{"title":"Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who?","authors":"Ita Ryan, Klaas-Jan Stol, U. Roedig","doi":"10.1109/EnCyCriS59249.2023.00008","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00008","url":null,"abstract":"Software security is an area of growing concern, with over 192,000 known vulnerabilities in public software at the time of writing. Many aids to secure coding exist. Assessing the effectiveness of such aids in a laboratory environment is difficult. There are a number of concerns to address, such as recruitment issues and the level of instrumentation needed to perform an accurate measurement. Based on an extensive literature review of software development aids, we describe recent approaches to running laboratory studies, their characteristics, and their benefits and drawbacks. This paper should be of use to anyone planning to undertake coding studies with software developers.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"241 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116061294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Evaluating Moving Target Defenses against Realistic Attack Scenarios","authors":"Alex Brown, Tze-Wen Lee, Jin B. Hong","doi":"10.1109/EnCyCriS59249.2023.00005","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00005","url":null,"abstract":"Defenders are continuously seeking new tools for better security, including proactive defenses like Moving Target Defense (MTD). MTD continuously changes the attack surface, but there's little research on combining different MTD techniques, and often attack scenarios considered are simple and unrealistic. This paper proposes to evaluate the combined effects of MTD techniques against practical and realistic attack scenarios through a simulation framework. Our results indicate that adopting MTD techniques in general improves the security of systems, but combinations can have varying levels of defense depending on the attack scenarios. Hence, our proposed approach provides a more realistic evaluation of MTD techniques and their combinations taking into account practical attack scenarios, which can aid decision-makers to make better-informed decisions.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115271234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures","authors":"Kayode Yakub Saheed, S. Misra, S. Chockalingam","doi":"10.1109/EnCyCriS59249.2023.00006","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00006","url":null,"abstract":"Industrial Control Systems (ICS) are widely used to carry out the fundamental functions of a society and are frequently employed in Critical Infrastructures (CIs). Consequently, protection against cyber-attacks is essential for these systems. Over the years, numerous cyber-attack detection system concepts have been proposed, each employing a distinct set of processes and methodologies. Despite this, there is a significant gap in the field of techniques for detecting cyber-attacks on ICS. Most existing studies used device logs, which require considerable pre-processing and understanding before they can be utilized for intrusion detection in an ICS environment. In this paper, we proposed an intrusion detection using an autoencoder for feature dimensionality reduction trained on network flow data via a Deep Convolutional Neural Network (DCNN) and Long Short-Term Memory (LSTM), which does not require prior knowledge of the underlying architecture and network's topology. The experimental analysis was performed on the ICS dataset and gas pipeline data given by Mississippi State University (MSU). The LSTM model achieved an accuracy greater than 99% and an AUC-ROC of 99.50% on the ICS data, whereas the DCNN model achieved an accuracy of 96.0% and an AUC-ROC of 97.20% on the gas pipeline network data, with extremely low false negatives and false positives. The results of the study showed that LSTM is superior to DCNN in detecting anomalies in ICS. In addition, the results disclosed that LSTM and DCNN are effective at time series prediction tasks. This observation is encouraging, as DCNN and LSTM are smaller, faster, and more straightforward than the deep neural network and recurrent neural networks utilized in previous research. The proposed IDS architecture is a low-cost, network-based solution that requires minimal processing, performs unsupervised, and is straightforward to implement in a real-world environment.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115976027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The State of Secure Coding Practice: Small Organisations and “Lone, Rogue Coders”","authors":"Ita Ryan, Klaas-Jan Stol, U. Roedig","doi":"10.1109/EnCyCriS59249.2023.00010","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00010","url":null,"abstract":"Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methods, which attempt to guide organisations in improving their software assurance. However, these methods implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We hope that they will facilitate the targeting of security advice to these neglected developer categories.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127909987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"EnCyCriS 2023 Committees","authors":"","doi":"10.1109/encycris59249.2023.00013","DOIUrl":"https://doi.org/10.1109/encycris59249.2023.00013","url":null,"abstract":"","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125593830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Functional Cyber-Resilience - Extending the Cybersecurity Paradigm in Critical Infrastructures","authors":"J. Haan","doi":"10.1109/EnCyCriS59249.2023.00007","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00007","url":null,"abstract":"The digitalization and connectivity is growing fast in many areas of society. This is also the case in critical infrastructures like Air Traffic Management systems. This will inevitably lead to an progressing technology dependency. Over the past years, the awareness has been improved, leading to an increasing attention for cyber-security challenges. In this paper, I will explain why this will not be sufficient in the long run to ensure business continuity. In addition to the risk coming from an increasing dependency, a concentration of technical infrastructures and a decrease of diversity can be observed. On the non-technical side the risk from geo-political differences are increasing as well. To address this, new, risk landscape, we need a different way of looking at system-wide risks. The risks and mitigation should be considered at a, generic, functional level rather than individual, technical, human and organisational levels.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131551025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Foreword from the EnCyCriS 2023 Organizers","authors":"","doi":"10.1109/encycris59249.2023.00012","DOIUrl":"https://doi.org/10.1109/encycris59249.2023.00012","url":null,"abstract":"","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116092393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cryptography Based Security for the ATM Surveillance Chain","authors":"J. Haan, Abdel Youssouf","doi":"10.1109/EnCyCriS59249.2023.00009","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00009","url":null,"abstract":"Legacy systems are quite common in critical infrastructures. The Air Traffic Management (ATM) domain is no exception. The combination of their legacy technology and use in critical infrastructures make them attractive and sometimes easy targets for cyber-attacks. Like many critical infrastructures, ATM is heavily constrained and strongly regulated. This limits the possibilities of short term changes. The development and operational life-cycles of these systems are usually quite long. This increases the need for transitional security mechanisms that can be retrofitted in a minimal invasive way without compromising safety and performance requirements while taking into account the ATM constraints. In this paper a Proof of Concept study is described that investigates a flexible and lean implementation for the ATM surveillance chain, based on standardized protocols and open source software.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128201240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}