Rodríguez, Ricardo J
Evolution and Characterization of Point-of-Sale RAM Scraping Malware Journal Article
In: Journal in Computer Virology and Hacking Techniques, vol. 13, no. 3, pp. 179–192, 2017, ISSN: 2263-8733.
Abstract | Links | BibTeX | Tags: Evolution, malware, POS RAM scraping, Software security, Taxonomy
@article{R-CVHT-17,
title = {Evolution and Characterization of Point-of-Sale RAM Scraping Malware},
author = {Ricardo J Rodríguez},
url = {http://webdiis.unizar.es/~ricardo/files/papers/R-CVHT-17.pdf},
doi = {10.1007/s11416-016-0280-4},
issn = {2263-8733},
year = {2017},
date = {2017-01-01},
journal = {Journal in Computer Virology and Hacking Techniques},
volume = {13},
number = {3},
pages = {179--192},
abstract = {Credit and debit cards are becoming the primary payment method for purchases. These payments are normally performed in merchant's in-store systems as known as Point-of-Sale (POS) systems. Since these systems handle payment card data while processing the customer transactions, they are becoming a primary target for cybercriminals. These data, when remain at memory, are scraped and exfiltrated by specially crafted malicious software named POS RAM scraping malware. In recent years, large data breaches occurred in well-known US retail companies were caused by this kind of malware. In this paper, we study the features of these malware based on their behavior on different stages: infection and persistence, process and data of interest search, and exfiltration. Then, we classify samples of 22 known POS RAM scraping malware families from 2009 to 2015 according to these features. Our findings show these malware are still immature and use well-defined behavioral patterns for data acquirement and exfiltration, which may make their malicious activity easily detectable by process and network monitoring tools.},
keywords = {Evolution, malware, POS RAM scraping, Software security, Taxonomy},
pubstate = {published},
tppubtype = {article}
}
Credit and debit cards are becoming the primary payment method for purchases. These payments are normally performed in merchant's in-store systems as known as Point-of-Sale (POS) systems. Since these systems handle payment card data while processing the customer transactions, they are becoming a primary target for cybercriminals. These data, when remain at memory, are scraped and exfiltrated by specially crafted malicious software named POS RAM scraping malware. In recent years, large data breaches occurred in well-known US retail companies were caused by this kind of malware. In this paper, we study the features of these malware based on their behavior on different stages: infection and persistence, process and data of interest search, and exfiltration. Then, we classify samples of 22 known POS RAM scraping malware families from 2009 to 2015 according to these features. Our findings show these malware are still immature and use well-defined behavioral patterns for data acquirement and exfiltration, which may make their malicious activity easily detectable by process and network monitoring tools.
Rodríguez, Ricardo J; Garcia-Escartin, Juan Carlos
Security Assessment of the Spanish Contactless Identity Card Journal Article
In: IET Information Security, vol. 11, no. 6, pp. 386–393(7), 2017, ISSN: 1751-8709.
Abstract | Links | BibTeX | Tags: contactless cards, identity cards, NFC, Security
@article{RG-IFS-17,
title = {Security Assessment of the Spanish Contactless Identity Card},
author = {Ricardo J Rodríguez and Juan Carlos Garcia-Escartin},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RG-IFS-17.pdf},
doi = {10.1049/iet-ifs.2017.0299},
issn = {1751-8709},
year = {2017},
date = {2017-01-01},
journal = {IET Information Security},
volume = {11},
number = {6},
pages = {386--393(7)},
publisher = {Institution of Engineering and Technology},
abstract = {The theft of personal information to fake the identity of a person is a common threat normally performed by individual criminals, terrorists, or crime rings to commit fraud or other felonies. Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for criminals, who might take advantage of the RFID communication to virtually steal personal information. In this paper, we consider as case study the recently deployed contactless Spanish identity card assessing its security against identity theft. In particular, we evaluated the security of one of the contactless access protocol as implemented in the contactless Spanish identity card, and found that no defenses against on-line brute-force attacks were incorporated. We then suggest two countermeasures to protect against these attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all the performed tests with good results.},
keywords = {contactless cards, identity cards, NFC, Security},
pubstate = {published},
tppubtype = {article}
}
The theft of personal information to fake the identity of a person is a common threat normally performed by individual criminals, terrorists, or crime rings to commit fraud or other felonies. Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for criminals, who might take advantage of the RFID communication to virtually steal personal information. In this paper, we consider as case study the recently deployed contactless Spanish identity card assessing its security against identity theft. In particular, we evaluated the security of one of the contactless access protocol as implemented in the contactless Spanish identity card, and found that no defenses against on-line brute-force attacks were incorporated. We then suggest two countermeasures to protect against these attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all the performed tests with good results.
