A System-Aware cyber security architecture

Systems Engineering

Volumn 15, Issue 2, 2012, Pages 225-240

  Jones, Rick A ^a   Horowitz, Barry ^a  

^a University of Virginia   (United States)

Author keywords

adaptive security; configuration hopping; cyber security; data integrity; evidence based; forensics; goal structuring notation; GSN; moving target; structured argument; System Aware

Indexed keywords

ADAPTIVE SECURITY; CONFIGURATION HOPPING; CYBER SECURITY; DATA INTEGRITY; EVIDENCE BASED; FORENSICS; GOAL STRUCTURING NOTATION; GSN; MOVING TARGETS; STRUCTURED ARGUMENT; SYSTEM-AWARE;

COMPUTER CRIME; COMPUTER SOFTWARE REUSABILITY; HARDWARE; NUCLEAR ENERGY; SECURITY SYSTEMS; SUPPLY CHAINS;

SECURITY OF DATA;

EID: 84862806715     PISSN: 10981241     EISSN: 15206858     Source Type: Journal    
DOI: 10.1002/sys.21206     Document Type: Article

References (26)

1. D. Albright, P. Brannan, and, C. Walrond, Did stuxnet take out 1,000 centrifuges? Institute for Science and International Security, Washington, DC, 2010.
2. J.L. Bayuk, and, B.M. Horowitz, An architectural systems engineering methodology for addressing cyber security, Syst Eng 14 (2011), 294-304.
3. J. Cai, V. Yegneswaran, C. Alfeld, and, P. Barford, Honeygames: A game theoretic approach to defending network monitors, Technical Report 1577, University of Wisconsin, Madison, 2006.
4. M., R. Clarkson, S. Chong, and, A.C. Myers, Civitas: Toward a secure voting system, IEEE Symp Security Privacy, 2008, pp. 354-368.
5. Defense Science Board, High performance microchip supply, Department of Defense, Washington, DC, 2005.
6. DoD, The Under Secretary of Defense for Acquisition Technology and Logistics and The Assistant Secretary of Defense for Networks and Information Integration DoD Chief Information Officer, Report on trusted defense systems, Department of Defense, Washington, DC, 2009.
7. N. Falliere, L.O. Murchu, and, E. Chien, W32.Stuxnet Dossier, Symantec, Mountain View, CA, 2011.
8. FDA, Guidance for industry: evidence-based review system for scientific evaluation of health claims, U.S. Department of Health and Human Services, Federal Drug Administration, Silver Spring, MD, 2009.
9. FDA, Guidance for industry and FDA staff: total product life cycle: infusion pump-premarket notification [510(k)] submissions, U.S. Department of Health and Human Services, Federal Drug Administration, Silver Spring, MD, 2010.
10. I., N. Fovino, M. Masera, and, A.D. Cian, Integrating cyber attacks within fault trees, Reliab Eng Syst Safety 94 (2009), 1394-1402.
11. A. Fujioka, and, T. Okamoto, A practical secret voting scheme for large scale elections, Adv Cryptol-AUSCRYPT' 92, 1992, pp. 244-251.
12. M. Howard, Writing secure code, 2nd edition, Microsoft Press, Seattle, WA, 2002.
13. ISO/IEC (International Organization for Standardization/International Electrotechnical Commission), Risk management-risk assessment techniques, ISO/IEC 31010, Geneva, Switzerland, 2009.
14. R.A. Jones, and, B.M. Horowitz, System-Aware cyber security, itng, 2011 Eighth Int Conf Inform Technol New Generations, 2011, pp. 914-917.
15. T.P. Kelly, and, R.A. Weaver,. The goal structuring notation-a safety argument notation, Proc Dependable Syst Networks Workshop Assurance Cases, 2004.
16. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and, S. Savage, Experimental security analysis of a modern automobile, IEEE Symp Security Privacy, Oakland, CA, 2010, pp. 447-462.
17. C. Menon, R. Hawkins, and, J. McDermid, Defence Standard 00-56 Issue 4: Towards evidence-based safety standards, Seventeenth Safety-Critical Syst Symp, 2009, pp. 223-243.
18. MoD, Defence Standard 00-56 Issue 4: Safety management requirements for defence systems, UK Ministry of Defence, London, 2007.
19. M.G. Noblett, M.M. Pollitt, and, L.A. Presely, Recovering and examining computer forensic evidence, Forensics Sci Commun 2 (4) (2000).
20. G.G. Preckshot, Method for performing diversity and defense-in-depth analyses of reactor protection systems, Nuclear Regulatory Commission (NRC), Washington, DC, December 1994.
21. B. Stackpole, and, P. Hanrion, Software deployment, updating, and patching, CRC Press, Boca Raton, FL, 2007.
22. G. Stoneburner, A. Goguen, and, A. Feringa, Risk management guide for information technology systems, Special Publication 800-03, NIST (National Institute of Standards and Technology), Gaithersburg, MD, 2002.
23. US Comptroller General, Report to Chairman, Committee on Government Operations, House of Representatives of the United States, Washington, DC, 1981.
24. L.M. Vaquero, L. Rodero-Merino, J. Caceres, and, M. Lindner, A break in the clouds towards a cloud definition, SIGCOMM Comput Commun Rev 39 (2009), 137-150.
25. F. Webber, P.P. Pal, M. Atighetchi, C. Jones, and, P. Rubel, Applications that participate in their own defense (APOD), BBN Technologies, Cambridge, MA, 2003.
26. W.A. dWulf, and, A.K. Jones, Reflections on cyber security, Sci Mag 326 (2009), 943-944.