Show simple item record

dc.contributor.authorJaatun, Martin Gilje
dc.identifier.citationSecurity in Critical Information Infrastructures by Martin Gilje Jaatun, Stavanger : University of Stavanger, 2015 (PhD thesis UiS, no. 254)nb_NO
dc.descriptionPhD thesis in Information technologynb_NO
dc.description.abstractInformation and Communication Technologies (ICT) are permeating the critical infrastructures that our modern society relies on, and ICT security is becoming increasingly important to all aspects of our lives. This dissertation presents security solutions from domains such as telecommunication, oil & gas, and aviation, and shows by contrasting with information about attacks and the threat of malware, that whereas a security architecture is necessary for all security solutions, software security is becoming vital to all types of development, not only security software. This dissertation addresses the following research questions: (i) How can handovers between wireless access points be performed se- curely without incurring delays that a ects VoIP user experience? The secure handover scheme using Kerberos tickets (Paper 2, Paper 3) allows for handover between 802.11 access points with a delay between 10 and 40 ms, also when the mobile station has never encountered the destination access point before. (ii) How can security functions be organized in a critical infrastructure network? The dissertation presents a novel, simple, yet elegant scheme for asset identi cation as part of the requirements elicitation process (Paper 4), and contrasts this with a requirements process in the aviation domain (Paper 5). Furthermore, two case studies demonstrating security architectures in two different domains are presented (Paper 1, Paper 7). Finally, the difficulty of measuring the security of software is discussed, emphasizing the importance of ensuring that the software engineering process includes secure software engineering practices, and that the level of adoption of such processes can be used to measure the secure software engineering maturity of an organization (Paper 6). (iii) How can a system survive a successful attack without alerting the attacker? The ISH system (Paper 9) represents a novel protection scheme where compromise of a component can be detected by multiple mechanisms, and the compromised component is removed from the system by being promoted to honeypot; achieving the dual goal of both isolating the attacker and providing intelligence on the attack to the defenders. (iv) How can a successful attack on a critical infrastructure system be mit- igated by incident handling? The IRMA method (Paper 8) is based on sustained interaction with the Norwegian oil & gas industry, and is tailored to this domain with a particular emphasis on learning from security incidents to improve handling of future incidents. (v) What is the threat posed by malware currently not detectable by signature-based anti-malware systems? The experiment reported in this dissertation (Paper 10) found that five computers with the latest version of various anti-malware software were infected by a total of 124 unique malware samples after two weeks of agressive internet activity. The dissertation discusses the challenges faced by security practitioners when convincing customers and other stakeholders of the need for security, and highlights the importance of making explicit tradeoffs between security on one hand, and cost, functionality and user-friendliness on the other.nb_NO
dc.publisherUniversity of Stavanger, Norwaynb_NO
dc.relation.ispartofseriesPhD thesis UiS;254
dc.relation.haspartA Security Architecture for an Open Broadband Access Network M. G. Jaatun, I. A. Tøndel, M. B. Line (nee Dahl), T. J. Wilke) Published in Proceedings of the 10th Nordic Conference on Secure IT Systems (NordSec 2005), Tartu, Estonianb_NO
dc.relation.haspartSecure Fast Handover in an Open Broadband Access Network using Kerberos-style Tickets M. G. Jaatun, I. A. Tøndel, F. Paint, T.H. Johannessen, J. C. Francis, C. Duranton Published in Security and Privacy in Dynamic Environments, IFIP International Federation for Information Processing Volume 201 (IFIP/SEC 2006)nb_NO
dc.relation.haspartExtending 3G/WiMAX Networks and Services through Residential Access Capacity F. Panken, G. Hoekstra, D. Barankira, J. C. Francis, R. Schwenderer, O. Grøndalen, M. G. Jaatun Published in IEEE Communications Magazinenb_NO
dc.relation.haspartCovering Your Assets in Software Engineering M. G. Jaatun, I. A. Tøndel Published in Proceedings of Third International Conference on Availability, Reliability and Security (ARES 2008)nb_NO
dc.relation.haspartSink or SWIM M. G. Jaatun, T. E. Fægri Published in Proceedings of Eighth International Conference on Availability, Reliability and Security (ARES 2013)nb_NO
dc.relation.haspartHunting for Aardvarks: Can Information Security be Measured? M. G. Jaatun Published in Multidisciplinary Research and Practice for Information Systems, Lecture Notes in Computer Science Volume 7465, 2012nb_NO
dc.relation.haspartSecure remote access to autonomous safety systems: A good practice approach M. G. Jaatun, M. B. Line, T. O. Grøtan Published in the International Journal of Autonomous and Adaptive Communications Systemsnb_NO
dc.relation.haspartA framework for incident response management in the petroleum in- dustry M. G. Jaatun, E. Albrechtsen, M. B. Line, I. A. Tøndel, O. H. Longva Published in the International Journal of Critical Infrastructure Protectionnb_NO
dc.relation.haspartSurvival by Deception M. G. Jaatun, A. A. Nyre, J. T. Sørensen Published in Computer Safety, Reliability, and Security, Lecture Notes in Computer Science Volume 4680 (Safecomp 2007)nb_NO
dc.relation.haspartFools Download Where Angels Fear to Tread M. G. Jaatun, J. Jensen, H. Vegge, F. M. Halvorsen, R. W. Nergård Published in IEEE Security & Privacy Magazinenb_NO
dc.rightsCopyright the author, all right reserved
dc.rightsNavngivelse 3.0 Norge*
dc.titleSecurity in Critical Information Infrastructuresnb_NO
dc.typeDoctoral thesisnb_NO
dc.subject.nsiVDP::Mathematics and natural science: 400::Information and communication science: 420nb_NO

Files in this item


This item appears in the following Collection(s)

Show simple item record

Copyright the author, all right reserved
Except where otherwise noted, this item's license is described as Copyright the author, all right reserved