Botas, Álvaro; Rodríguez, Ricardo J; Matellán, Vicente; García, Juan F
Empirical Study to Fingerprint Public Malware Analysis Services Proceedings Article
In: Proceedings of the International Joint Conference SOCO'17-CISIS'17-ICEUTE'17, pp. 589–599, Springer International Publishing, 2017, ISBN: 978-3-319-67180-2.
Abstract | Links | BibTeX | Tags: Analysis-aware malware, characterization, Malware analysis service, sandbox
@inproceedings{BRMG-CISIS-17,
title = {Empirical Study to Fingerprint Public Malware Analysis Services},
author = {Álvaro Botas and Ricardo J Rodríguez and Vicente Matellán and Juan F García},
url = {http://webdiis.unizar.es/~ricardo/files/papers/BRMG-CISIS-17.pdf},
doi = {10.1007/978-3-319-67180-2_57},
isbn = {978-3-319-67180-2},
year = {2017},
date = {2017-01-01},
booktitle = {Proceedings of the International Joint Conference SOCO'17-CISIS'17-ICEUTE'17},
volume = {649},
pages = {589--599},
publisher = {Springer International Publishing},
series = {Advances in Intelligent Systems and Computing},
abstract = {The evolution of malicious software (malware) analysis tools provided controlled, isolated, and virtual environments to analyze malware samples. Several services are found on the Internet that provide to users automatic system to analyze malware samples, as VirusTotal, Jotti, or ClamAV, to name a few. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment. When analysis environment is detected, malware behave as a benign application or even show no activity. In this work, we present an empirical study and characterization of automatic public malware analysis services. In particular, we consider 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments. Finally, we propose a method to mitigate fingerprinting.},
keywords = {Analysis-aware malware, characterization, Malware analysis service, sandbox},
pubstate = {published},
tppubtype = {inproceedings}
}
The evolution of malicious software (malware) analysis tools provided controlled, isolated, and virtual environments to analyze malware samples. Several services are found on the Internet that provide to users automatic system to analyze malware samples, as VirusTotal, Jotti, or ClamAV, to name a few. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment. When analysis environment is detected, malware behave as a benign application or even show no activity. In this work, we present an empirical study and characterization of automatic public malware analysis services. In particular, we consider 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments. Finally, we propose a method to mitigate fingerprinting.
García, Laura; Rodríguez, Ricardo J
A Peek Under the Hood of iOS Malware Proceedings Article
In: Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 590–598, 2016.
Abstract | Links | BibTeX | Tags: attacks, classification, iOS, malware, threats
@inproceedings{GR-WMA-16,
title = {A Peek Under the Hood of iOS Malware},
author = {Laura García and Ricardo J Rodríguez},
url = {http://webdiis.unizar.es/~ricardo/files/papers/GR-WMA-16.pdf},
doi = {10.1109/ARES.2016.15},
year = {2016},
date = {2016-08-01},
booktitle = {Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES)},
pages = {590--598},
abstract = {Malicious software specially crafted to proliferate in mobile platforms are becoming a serious threat, as reported by numerous software security vendors during last years. Android and iOS are nowadays the leaders of mobile OS market share. While malware targeting Android are largely studied, few attention is paid to iOS malware. In this paper, we fill this gap by studying and characterizing malware targeting iOS devices. To this regard, we study the features of iOS malware and classify samples of 36 iOS malware families discovered between 2009 and 2015. We also show the methodology for iOS malware analysis and provide a detailed analysis of a malware sample. Our findings evidence that most of them are distributed out of official markets, target jailbroken iOS devices, and very few exploit any vulnerability.},
keywords = {attacks, classification, iOS, malware, threats},
pubstate = {published},
tppubtype = {inproceedings}
}
Malicious software specially crafted to proliferate in mobile platforms are becoming a serious threat, as reported by numerous software security vendors during last years. Android and iOS are nowadays the leaders of mobile OS market share. While malware targeting Android are largely studied, few attention is paid to iOS malware. In this paper, we fill this gap by studying and characterizing malware targeting iOS devices. To this regard, we study the features of iOS malware and classify samples of 36 iOS malware families discovered between 2009 and 2015. We also show the methodology for iOS malware analysis and provide a detailed analysis of a malware sample. Our findings evidence that most of them are distributed out of official markets, target jailbroken iOS devices, and very few exploit any vulnerability.
