Search
dr hab. inż. Rafał Leszczyna
Employment
- Associate professor at Department of Informatics in Management
Publications
Filters
total: 54
Catalog Publications
-
Software Agents for Computer Network Security
PublicationThe chapter presents applications of multi-agent technology for design and implementation of agent-based systems intended to cooperatively solve several critical tasks in the area of computer network security. These systems are Agent-based Generator of Computer Attacks (AGCA), Multi-agent Intrusion Detection and Protection System (MIDPS), Agent-based Environment for Simulation of DDoS Attacks and Defense (AESAD) and Mobile Agent...
-
Security and Anonymity in Agent Systems
PublicationMany agent systems have been developed and suggested for commercial application. However, in spite of the significant potential offered by the agent paradigm, the lack of such important properties as security, anonymity and untracebility especially in open dynamical environment, such as the Internet, has blocked the active implementation of agent technologies. Protecting agent systems poses a more demanding challenge comparing...
-
ENISA Study: Challenges in Securing Industrial Control Systems
PublicationIn 2011, the European Network and Information Security Agency (ENISA) conducted a study in the domain of Industrial Control Systems (ICS). Its objective was to obtain the current view on the ICS protectionprimarily in Europe but also in the international context. The portrait' included threats, risks, and challenges in the area of ICS protection as well as national, pan European, and international initiatives on ICS security. The...
-
Data Model Development for Security Information Sharing in Smart Grids
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid, the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
-
Architecture supporting security of agent systems
PublicationW rozprawie zaproponowano nową architekturę bezpieczeństwa wspomagającą anonimowość w systemach agentowych. Moduł I architektury zapewnia funkcjonalność protokołu ochrony przed tropieniem (ang. untraceability), z tą zaletą, że nie wprowadza ograniczeń wobec agentów samodzielnie ustalających trasę własnej wędrówki. Stanowi rdzeń architektury, który zaimplementowano jako rozszerzenie platformy agentowej JADE, udostępniane publicznie...
-
Podejście do oceny bezpieczeństwa IT infrastruktur krytycznych
PublicationArtykuł przedstawia podejście do oceny bezpieczeństwa systemów informacyjnych stosowanych w infrastrukturach krytycznych. Prezentowany sposób oceny polega na dokładnej rekonstrukcji ocenianego systemu informacyjnego w laboratorium bezpieczeństwa IT, a następ-nie symulowaniu potencjalnych zagrożeń w systemie. Podejście zostało zastosowane przy weryfikacji bezpieczeństwa elektrowni. W rozdziale został opisany jeden z eksperymentów...
-
Metoda szacowania kosztu zarządzania bezpieczeństwem informacji i przykład jej zastosowania w zakładzie opieki zdrowotnej
PublicationKażdego roku rośnie liczba ataków komputerowych na jednostki administracji publicznej. Aby się przed nimi chronić instytucje powinny inwestować w skuteczne środki ochrony. W artykule przedstawiono metodę wspomagającą podejmowanie decyzji dotyczących tych inwestycji poprzez wskazanie kosztu jaki dana organizacja będzie musiała ponieść na działania zapewniające odpowiedni poziom bezpieczeństwa. W artykule opisano również studium...
-
Evaluating Security and Resilience of Critical Networked Infrastructures after Stuxnet
PublicationThe chapter presents the current configuration of the simulation environment for the evaluations of the security and resilience of critical networked infrastructures, which enables simulations of Stuxnet-like attacks. The configuration includes new features added to the MAlSim - Mobile Agent Malware Simulator after the advent of Stuxnet in reference to the experiments aiming at the security evaluation of a power plant which we...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognized by international and national standardization bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
Testy platformy SAN dla sektora elektroenergetycznego
PublicationWspółczesna infrastruktura elektroenergetyczna jest narażona na zagrożenia związane z dużą liczbą nowych luk i słabo- ści architektonicznych wynikających z szerszego wykorzystania technologii informacyjnych i komunikacyjnych (ang. Information and Communication Technologies – ICT). Połączenie infrastruktury elektroenergetycznej z Internetem naraża ją na nowe rodzaje ataków, takie jak ataki typu APT (ang. Advanced Persistent Threats)...
-
Koncepcja platformy wymiany informacji o incydentach cyberbezpieczeństwa dla krajowego systemu elektroenergetycznego
PublicationArtykuł opisuje wybrane zagadnienia związane z cyberbezpieczeństwem w sektorze elektroenergetyki. Jednym z elementów zapewniania bezpieczeństwa sieci elektro-energetycznej jest efektywna wymiana informacji o incydentach bezpieczeństwa. W jej ramach wszystkie zaangażowane podmioty systemu elektroenergetycznego, tj.: elektrownie, operatorzy systemów przesyłowych, operatorzy systemów dystrybucyjnych, dostawcy rozwiązań bezpieczeństwa,...
