Research Outputs

2021 2021 2020 2020 2019 2019 2018 2018 2017 2017 2016 2016 2015 2015 2014 2014 2013 2013 2012 2012 0.0 0.0 1.0 1.0 2.0 2.0 3.0 3.0 4.0 4.0 5.0 5.0
Now showing 1 - 10 of 29
  • Publication
    Establishing a Chain of Trust in a Sporadically Connected Cyber-Physical System
    (IEEE, 2021-05) ; ; ;
    Stummer, Anna 
    ;
    ; ;
    Pirker, Dominic 
    ;
    Schmittner, Christoph 
    ;
    Delsing, Jerker 
    Drone based applications have progressed significantly in recent years across many industries, including agriculture. This paper proposes a sporadically connected cyber-physical system for assisting winemakers and minimizing the travel time to remote and poorly connected infrastructures. A set of representative diseases and conditions, which will be monitored by land-bound sensors in combination with multispectral images, is identified. To collect accurate data, a trustworthy and secured communication of the drone with the sensors and the base station should be established. We propose to use an Internet of Things framework for establishing a chain of trust by securely onboarding drones, sensors and base station, and providing self-adaptation support for the use case. Furthermore, we perform a security analysis of the use case for identifying potential threats and security controls that should be in place for mitigating them.
      126  1
  • Publication
    On the Cost of Cyber Security in Smart Business
    (IEEE (UK) - 12th International Conference for Internet Technology and Secured Transactions (ICITST-2017), 2017-12) ;
    Wolfauer, Stephan 
    ;
    Oberhofer, Thomas 
    ;
    In a world, as complex and constantly changing as ours cloud computing is a driving force for shaping the IT landscape and changing the way we do business. Current trends show a world of people, things and services all digitally interconnected via the Internet of Things (IoT). This applies in particular to an industrial environment where smart devices and intelligent services pave the way for smart factories and smart businesses. This paper investigates in a use case driven study the potential of making use of smart devices to enable direct, automated and voice-controlled smart businesses. Furthermore, the paper presents an initial investigation on methodologies for measuring costs of cyber security controls for cloud services.
      148Scopus© Citations 5
  • Publication
    A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology
    (2015)
    Hudic, A. 
    ;
    ;
    Loruenser, T. 
    ;
    Krotsiani, M. 
    ;
    Spanoudakis, G. 
    ;
    Mauthe, A. 
    ;
    Weippl, E. 
    Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files.
      153  3Scopus© Citations 8
  • Publication
    Operations security evaluation of IaaS-cloud backend for industry 4.0
    The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.
      208  2Scopus© Citations 1
  • Publication
    Smart industrial indoor farming - Technical and societal challenges
    (Trauner, 2019)
    Schmittner, Christoph 
    ;
    Christl, Korbinian 
    ;
    Macher, Georg 
    ;
    Knapitsch, Johannes 
    ;
    Parapatits, Martin 
    ;
    ; ;
    Population growth and food development are two of the major challenges for society. While smart farming can help, available arable land is restricted. Smart industrial indoor farming has the potential to increase agricultural production while also reducing resources usage. To guarantee a reliable food supply, we need to ensure a dependable system, which protects not only the plants, but also the Intellectual property (IP). We give an overview about the challenges on agriculture, available indoor farming systems and standards for smart farming. We evaluate the standards for applicability towards indoor farming and present a use case for a smart industrial indoor farming system. To assure a dependable system, we present a methodology to analyze the system and achieve a trade-off between different dependability attributes.
      127  1
  • Publication
    Towards a Security-Aware Benchmarking Framework for Function-as-a-Service
    In a world, where complexity increases on a daily basis the Function-as-a-Service (FaaS) cloud model seams to take countermeasures. In comparison to other cloud models, the fast evolving FaaS increasingly abstracts the underlying infrastructure and refocuses on the application logic. This trend brings huge benefits in application and performance, but comes with difficulties for benchmarking cloud applications. In this position paper, we present an initial investigation of benchmarking FaaS in close to reality production systems. Furthermore, we outline the architectural design including the necessary benchmarking metrics. We also discuss the possibility of using the proposed framework for identifying security vulnerabilities.
      229  1Scopus© Citations 3
  • Publication
    The Case for Heterogeneous WLAN Environments for Converged Networks
    (2013) ;
    Bhatti, S. N. 
    ;
    Melnikov, N. 
    ;
    Schoenwaelder, J. 
      105  1
  • Publication
    Connected cars — Threats, vulnerabilities and their impact
    (IEEE, 2018-05) ; ;
    Schmittner, Christoph 
    ;
    ; ;
    Delsing, Jerker 
    The growing demand for interoperability between system components within a connected car has led to new security challenges in automotive development. The existing components, based on established technology, are often being combined to form such a connected car. For such established technologies, individual, often sector specific threat and vulnerability catalogs exist. The aim of this paper is to identify blocks of established technologies in a connected car and to consolidate the corresponding threat and vulnerability catalogs relevant for the individual constituent components. These findings are used to estimate the impact on specific system components and subsystems to identify the most crucial components and threats.
      221  1Scopus© Citations 15