Nardone, Roberto; Rodríguez, Ricardo J; Marrone, Stefano
Formal Security Assessment of Modbus Protocol Proceedings Article
In: Proceedings of the 11th International Conference for Internet Technology and Secured Transactions, pp. 142–147, IEEE, 2016.
Abstract | Links | BibTeX | Tags: Cyber-Physical Security, Dynamic State Machines, Modbus, Model checking, SCADA control systems
@inproceedings{NRM-ITST-16,
title = {Formal Security Assessment of Modbus Protocol},
author = {Roberto Nardone and Ricardo J Rodríguez and Stefano Marrone},
url = {http://webdiis.unizar.es/~ricardo/files/papers/NRM-ICITST-16.pdf},
doi = {10.1109/ICITST.2016.7856685},
year = {2016},
date = {2016-12-01},
booktitle = {Proceedings of the 11th International Conference for Internet Technology and Secured Transactions},
pages = {142--147},
publisher = {IEEE},
abstract = {Critical infrastructures as water treatment, power distribution, or telecommunications provide essential services to our day-to-day basis. Any service discontinuity may have a high impact into our society and even our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spoofing, flooding, or replay to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to find counterexamples of security properties by model-checking. In particular, in this paper we prove the existence of man-in-the-middle attack in Modbus protocol. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.},
keywords = {Cyber-Physical Security, Dynamic State Machines, Modbus, Model checking, SCADA control systems},
pubstate = {published},
tppubtype = {inproceedings}
}
Critical infrastructures as water treatment, power distribution, or telecommunications provide essential services to our day-to-day basis. Any service discontinuity may have a high impact into our society and even our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spoofing, flooding, or replay to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to find counterexamples of security properties by model-checking. In particular, in this paper we prove the existence of man-in-the-middle attack in Modbus protocol. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.
Rodríguez, Ricardo J; Chang, Xiaolin; Li, Xiaodan; Trivedi, Kishor S
Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack Proceedings Article
In: Kordy, Barbara; Ekstedt, Mathias; Kim, Seong Dong (Ed.): Proceedings of the 3rd International Workshop on Graphical Models for Security, pp. 134–149, 2016.
Abstract | Links | BibTeX | Tags: APT, Cyberattacks, Markov chains, Security metrics, Stochastic reward nets, Survivability, Transient analysis
@inproceedings{RCLT-GraMSec-16,
title = {Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack},
author = {Ricardo J Rodríguez and Xiaolin Chang and Xiaodan Li and Kishor S Trivedi},
editor = {Barbara Kordy and Mathias Ekstedt and Seong Dong Kim},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RCLT-GraMSec-16.pdf},
doi = {10.1007/978-3-319-46263-9_9},
year = {2016},
date = {2016-01-01},
booktitle = {Proceedings of the 3rd International Workshop on Graphical Models for Security},
volume = {9987},
pages = {134--149},
abstract = {Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.},
keywords = {APT, Cyberattacks, Markov chains, Security metrics, Stochastic reward nets, Survivability, Transient analysis},
pubstate = {published},
tppubtype = {inproceedings}
}
Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.
Rodríguez, Ricardo J; Marrone, Stefano
Model-Based Vulnerability Assessment of Self-Adaptive Protection Systems Book Section
In: Novais, Paulo; Camacho, David; Analide, Cesar; Seghrouchni, Amal El Fallah; Badica, Costin (Ed.): Intelligent Distributed Computing IX, vol. 616, pp. 439–449, Springer International Publishing, 2016, ISBN: 978-3-319-25015-1.