-
Badanie sieci świadomości sytuacyjnej dla infrastruktury elektroenergetycznej
PublicationWspółczesne systemy elektroenergetyczne są narażone na nowe rodzaje zagrożeń. Są one spowodowane lukami w zabezpieczeniach oraz słabościami architektonicznymi związanymi z szerszym zastosowaniem technologii teleinformatycznych (ICT) w tych systemach. Połączenie sieci elektroenergetycznych z Internetem naraża je na nowego rodzaju niebezpieczeństwa, takie jak ataki APT (ang. Advanced Persistent Threats) lub rozproszona odmowa usługi...
-
Nauczanie zagadnień cyberbezpieczeństwa w Unii Europejskiej – trendy, wyzwania
PublicationZnaczenie edukacji, szkoleń i podnoszenia świadomości zagadnień cyberbezpieczeństwa jest dziś, w erze społeczeństwa informacyjnego powszechnie uznane. W ostatnich latach w Unii Europejskiej pojawiło się wiele nowych inicjatyw związanych między innymi z rozwijaniem programów uniwersyteckich, przygotowywaniem specjalistycznych i profilowanych szkoleń, uruchamianiem masowych otwartych kursów online, a także badaniami opinii publicznej...
-
Evaluating the Cost of Personnel Activities in Cybersecurity Management: A Case Study
PublicationThe methods of cybersecurity costs' evaluation are inclined towards the cost of incidents or technological acquirements. At the same time, there are other, less visible costs related to cybersecurity that require proper recognition. These costs are associated with the actions and the time spent by employees on activities connected to cybersecurity management. The costs form a considerable component of cybersecurity expenditures,...
-
Choosing the Right Cybersecurity Solution: A Review of Selection and Evaluation Criteria
PublicationInformation technologies evolve continuously reaching pioneering areas that bring in new cybersecurity challenges. Security engineering needs to keep pace with the advancing cyberthreats by providing innovative solutions. At the same time, the foundations that include security and risk assessment methodologies should remain stable. Experts are offered with an extensive portfolio of solutions and an informed choice of a particular...
-
Nauczanie zarządzania bezpieczeństwem informacji: standardy i sposoby nauczania
PublicationPracownicy są najważniejszym ogniwem w ochronie informacji wewnątrz organizacji, gdyż to właśnie oni posiadają regularny dostęp do jej zasobów informacyjnych. Fakt ten jest dobrze rozpoznany przez krajowe oraz międzynarodowe instytucje standaryzujące, które w publikowanych normach zalecają kształcenie, szkolenia i podnoszenie świadomości pracowników jako kluczowy element strategii ochrony informacji przedsiębiorstw. W artykule...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognised by international and national standardisation bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
A Review of Traffic Analysis Attacks and Countermeasures in Mobile Agents' Networks
PublicationFor traditional, message-based communication, traffic analysis has been already studied for over three decades and during that time various attacks have been recognised. As far as mobile agents’ networks are concerned only a few, specific-scope studies have been conducted. This leaves a gap that needs to be addressed as nowadays, in the era of Big Data, the Internet of Things, Smart Infrastructures and growing concerns for privacy,...
-
An untraceability protocol for mobile agents and its enhanced security study
PublicationArtykuł przedstawia rozszerzoną analizę bezpieczeństwa zaproponowanego przez nas protokołu ochrony przed tropieniem (ang. untraceability protocol) dla agentów mobilnych. Jak dotąd, tak systematyczna analiza bezpieczeństwa nie została przeprowadzona. Co więcej, istniejące znane analizy bezpieczeństwa koncentrują się wyłącznie na atakujących wewnętrznych. Uważamy, że stworzona przez nas lista kontrolna ataków może posłużyć jako...
-
Tool support for detecting defects in object-oriented models
PublicationArtykuł przedstawia nową metodę analityczną UML-HAZOP oraz narzędzie wspomagające jej stosowanie. Metoda ukierunkowana jest na wykrywanie defektów we wczesnych fazach wytwarzania oprogramowania i koncentruje się na powszechnie stosowanych modelach opartych na metodyce obiektowej.
-
Podejście obiektowe w budowie dowodu zaufania do systemów informatycznych.
