Tauber, Markus

2021-05, Maksuti, Silia, Pickem, Michael, Zsilak, Mario, Stummer, Anna, Tauber, Markus, Wieschhoff, Marcus, Pirker, Dominic, Schmittner, Christoph, Delsing, Jerker

Drone based applications have progressed significantly in recent years across many industries, including agriculture. This paper proposes a sporadically connected cyber-physical system for assisting winemakers and minimizing the travel time to remote and poorly connected infrastructures. A set of representative diseases and conditions, which will be monitored by land-bound sensors in combination with multispectral images, is identified. To collect accurate data, a trustworthy and secured communication of the drone with the sensors and the base station should be established. We propose to use an Internet of Things framework for establishing a chain of trust by securely onboarding drones, sensors and base station, and providing self-adaptation support for the use case. Furthermore, we perform a security analysis of the use case for identifying potential threats and security controls that should be in place for mitigating them.

2013, Tauber, Markus, Bhatti, S. N., Melnikov, N., Schoenwaelder, J.

2017-12, Ivkić, Igor, Wolfauer, Stephan, Oberhofer, Thomas, Tauber, Markus

In a world, as complex and constantly changing as ours cloud computing is a driving force for shaping the IT landscape and changing the way we do business. Current trends show a world of people, things and services all digitally interconnected via the Internet of Things (IoT). This applies in particular to an industrial environment where smart devices and intelligent services pave the way for smart factories and smart businesses. This paper investigates in a use case driven study the potential of making use of smart devices to enable direct, automated and voice-controlled smart businesses. Furthermore, the paper presents an initial investigation on methodologies for measuring costs of cyber security controls for cloud services.

2011, Tauber, Markus, Kirby, G. N. C., Dearle, A.

2017-12, Bauer, Elisabeth, Schluga, Oliver, Maksuti, Silia, Bicaku, Ani, Hofbauer, David, Ivkić, Igor, Wöhrer, Alexander, Tauber, Markus

The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.

2019-10, Maksuti, Silia, Tauber, Markus, Delsing, Jerker

Cyber-physical production systems are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components. In order to make these systems interoperable with each other for addressing Industry 4.0 applications a number of service-oriented architecture frameworks are developed. Such frameworks are composed by a number of services, which are inherently dynamic by nature and thus imply the need for self-adaptation. In this paper we propose generic autonomic management as a service and show how it can be integrated in the Arrowhead framework. We propose generic and reusable interfaces for each phase of the autonomic control loop in order to increase the usability of the service for other frameworks and application systems, while reducing the software engineering effort. To show the utility of our approach in the Arrowhead framework we use a climate control application as a representative example.

2019, Schmittner, Christoph, Christl, Korbinian, Macher, Georg, Knapitsch, Johannes, Parapatits, Martin, Tauber, Markus, Pichler, Harald, Gnauer, Clemens

Population growth and food development are two of the major challenges for society. While smart farming can help, available arable land is restricted. Smart industrial indoor farming has the potential to increase agricultural production while also reducing resources usage. To guarantee a reliable food supply, we need to ensure a dependable system, which protects not only the plants, but also the Intellectual property (IP). We give an overview about the challenges on agriculture, available indoor farming systems and standards for smart farming. We evaluate the standards for applicability towards indoor farming and present a use case for a smart industrial indoor farming system. To assure a dependable system, we present a methodology to analyze the system and achieve a trade-off between different dependability attributes.

2019-01, Ivkić, Igor, Mauthe, Andreas, Tauber, Markus

In times of Industry 4.0 and cyber-physical systems (CPS) providing security is one of the biggest challenges. A cyber attack launched at a CPS poses a huge threat, since a security incident may affect both the cyber and the physical world. Since CPS are very flexible systems, which are capable of adapting to environmental changes, it is important to keep an overview of the resulting costs of providing security. However, research regarding CPS currently focuses more on engineering secure systems and does not satisfactorily provide approaches for evaluating the resulting costs. This paper presents an interaction-based model for evaluating security costs in a CPS. Furthermore, the paper demonstrates in a use case driven study, how this approach could be used to model the resulting costs for guaranteeing security.

2018-03, Schluga, Oliver, Bauer, Elisabeth, Bicaku, Ani, Maksuti, Silia, Tauber, Markus, Wöhler, Alexander

The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.

2014-09-16, Plosz, S., Lesjak, C., Pereira, N., Tauber, Markus, Ruprechter, T.

Due to its availability and low cost, the use of wireless communication technologies increases in domains beyond the originally intended usage areas, e.g. M2M communication in industrial applications. Such industrial applications often have specific security requirements. Hence, it is important to understand the characteristics of such applications and evaluate the vulnerabilities bearing the highest risk in this context. We present a comprehensive overview of security issues and features in existing WLAN, NFC and ZigBee standards, investigating the usage characteristics of these standards in industrial environments. We apply standard risk assessment methods to identify vulnerabilities with the highest risk across multiple technologies. We present a threat catalogue, conclude in which direction new mitigation methods should progress and how security analysis methods should be extended to meet requirements in the M2M domain.