Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The development of tools and techniques for security testing and performance testing of Process Control Systems (PCS) is needed since those systems are vulnerable to the same classes of threats as other networked computer systems. In practice, security testing is difficult to perform on operational PCS because it introduces an unacceptable risk of disruption to the critical systems (e.g., power grids) that they control. In addition, the hardware used in PCS is often expensive, making full-scale mockup systems for live experiments impractical. A more flexible approach to these problems can be provided through test beds that provide the proper mix of real, emulated, and virtual elements to model large, complex systems such as critical infrastructures. This paper describes a "Virtual Control System Environment" that addresses these issues.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.

Abstract not provided.

Abstract not provided.

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results of a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.

This contribution extends the Outside Nodal Hierarchy List (ONHL) procedures described in ATM Forum Contributions 97-0766 and 97-0933. These extensions allow multiple mobile networks to form either an ad hoc network or an extension of a fixed PNNI infrastructure. A previous contribution (97-1073) covered the simplest case where the top-most Logical Group Nodes (LGNs), in those mobile networks, all resided at the same level in a PNNI hierarchy. This contribution covers the more general case wherein those top-most LGNs may reside at different PNNI hierarchy levels. Both of the SNL contributions consider flat ad hoc network architectures in the sense that each mobile network always participates in the PNNI hierarchy at the pre-configured level of its top-most LGN.

This contribution extends the Outside Nodal Hierarchy List (ONHL) procedures described in ATM Form Contribution 97-0766. These extensions allow multiple mobile networks to form either an ad hoc network or an extension of a fixed PNNI infrastructure. This contribution covers the simplest case where the top-most Logical Group Nodes (LGNs), in those mobile networks, all reside at the same level in a PNNI hierarchy. Future contributions will cover the general case where those top-most LGNs reside at different hierarchy levels. This contribution considers a flat ad hoc network architecture--in the sense that each mobile network always participates in the PNNI hierarchy at the preconfigured level of its top-most LGN.

Wireless Asynchronous Transfer Mode (WATM) networks pose new traffic management problems. One example is the effect of user mobility on Usage Parameter Control (UPC). If the UPC algorithm resets after each handoff between wireless-cells, then users can cheat on their traffic contract. This paper derives explicit relationships between a user`s traffic parameters (Peak Cell Rate, Sustained Cell Rate and Maximum Burst Size), their transit time per wireless-cell, their maximum sustained cheating-rate and the Generic Cell Rate Algorithm`s (GCRA`s) Limit (L) parameter. It also shows that the GCRA can still effectively police Constant Bit Rate (CBR) traffic, but not some types of realistic Variable Bit Rate (VBR) traffic.