PublicationArtykuł prezentuje obiektowe podejście w budowie dowodów zaufania dla systemów informatycznych. Przedstawiono strukturę koncepcyjną takiego dowodu,omówiono sposób konstrukcji drzewa dowodowego wykorzystujący analizę modeli obiektowych badanego systemu. W artykule zaproponowano sposób tworzenia obiektowych modeli kontekstu dla rozpatrywanych żądań oraz podkreślono wagę precyzyjnego wyrażenia tego kontekstu. Ponadto omówiono...
-
Wspomaganie wykrywania defektów w modelach obiektowych.
PublicationModelowanie z zastosowaniem metodyki obiektowej jest powszechnie wykorzystywane w projektach informatycznych i stanowi jeden z kluczowych etapów procesu wytwarzania oprogramowania. Problemem związanym z modelowaniem jest łatwość wprowadzenia do modeli obiektowch defektów wynikających np. ze złego rozpoznania dziedziny problemowej, przyjmowania nieświadomych założeń lub zwykłych pomyłek edycyjnych. Istotne jest szybkie wykrycie...
-
Activity-based payments: alternative (anonymous) online payment model
PublicationElectronic payments are the cornerstone of web-based commerce. A steady decrease in cash usage has been observed, while various digital payment technologies are taking over. They process sensitive personal information raising concerns about its potentially illicit usage. Several payment models that confront this challenge have been proposed. They offer varying levels of anonymity and readiness for adoption. The aim of this study...
-
Selecting an Applicable Cybersecurity Assessment Framework: Qualitative Metrics-Based Multiple-Factor Analysis
PublicationRecently, a survey of cybersecurity assessment methods focused on general characteristics was conducted. Among its major findings, it revealed the methods’ adoption issues. This paper presents a follow-up to the study. It provides an in-depth analysis of the methods’ adoption-related properties based on qualitative metrics. As a result, the proposals which demonstrate a higher adoption potential were identified. The methods are...
-
Cost assessment of computer security activities
PublicationComprehensive cost-benefit analysis plays a crucial role in the decision-making process when it comes to investments in information security solutions. The cost of breaches needs to be analysed in the context of spending on protection measures. However, no methods exist that facilitate the quick and rough prediction of true expenditures on security protection systems. Rafal Leszczyna of Gdansk University of Technology presents...
-
Security Assessment of a Turbo-Gas Power Plant
PublicationCritical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.
-
Testing Situation Awareness Network for the Electrical Power Infrastructure
PublicationThe contemporary electrical power infrastructure is exposed to new types of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of Information and Communication Technologies (ICT) in such complex critical systems. The power grid interconnection with the Internet exposes the grid to new types of attacks, such as Advanced Persistent...
-
Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures
PublicationIn the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures' information systems. This chapter describes MAlSim - the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures...
-
Security Requirements and Controls for Incident Information Sharing in the Polish Power System
PublicationAmong the strategies of protecting information assets of the power system, sharing of information about current cybersecurity incidents between energy operators appears to be a prerequisite. Exchange of information leads to the effective detection of attacks and exploited vulnerabilities as well as the identification of countermeasures. This paper presents the results of continuation of our works on developing a secure and efficient...
-
Estimating the Cost of Cybersecurity Activities with CAsPeA: A Case Study and Comparative Analysis
PublicationContemporary approaches to the estimation of cybersecurity costs in organisations tend to focus on the cost of incidents or technological investments. However, there are other, less transparent costs related to cybersecurity management that need to be properly recognised in order to get a complete picture. These costs are associated with everyday activities and the time spent by employees on cybersecurity-related actions. Such...
-
Performance analysis of untraceability protocols for mobile agents using an adaptable framework
PublicationArtykuł przedstawia środowisko oceny wydajności protokołów ochrony przed tropieniem agentów mobilnych oraz wyniki analiz przeprowadzonych za jego pomocą. Chociaż środowisko projektowano i implementowano z myślą o ewaluacji zaproponowanych przez nas protokołów ochrony przed tropieniem, w trakcie badań okazało się, że może ono zostać również wykorzystane do badań całej klasy protokołów bezpieczeństwa dla agentów mobilnych. Chodzi...
-
Situational Awareness Network for the Electric Power System: the Architecture and Testing Metrics
PublicationThe contemporary electric power system is highly dependent on Information and Communication Technologies which results in its exposure to new types of threats, such as Advanced Persistent Threats (APT) or Distributed-Denial-of-Service (DDoS) attacks. The most exposed components are Industrial Control Systems in substations and Distributed Control Systems in power plants. Therefore, it is necessary to ensure the cyber security of...
