Problems and Prospects of Security in the Transport Sector
The article deals with the problems of ensuring functional, informational and cyber security for vehicles and transport infrastructure facilities. The analysis of the factors causing the growth of threats to the transport sector has been carried out, the list of typical cyber attacks on the components of the transport infrastructure is given. The results of the analysis of the features of automated process control systems of technological processes of vehicles and transport infrastructure facilities are presented. Recommendations on the development of transport security systems are given taking into account the specifics of various types of transport
This paper is devoted to a currently active area of scholars' research - integrated quality management systems (IQMS). Despite the high prevalence of IQMS in the US and European economies, until recently, in Russian organizations, separate management systems for each particular area were considered to be the norm: ecology, quality management of products, health and safety of personnel, etc. The reasons for the low prevalence of IQMS in small organizations in Russia are observed. We discuss such major factors as, for instance, the lack of a unified model for the formation and implementation of an IQMS at the enterprise. The methods for calculating the costs of practical implementation of IQMS, depending on the resource and organizational requirements for improving the efficiency, are not standardized. Specific measures are proposed in order to encourage the development and penetration of IQMS in Russian organizations. Attention is paid to the development of remote outsourcing organizations that build integrated quality management systems for contracting firms and allow achieving economic efficiency through economies of scale, including through the virtual integration of several small and medium-sized enterprises. The issues of developing unified schemes for the implementation of IQMS for different types of organizations, depending on the industry and other specifics, were discussed.
This paper is devoted to the analysis of mergers and acquisitions in Russia. Using the statistical and econometric methods the estimation of macroeconomic and industry factors influence on the intensity of mergers and acquisitions processes by sectors of Russian industry is carried out. As a result the relationship between the activity of the redistribution process of the corporate control rights and some industry characteristics such as an involvement into the foreign trade, the relative industry size, the concentration of production is revealed.
The book contains selected papers that were presented on PhD Summer schools on Scientific Computing jointly organized by Waterford Institute of Technology, Lomonosov Moscow State University, Kyiv National Taras Shevchenko University, Saint-Petersburg State University and Nanjing University of Technology. The schoold were mainly organized in teleconference mode and linked researchers and PhD students from several countries.
Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems.
Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with an attack that can be carried out on most Distance Bounding Protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We additionally present a probabilistic analysis of this novel attack. As a formal model for representing and analyzing Cyber-Physical properties, we propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model, and show that for the important class of balanced theories the reachability problem is PSPACE-complete. We also show how our model can be implemented using the computational rewriting tool Maude, the machinery that automatically searches for such attacks.
This volume contains the papers selected for presentation at the 18th European Symposium on Research in Computer Security (ESORICS 2013), held during September 9–13, 2013, in Egham, UK. In response to the symposium’s call for papers, 242 papers were submitted to the conference from 38 countries. These papers were evaluated on the basis of their significance, novelty, technical quality, as well as on their practical impact and/or their level of advancement of the field’s foundations. The Program Committee’s work was carri ed out electronically, yielding in- tensive discussions over a period of a few weeks. Of the papers submitted, 43 were selected for presentation at the conf erence (resulting in an acceptance rate of 18%). We note that many top-quality submissions were not selected for pre- sentation because of the high technical level of the overall submissions, and we are certain that many of these submissions will, nevertheless, be published at other competitive forums in the future.
It is well-known that the Dolev-Yao adversary is a powerful adversary. Besides acting as the network, intercepting, sending, and composing messages, he can remember as much information as he needs. That is, his memory is unbounded.
We recently proposed a weaker Dolev-Yao like adversary, which also acts as the network, but whose memory is bounded. We showed that this Bounded Memory Dolev-Yao adversary, when given enough memory, can carry out many existing protocol anomalies. In particular, the known anomalies arise for bounded memory protocols, where there is only a bounded number of concurrent sessions and the honest participants of the protocol cannot remember an unbounded number of facts nor an unbounded number of nonces at a time. This led us to the question of whether it is possible to infer an upper-bound on the memory required by the Dolev-Yao adversary to carry out an anomaly from the memory restrictions of the bounded protocol. This paper answers this question negatively (Theorem 2).
The second contribution of this paper is the formalization of Progressing Collaborative Systems that may create fresh values, such as nonces. In this setting there is no unbounded adversary, although bounded memory adversaries may be present. We prove the NP-completeness of the reachability problem for Progressing Collaborative Systems that may create fresh values.
The article analyzes the issues of legal regulation concerning liability for offences in the field of information technology (cybercrime). Author outlines the main issues of regulation in the field of information technology, examines current approaches of Russian lawyers and expressed her own proposals to resolve issues in the designated area.