Abstract | Links | BibTeX | Tags: Dynamic Bayesian Networks, model-based, security assessment, vulnerability
@incollection{RM-WSRL-16,
title = {Model-Based Vulnerability Assessment of Self-Adaptive Protection Systems},
author = {Ricardo J Rodríguez and Stefano Marrone},
editor = {Paulo Novais and David Camacho and Cesar Analide and Amal El Fallah Seghrouchni and Costin Badica},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RM-WSRL-16.pdf},
doi = {10.1007/978-3-319-25017-5_41},
isbn = {978-3-319-25015-1},
year = {2016},
date = {2016-01-01},
booktitle = {Intelligent Distributed Computing IX},
volume = {616},
pages = {439--449},
publisher = {Springer International Publishing},
series = {Studies in Computational Intelligence},
abstract = {Security mechanisms are at the base of modern computer systems, demanded to be more and more reactive to changing environments and malicious intentions. Security policies unable to change in time are destined to be exploited and thus, system security compromised. However, the ability to properly change security policies is only possible once the most effective mechanism to adopt under specific conditions is known. This paper proposes a model-based approach to accomplish this goal: a vulnerability model of the system is built by means of a model-based, layered security approach, and used to quantitatively evaluate the best protection mechanism at a given time and hence, to adapt the system to changing environments. The evaluation relies on the use of a powerful, flexible formalism such as Dynamic Bayesian Networks.},
keywords = {Dynamic Bayesian Networks, model-based, security assessment, vulnerability},
pubstate = {published},
tppubtype = {incollection}
}
Security mechanisms are at the base of modern computer systems, demanded to be more and more reactive to changing environments and malicious intentions. Security policies unable to change in time are destined to be exploited and thus, system security compromised. However, the ability to properly change security policies is only possible once the most effective mechanism to adopt under specific conditions is known. This paper proposes a model-based approach to accomplish this goal: a vulnerability model of the system is built by means of a model-based, layered security approach, and used to quantitatively evaluate the best protection mechanism at a given time and hence, to adapt the system to changing environments. The evaluation relies on the use of a powerful, flexible formalism such as Dynamic Bayesian Networks.
Rodríguez, Ricardo J; Rodríguez-Gastón, Iñaki; Alonso, Javier
Towards the Detection of Isolation-Aware Malware Journal Article
In: IEEE Latin America Transactions (Revista IEEE America Latina), vol. 14, no. 2, pp. 1024–1036, 2016, ISSN: 1548-0992.
Abstract | Links | BibTeX | Tags: Analysis-aware malware, Dynamic binary instrumentation, program binary analysis
@article{RRA-LATAM-16,
title = {Towards the Detection of Isolation-Aware Malware},
author = {Ricardo J Rodríguez and Iñaki Rodríguez-Gastón and Javier Alonso},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RRA-LATAM-16.pdf},
doi = {10.1109/TLA.2016.7437254},
issn = {1548-0992},
year = {2016},
date = {2016-01-01},
journal = {IEEE Latin America Transactions (Revista IEEE America Latina)},
volume = {14},
number = {2},
pages = {1024--1036},
abstract = {Malware analysis tools have evolved in the last years providing tightly controlled sandbox and virtualised environments where malware is analysed minimising potential harmful consequences. Unfortunately, malware has advanced in parallel, being currently able to recognise when is running in sandbox or virtual environments and then, behaving as a non-harmful application or even not executing at all. This kind of malware is usually called analysis-aware malware. In this paper, we propose a tool to detect the evasion techniques used by analysis-aware malware within sandbox or virtualised environments. Our tool uses Dynamic Binary Instrumentation to maintain the binary functionality while executing arbitrary code. We evaluate the tool under a set of well-known analysis-aware malware showing its current effectiveness. Finally, we discuss limitations of our proposal and future directions.},
keywords = {Analysis-aware malware, Dynamic binary instrumentation, program binary analysis},
pubstate = {published},
tppubtype = {article}
}
Malware analysis tools have evolved in the last years providing tightly controlled sandbox and virtualised environments where malware is analysed minimising potential harmful consequences. Unfortunately, malware has advanced in parallel, being currently able to recognise when is running in sandbox or virtual environments and then, behaving as a non-harmful application or even not executing at all. This kind of malware is usually called analysis-aware malware. In this paper, we propose a tool to detect the evasion techniques used by analysis-aware malware within sandbox or virtualised environments. Our tool uses Dynamic Binary Instrumentation to maintain the binary functionality while executing arbitrary code. We evaluate the tool under a set of well-known analysis-aware malware showing its current effectiveness. Finally, we discuss limitations of our proposal and future directions.