-
Security information sharing for smart grids: Developing the right data model
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
-
EE-ISAC—Practical Cybersecurity Solution for the Energy Sector
PublicationA recent survey of cybersecurity assessment methods proposed by the scientific community revealed that their practical adoption constitutes a great challenge. Further research that aimed at identifying the reasons for that situation demonstrated that several factors influence the applicability, including the documentation level of detail, the availability of supporting tools, and the continuity of support. This paper presents the...
-
Security Information Sharing for the Polish Power System
PublicationThe Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation...
-
Aiming at methods’ wider adoption: Applicability determinants and metrics
PublicationNumerous computer science methods and techniques have been proposed by the scientific community. However, depending on the domain, only their minor fraction has met wider adoption. This paper brings attention to the concept of applicability - the notion that is well acknowledged in the scientific field but have not been analysed with respect to determinants, metrics and systematisation. The primary objective of the study was to...
-
Anonymity Architecture for Mobile Agent Systems
PublicationThe paper presents a new security architecture for MAS, which supports anonymity of agent owners. The architecture is composed of two main elements: Module I: Untraceability Protocol Infrastructure and Module II: Additional Untraceability Support. Module I is based on the recently proposed untraceability protocol for MAS and it forms the core of the anonymity architecture, which can be supported by the ele- ments of the second...
-
MAlSim - Mobile Agent Malware Simulator
PublicationOne of the problems related to the simulation of attacks against critical infrastructures is the lack of adequate tools for the simulation of malicious software (malware). Malware attacks are the most frequent in the Internet and they pose a serious threat against critical networked infrastructures. To address this issue we developed Mobile Agent Malware Simulator (MAISim). The framework uses the technology of mobile agents and...
-
Security Evaluation of IT Systems Underlying Critical Networked Infrastructures
PublicationCritical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation...
-
Threat intelligence platform for the energy sector
PublicationIn recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence that interlinks information sharing and fine-grained situation awareness. In this paper a framework which integrates all levels of threat intelligence...
-
An Approach to Trust Case Development
PublicationIn the paper we present an approach to the architectural trust case development for DRIVE, the IT infrastructure supporting the processes of drugs distribution and application. The objectives of DRIVE included safer and cheaper drugs distribution and application. A trust case represents an argument supporting the trustworthiness of the system. It is decomposed into claims that postulate some trust related properties. Claims differ...
-
Approaching Secure Industrial Control Systems
PublicationThis study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the...
-
Standards with cybersecurity controls for smart grid - A systematic analysis
PublicationIn recent years numerous standards related to the cybersecurity of smart grids have been published, which led to the challenge for operators in obtaining indications that match their specific objectives and contexts. Although several studies approached this problem by providing more or less comprehensive surveys and overviews of smart grid cybersecurity standards, none of them was dedicated to the actual and important subject of...
-
Cybersecurity in the Electricity Sector
PublicationThis book offers a systematic explanation of cybersecurity protection of electricity supply facilities, including discussion of related costs, relevant standards, and recent solutions. The author explains the current state of cybersecurity in the electricity market, and cybersecurity standards that apply in that sector. He then offers a systematic approach to cybersecurity management, including new methods of cybersecurity assessment,...
-
Developing Novel Solutions to Realise the European Energy - Information Sharing & Analysis Centre
PublicationFor more effective decision making in preparation for and response to cyberevents in the energy sector, multilevel situation awareness, from technical to strategic is essential. With an uncertain picture of evolving threats, sharing of the latest cybersecurity knowledge among all sector stakeholders can inform and improve decisions and responses. This paper describes two novel solutions proposed during the formation of the European...
-
Simulating Malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
-
Simulating malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems, i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
-
Evaluation of Open Source SIEM for Situation Awareness Platform in the Smart Grid Environment
PublicationThe smart grid as a large-scale system of systems has an exceptionally large surface exposed to cyber-attacks, including highly evolved and sophisticated threats such as Advanced Persistent Threats (APT) or Botnets. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. The smart grid requires developing and deploying an extensive ICT infrastructure that supports significantly...
-
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
-
Trust Case: justifying trust in an IT solution
PublicationW artykule prezentujemy podejście wykorzystane przy budowie dowodu zaufania (ang. trust case) do DRIVE, infrastruktury informatycznej wspomagającej dystrybucję i podawanie leków. Cele DRIVE obejmowały bezpieczniejszą i mniej kosztowną dystrybucję leków. Dowód zaufania reprezentuje argumentację przemawiającą za tym, że DRIVE jest godne zaufania. Składa się on z żądań (ang. claims) postulujących pewne związane z zaufaniem własności...
seen 3176 times