National Institute of Standards and Technology における超伝導研究及び生活

Will Tracz, our esteemed editor and Used-Program salesman, has written an entertaining, non-technical book dealing with the practice (and lack of) of software reuse. Its a collection of essays, mostly rehashed (reused?) and updated from various columns and papers published over the years.. Its a short (a bit over 200 pages) easy reading and enjoyable book (I read most of it in one sitting). Some of the essays discuss what was printed in the past and a discussion of the current status of the points.

Safeware: System Safety and Computers

With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. In this paper, we study and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: 1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from the CPS components perspective, we focus on cyber, physical, and cyber-physical components; and 3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS, and smart cars). The model can be both abstract to show general interactions of components in a CPS application, and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection. With this intensive literature review, we attempt to summarize the state-of-the-art on CPS security, provide researchers with a comprehensive list of references, and also encourage the audience to further explore this emerging field.

https://ieeexplore.ieee.org/ielaam/6488907/8172502/7924372-aam.pdf

Cyber-Physical Systems Security—A Survey

https://ris.utwente.nl/ws/files/13291952/FTA_overview.pdf

Fault tree analysis

A review of cyber security risk assessment methods for SCADA systems

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

A survey of approaches combining safety and security for industrial control systems

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

Cross-fertilization between safety and security engineering

http://dslab.konkuk.ac.kr/Class/2012/12SIonSE/Key%20Papers/SEMA.pdf

Ludovic Pietre-Cambacedes

Papers

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

A survey of approaches combining safety and security for industrial control systems

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

Cross-fertilization between safety and security engineering

The SEMA referential framework: Avoiding ambiguities in the terms "security" and "safety"