Botas, Alvaro; Rodríguez, Ricardo J; Vaisanen, Teemu; Zdzichowski, Patrycjusz
Counterfeiting and Defending the Digital Forensic Process Proceedings Article
In: Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), pp. 1966–1971, IEEE, 2015.
Abstract | Links | BibTeX | Tags: anti-forensics, categorization, forensics
@inproceedings{BRVZ-CEWE-15,
title = {Counterfeiting and Defending the Digital Forensic Process},
author = {Alvaro Botas and Ricardo J Rodríguez and Teemu Vaisanen and Patrycjusz Zdzichowski},
url = {http://webdiis.unizar.es/~ricardo/files/papers/BRVZ-CEWE-15.pdf},
doi = {10.1109/CIT/IUCC/DASC/PICOM.2015.291},
year = {2015},
date = {2015-10-01},
booktitle = {Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM)},
pages = {1966--1971},
publisher = {IEEE},
abstract = {During the last years, criminals have become aware of how digital evidences that lead them to courts and jail are collected and analyzed. Hence, they have started to develop anti-forensic techniques to evade, hamper, or nullify their evidences. Nowadays, these techniques are broadly used by criminals, causing the forensic analysis to be in a state of decay. To defeat against these techniques, forensic analyst need to first identify
them, and then to mitigate somehow their effects. In this paper, we review the anti-forensic techniques and propose a new taxonomy that relates them to the initial phase of a forensic process mainly affected by each technique. Furthermore, we introduce mitigation techniques for these anti-forensic techniques, considering the chance to overcome the anti-forensic techniques and the difficulty to apply them.},
keywords = {anti-forensics, categorization, forensics},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last years, criminals have become aware of how digital evidences that lead them to courts and jail are collected and analyzed. Hence, they have started to develop anti-forensic techniques to evade, hamper, or nullify their evidences. Nowadays, these techniques are broadly used by criminals, causing the forensic analysis to be in a state of decay. To defeat against these techniques, forensic analyst need to first identify
them, and then to mitigate somehow their effects. In this paper, we review the anti-forensic techniques and propose a new taxonomy that relates them to the initial phase of a forensic process mainly affected by each technique. Furthermore, we introduce mitigation techniques for these anti-forensic techniques, considering the chance to overcome the anti-forensic techniques and the difficulty to apply them.
them, and then to mitigate somehow their effects. In this paper, we review the anti-forensic techniques and propose a new taxonomy that relates them to the initial phase of a forensic process mainly affected by each technique. Furthermore, we introduce mitigation techniques for these anti-forensic techniques, considering the chance to overcome the anti-forensic techniques and the difficulty to apply them.
Marrone, Stefano; Rodríguez, Ricardo J; Nardone, Roberto; Flammini, Francesco; Vittorini, Valeria
On Synergies of Cyber and Physical Security Modelling in Vulnerability Assessment of Railway Systems Journal Article
In: Computers and Electrical Engineering, vol. 47, pp. 275–285, 2015, ISSN: 0045-7906.
Abstract | Links | BibTeX | Tags: Bayesian networks, Cyber-physical systems, Generalized stochastic Petri nets, UML, UML profile, Vulnerability assessment
@article{MRNFV-CAEE-15,
title = {On Synergies of Cyber and Physical Security Modelling in Vulnerability Assessment of Railway Systems},
author = {Stefano Marrone and Ricardo J Rodríguez and Roberto Nardone and Francesco Flammini and Valeria Vittorini},
url = {http://webdiis.unizar.es/~ricardo/files/papers/MRNFV-CAEE-15.pdf},
doi = {10.1016/j.compeleceng.2015.07.011},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {275--285},
abstract = {The multifaceted nature of cyber-physical systems needs holistic study methods to detect essential aspects and interrelations among physical and cyber components. Like the systems themselves, security threats feature both cyber and physical elements. Although to apply divide et impera approaches helps handling system complexity, to consider just one aspect at a time does not provide adequate risk awareness and hence does not allow to design the most appropriate countermeasures. To support this claim, in this paper we provide a joint application of two model-driven techniques for physical and cyber-security evaluation. We apply two UML profiles, namely SecAM (for cyber-security) and CIP_VAM (for physical security), in combination. In such a way, we demonstrate the synergy between both profiles and the need for their tighter integration in the context of a reference case study from the railway domain.},
keywords = {Bayesian networks, Cyber-physical systems, Generalized stochastic Petri nets, UML, UML profile, Vulnerability assessment},
pubstate = {published},
tppubtype = {article}
}
The multifaceted nature of cyber-physical systems needs holistic study methods to detect essential aspects and interrelations among physical and cyber components. Like the systems themselves, security threats feature both cyber and physical elements. Although to apply divide et impera approaches helps handling system complexity, to consider just one aspect at a time does not provide adequate risk awareness and hence does not allow to design the most appropriate countermeasures. To support this claim, in this paper we provide a joint application of two model-driven techniques for physical and cyber-security evaluation. We apply two UML profiles, namely SecAM (for cyber-security) and CIP_VAM (for physical security), in combination. In such a way, we demonstrate the synergy between both profiles and the need for their tighter integration in the context of a reference case study from the railway domain.
