Escolar Documentos
Profissional Documentos
Cultura Documentos
ABSTRACT
Digital computers have been chosen as a safety system in newly constructed nuclear facilities. Owing to
digitalization, cyber threats to nuclear facilities have increased and the integrity of the digital safety systems
has been threatened. To cope with such threats, the nuclear regulatory agency has published guidelines for
digital safety systems. This paper suggests an implementation method of cyber security for the safety system
in the development phase. It introduces specific security activities based on a practice in a nuclear facility
construction project. It also explains experiences resolving security vulnerabilities of the system and gives
lessons learned about considerations in a real construction.
Keywords : - 0jjSoftware Verification and Validation, Cyber security.
case reported on in South Africa where, as in any
I. INTRODUCTION other country in the world, an alarming increase
Nowadays, the cyber-security media are very has been noted in cyber threats related to abuse
concerned about people being exposed to all sorts against women (Bliss, 2017). The cyber threat in
of abuse on Social Media Platforms (SMPs). The this case manifested itself in the form of identity
malicious intent of humans deceiving other impersonation by two malicious users who
humans constitutes a cyber threat that is one of exploited the “ease-of-opening-a-deceptive-
the most difficult to contend. More importantly, account” vulnerability on Face book and were
these cyber threats are aggravated by the sheer arrested for luring, raping, and killing women (de
number of vulnerabilities present in SMPs, the Villiers, 2017). This and other cyber security
number of available and different types of SMPs cases (Peterson, 2016); (Digital, 2016) point to a
(Chaffey, 2016), the poor design and construction common thread in exploiting SMP vulnerabilities,
of SMPs (Haimson and Hoffmann, 2016), the namely the ease of creating fake or deceptive
large volumes of unstructured content (Assunção identities (Tsikerdekis and Zeadally, 2014). In the
et al., 2015), and the opportunities that SMPs case of identity deception, a deceptive account is
provide to humans acting in malicious ways (Fire either created with malicious intent or to preserve
et al., 2014). These factors all contribute to SMPs anonymity. This paper is concerned with the
being extremely vulnerable to cyber threats detection of deceptive accounts created with
caused by malicious users. Furthermore, as a malicious intent, as these pose a cyber threat to
result of these cyber threats and SMP other humans at large. A deceptive account with
vulnerabilities we witness an alarming increase in malicious intent could for example be used to
the prevalence of cyber bullying (Smit, 2015), defame someone’s character (Galán-GarcÍa et al.,
identity theft (Kabay et al., 2014), identity 2015) or conduct online bullying (Smit, 2015).
impersonation (Galán-GarcÍa et al., 2015), These deceptive accounts are generated by
dissemination of pornography (Benevenuto et al., humans or bots (Chu et al., 2010). Much research
2010), fraud (Gurajala et al., 2015), and the like. (Oentaryo et al., 2016); (Dickerson et al., 2014);
As an example, consider a recent cyber-security (Cresci et al., 2015) has been done to detect bot
accounts that require no human involvement for A. Relationship between V&V activities and
the actions they perform. These deceptive bot cyber security activities
accounts are known to target groups, as opposed
A well-known industrial standard, IEEE, 2004,
to specific individuals (Oentaryo et al., 2016).
endorsed by the nuclear regulatory body gives
However, to date, very little research has focused
specific activities for software verification and
on detecting deceptive human accounts on SMPs.
validation (V&V) of digital safety systems. The
The research reported on in this paper is a first
security analysis mentioned in the standard has
attempt at minimising the cyber risk of identity
been interpreted as the concept of physical
deception as exploited by malicious users on
security only. Considering recent regulatory
SMPs through the intelligent detection of
positions, it is acceptable that the security analysis
deceptive identities. The aims of the research
should be conducted for the cyber security of
reported on in this paper are summarised as
digital systems. Thus, this study decomposes the
follows:
standard requirements into three major parts,
● To identify and describe the different types of
software V&V, safety analysis, and cyber security
information
analysis. The analysis results for each part through
available on SMPs – also referred to as attributes
the development phases are published
(e.g. the date on which the account is created) –
independently. Fig. 2 shows the cyber security
that can potentially be used to detect user identity
plan within the V&V plan of the system.
deception.
