Laurens Lemaire

Formal Reasoning About Privacy and Trust in Loyalty Systems

Individuals disclose personal information to complex services via their front-end which interacts with underlying sub-services. The services involve multiple collaborating parties that may share the collected personal data to accurately profile individuals. Even though their data handling practices are declared in their privacy policies, they are still opaque for individuals. Data protection regulations restrain service providers to collect personal data that is strictly necessary for their purposes. The present paper shows the potential of a logic based framework for analyzing privacy of electronic services by applying the approach to two loyalty schemes. Different query types are defined that provide meaningful feedback for both end users and service designers.

A logic-based framework for the security analysis of Industrial Control Systems

Industrial Control Systems (ICS) are used for monitoring and controlling critical infrastructures such as power stations, waste water treatment facilities, traffic lights, and many more. Lately, these systems have become a popular target for cyber-attacks. Security is often an afterthought, leaving them vulnerable to all sorts of attacks. This article presents a formal approach for analysing the security of Industrial Control Systems, both during their design phase and while operational. A knowledge- based system is used to analyse a model of the control system and extract system vulnerabilities. The approach has been validated on an ICS in the design phase.

Extending FAST-CPS for the Analysis of Data Flows in Cyber-Physical Systems

Cyber-physical systems are increasingly automated and interconnected. Strategies like predictive maintenance are on the rise and as a result new streams of data will flow through these systems. This data is often confidential, which can be a problem in these low-security systems. In addition, more stakeholders are now involved and various cloud-based service providers are utilised. Companies often no longer know who gets to see their data.

Security Evaluation of Cyber-Physical Systems Using Automatically Generated Attack Trees

The security of cyber-physical systems (CPS) is often lacking. This abstract presents a methodology that performs a security evaluation of these systems by automatically generating attack trees based on the system model. The assessor can define different kinds of attackers and see how the attack tree is evaluated with respect to a specific type of attacker. Optimal attacker strategies are calculated and from here the most vulnerable elements of the system can be derived.

An Assessment of Security Analysis Tools for Cyber-Physical Systems

Cyber-Physical Systems are heavily used in today’s world. However, their security leaves much to be desired. Attacks such as the Stuxnet worm and the Ukrainian Grid Hack have shown that compromising these systems can have disastrous consequences.

Secure remote access to an industrial generator with mobile devices

Industrial generators are increasingly often connected to networks to allow users to remotely control them. This greatly improves the usability, but it also introduces additional security risks. This work investigates the security considerations that must be taken into account when remotely accessing these generators. Three different remote access architectures are proposed and compared with each other with regards to security. One of these is implemented in practice and thoroughly tested. The implemented architecture includes a secure connection, as well as user, server, and device authentication. For our case study we consider the iGenerator, a stand-alone power generator that produces energy from burning rapeseed oil. An embedded device is connected to this generator using a serial connection. A Wi-Fi dongle is attached to allow remote connections.