Rodríguez, Ricardo J; Merseguer, José; Bernardi, Simona
Modelling Security of Critical Infrastructures: A Survivability Assessment Journal Article
In: The Computer Journal, vol. 58, no. 10, pp. 2313–2327, 2015.
Abstract | Links | BibTeX | Tags: Security, sensitive analysis, software system engineering, Survivability, UML
@article{RMB-COMPJ-15,
title = {Modelling Security of Critical Infrastructures: A Survivability Assessment},
author = {Ricardo J Rodríguez and José Merseguer and Simona Bernardi},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RMB-COMPJ-15.pdf},
doi = {10.1093/comjnl/BXU096},
year = {2015},
date = {2015-10-01},
journal = {The Computer Journal},
volume = {58},
number = {10},
pages = {2313--2327},
abstract = {Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face with these situations, defense plans must be developed in advance. In this paper, we present a UML profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of systems development life-cycle. SecAM endows security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil pipeline network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimisation of attack damages into the crude-oil network.},
keywords = {Security, sensitive analysis, software system engineering, Survivability, UML},
pubstate = {published},
tppubtype = {article}
}
Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face with these situations, defense plans must be developed in advance. In this paper, we present a UML profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of systems development life-cycle. SecAM endows security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil pipeline network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimisation of attack damages into the crude-oil network.
Vila, José; Rodríguez, Ricardo J
Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited Proceedings Article
In: Proceedings of the 11th International Workshop on RFID Security (RFIDsec), pp. 87–103, Springer, 2015.
Abstract | Links | BibTeX | Tags: Android, contactless cards, contactless payment, NFC, relay attacks, Security
@inproceedings{VR-RFIDsec-15,
title = {Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited},
author = {José Vila and Ricardo J Rodríguez},
url = {http://webdiis.unizar.es/~ricardo/files/papers/VR-RFIDsec-15.pdf},
doi = {10.1007/978-3-319-24837-0_6},
year = {2015},
date = {2015-01-01},
booktitle = {Proceedings of the 11th International Workshop on RFID Security (RFIDsec)},
volume = {9440},
pages = {87--103},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasibility limitations when performing these attacks in Google's Android OS. We show an experiment proving its feasibility using off-the-shelf NFC-enabled Android devices (i.e., no custom firmware nor root required). Thus, Android NFC-capable malicious software might appear before long to virtually pickpocket contactless payment cards within its proximity.},
keywords = {Android, contactless cards, contactless payment, NFC, relay attacks, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasibility limitations when performing these attacks in Google's Android OS. We show an experiment proving its feasibility using off-the-shelf NFC-enabled Android devices (i.e., no custom firmware nor root required). Thus, Android NFC-capable malicious software might appear before long to virtually pickpocket contactless payment cards within its proximity.
Rodríguez, Ricardo J; Júlvez, Jorge; Merseguer, José
Quantification and Compensation of the Impact of Faults in System Throughput Journal Article
In: Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, vol. 227, no. 6, pp. 614–628, 2013.
