities persist and what the solution space should look like. This …

The Data Protection Credibility Crisis, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson, Orla Lynskey

Articles by Maurer Faculty

No abstract provided.

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

Aircraft Access To System-Wide Information Management Infrastructure, Mohammad Moallemi, Remzi Seker, Mohamed Mahmoud, Jayson Clifford, John Pesce, Carlos Castro, Massood Towhidnejad, Jonathan Standley, Robert Klein

Publications

Within the Federal Aviation Administration’s (FAA) NextGen project, System Wide Information Management (SWIM) program is the essential core in facilitating the collaborative access to the aviation information by various stakeholders. The Aircraft Access to SWIM (AAtS) initiative is an effort to connect the SWIM network to the aircraft to exchange the situational information between the aircraft and the National Airspace System (NAS). This paper summarizes the highlevel design and implementation of the AAtS infrastructure; namely the communication medium design, data management system, pilot peripheral, as well as the security of the data being exchanged and the performance of the entire …

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …

An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone

Australian Information Security Management Conference

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in …

Taking Stock After Four Years, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Business Of Privacy, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Extraterritoriality Of Data Privacy Laws -- An Explosive Issue Yet To Detonate, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The End Of The Beginning, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Moving Forward Together, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Editorial, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Privacy -- An Elusive Concept, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Let's Not Kill All The Privacy Laws (And Lawyers), Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Denial Of Service Attack Techniques: Analysis, Implementation And Comparison, Khaled M. Elleithy, Drazen Blagovic, Wang K. Cheng, Paul Sideleau

School of Computer Science & Engineering Faculty Publications

A denial of service attack (DOS) is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack will be simulated against a Microsoft Windows 95 computer. The TCP SYN …