● To experiment with SMP attributes to detect, in Generally, system developers use qualified
an intelligent way, user identity deception by commercial-off-the shelf (COTS) products as the
using various machine learning models. platform of safety systems. Software V&V and a
● To enhance the SMP attributes for improving safety analysis only focus on logic source codes
identity deception detection by using engineered that are newly developed within the products. In
features derived from two fields: Firstly, the field the case of a security analysis, the security
of psychology where we focus specifically on capability in the past does not ensure the same
discovering why people lie, and secondly, from effectiveness currently due to continuously
the field of detecting bot accounts where we evolving cyber threats. Therefore, this paper
intend to determine how these solutions can be recommends that the hardware and software of the
leveraged for detecting human identity deception. COTS are included as review items in the security
● To propose a model that intelligently detects analysis.
and interprets the perceived deceptiveness of a B. A cyber security plan
SMP user, given the results from the
aforementioned experiments. This section proposes a cyber security plan
This will be the first time that features derived including a cyber security team (CST)
from the field of psychology will be applied organization and security activities
towards the detection of human identity deception implementation. The cyber security team consists
on SMPs. of a team leader and team members. The major
missions of the team are as follows:
II. CYBER SECURITY FOR SAFETY supervision of the secure
SYSTEM development environment,
analysis of the system vulnerability
Safety-grade digital computers are used for the
and penetration test to the system,
reliable protective functions of nuclear facilities.
This section introduces a planning for cyber introducing cyber security
security of the safety systems. Shortly, the cyber requirements,
security considerations have been incorporated
tracking and resolving security issues,
into the safety system development process.
assessing security impact on the part of the systems. For example, the
system integrity, and password, session lock, and isolation
devices become design items for the
reviewing the results of development
control of the access requirements.
phases
To decide whether the design is acceptable, a
The system development model for the digital
security assessment used to identify potential
system is a well known waterfall design model,
vulnerabilities to the system is performed using
which consists of the concept, requirement,
detailed design documents.
design, implementation, and test phases. This
paper adds security activities to the design model
to perform the security team missions. Fig. 3
shows the security activities defined in the plan.
Attack Path Analysis: Used to
identify accessible pathways to the
system cabinet physically and
logically. Non-accessible pathways
by existing security controls are
found in this activity. It is used as
evidence for justification that the
security controls used to eliminate
Fig. 1. Codes and standards for cyber security.
vulnerabilities at the pathways can be
excluded in the system. Detailed
information about the accessible
pathways is utilized as input to the
penetration test of the system.
Penetration Test: Used to test whether
attackers can jeopardize the system
through the identified pathways or
not. If the cyber attacks actually
impact the system functioning, then Fig. 2. Cyber security incorporated into system V&V plan.
security controls used to block the
attacks are proposed in this activity.
Security Requirements V&V:
Hardware and software requirements
for the cyber security are defined as
part of the overall system
requirements. If potential
vulnerabilities of the system are
Fig. 3. Cyber security plan and activities.
induced by the functional
requirements, the results are fed back
to the developers, and the design
_ Security Implementation V&V: Checks
problems are resolved directly in the
whether the security design items are appropriately
same phase.
transformed into specific hardware and software
Security Design V&V: It is checked representations. The security team forces system
that the security requirements are developers to keep a secure development
mapped into specific design items as environment to minimize any inadvertent or
III. RESULTS AND DISCUSSIONS Fig. 4. Internal and external interfaces of a safety system cabinet.
acted as a reviewer for the Journal of Super The Focus of His research work is Design of
Computing (Springer) , Journal of Big Data Patch antennas which are Suitable for Defence
and Space Based Applications. He received
(Springer) and Journal of the Institution of appreciation award in various National and
Engineers (India) – Series B (Springer). And also International Conferences. He received Best
Coordinator Certificates from IUCEE, IIT
with his solid financial advice 21 start-ups of ROORKEE, IIT Bhubneswar, NCAT, ELAT and
Kochi, Bangalore and Vijayawada have tread the INTEL. He attended WIPRO training Program.
He completed one Joint research Program with
success track.
IIT Kharagpur.He Organized various student level
Competitions, workshops, Faculty Development
Talking about his research excellence, it is Programs, Guest lectures, Orientation Programs,
and Subject Based Seminars with scientists and
exciting to know that he has filed 3 patents and 4 Academicians. He is doing research work under
more are in pipeline and has Published more than the valuable Directions of Eminent Scientists. He
had done technical Discussions with experts at
25 research papers in reputed journals like Space Station, Antenna Research Lab, and Radar
Thomas Reuters, IEEE, Scopus etc., and shows station. He Published research articles in Various
Scientific Journals. He is an active
keenness in researching on Cyber Security, Cloud
Editor/Reviewer for the so many top most
Computing, Big Data / Hadoop, Block chain and international journals.
Data Analytics