Abstract | Links | BibTeX | Tags: fault-tolerant techniques, integer-linear programming, Performability, Petri nets
@article{RJM-JRR-13,
title = {Quantification and Compensation of the Impact of Faults in System Throughput},
author = {Ricardo J Rodríguez and Jorge Júlvez and José Merseguer},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RJM-JRR-13.pdf},
doi = {10.1177/1748006X13492284},
year = {2013},
date = {2013-12-01},
journal = {Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability},
volume = {227},
number = {6},
pages = {614--628},
abstract = {Performability relates the performance (throughput) and reliability of software systems whose normal behaviour may degrade owing to the existence of faults. These systems, naturally modelled as discrete event systems using shared resources, can incorporate fault-tolerant techniques to mitigate such a degradation. In this article, compositional fault-tolerant models based on Petri nets, which make its sensitive performability analysis easier, are proposed. Besides, two methods to compensate existence of faults are provided: an iterative algorithm to compute the number of extra resources needed, and an integer-linear programming problem that minimises the cost of incrementing resources and/or decrementing fault-tolerant activities. The applicability of the developed methods is shown on a Petri net that models a secure database system.},
keywords = {fault-tolerant techniques, integer-linear programming, Performability, Petri nets},
pubstate = {published},
tppubtype = {article}
}
Performability relates the performance (throughput) and reliability of software systems whose normal behaviour may degrade owing to the existence of faults. These systems, naturally modelled as discrete event systems using shared resources, can incorporate fault-tolerant techniques to mitigate such a degradation. In this article, compositional fault-tolerant models based on Petri nets, which make its sensitive performability analysis easier, are proposed. Besides, two methods to compensate existence of faults are provided: an iterative algorithm to compute the number of extra resources needed, and an integer-linear programming problem that minimises the cost of incrementing resources and/or decrementing fault-tolerant activities. The applicability of the developed methods is shown on a Petri net that models a secure database system.
Rodríguez, Ricardo J; Merseguer, José; Bernardi, Simona
Modelling and Analysing Resilience as a Security Issue within UML Proceedings Article
In: Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems (SERENE), pp. 42–51, ACM, London, United Kingdom, 2010.
Abstract | Links | BibTeX | Tags: Petri nets, Petri nets, Security, software system engineering, UML
@inproceedings{RMB-SERENE-10,
title = {Modelling and Analysing Resilience as a Security Issue within UML},
author = {Ricardo J Rodríguez and José Merseguer and Simona Bernardi},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RMB-SERENE-10.pdf},
doi = {10.1145/2401736.2401741},
year = {2010},
date = {2010-04-01},
booktitle = {Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems (SERENE)},
pages = {42--51},
publisher = {ACM},
address = {London, United Kingdom},
abstract = {Modelling system security is not common practise in software projects yet. Among other problems, there is not a widely accepted methodology which unifies the actual heterogeneity of security issues when addressing a whole security specification. Certainly, the reality is even worse since there is not an accepted or standard common notation for carrying out the security specification. In this work, we study how modelling security issues, specifically resilience, could be integrated in the MARTE-DAM framework, which allows the expression of performance and dependability requirements in UML models. We base this claim on the close relationship between security and dependability. Indeed, MARTE proposes a framework for non-functional properties specification (NFP), while DAM exploits it for dependability purposes. So, our goal is to take advantage of the common NFP framework while the dependability and security concerns are modelled in a unified view. On the other hand, we consider that the resulting security specification will be useful for developing model in which security related properties, such as availability, will be analysed. We will clarify these claims by means of an example.},
keywords = {Petri nets, Petri nets, Security, software system engineering, UML},
pubstate = {published},
tppubtype = {inproceedings}
}
Modelling system security is not common practise in software projects yet. Among other problems, there is not a widely accepted methodology which unifies the actual heterogeneity of security issues when addressing a whole security specification. Certainly, the reality is even worse since there is not an accepted or standard common notation for carrying out the security specification. In this work, we study how modelling security issues, specifically resilience, could be integrated in the MARTE-DAM framework, which allows the expression of performance and dependability requirements in UML models. We base this claim on the close relationship between security and dependability. Indeed, MARTE proposes a framework for non-functional properties specification (NFP), while DAM exploits it for dependability purposes. So, our goal is to take advantage of the common NFP framework while the dependability and security concerns are modelled in a unified view. On the other hand, we consider that the resulting security specification will be useful for developing model in which security related properties, such as availability, will be analysed. We will clarify these claims by means of an example.