A growing number of attacks and the introduction of new security standards, e.g. ISO 21434, are increasingly shifting the focus of industry and research to the cybersecurity of vehicles. Being cyber-physical systems, compromised vehicles can pose a safety risk to occupants and the environment. Updates over the air and monitoring of the vehicle fleet over its entire lifespan are therefore established in current and future vehicles. Elementary components of such a strategy are security sensors in the form of firewalls and intrusion detection systems, for example, and an operations center where monitoring and response activities are coordinated. A critical step in defending against, detecting, and remediating attacks is providing knowledge about the vehicle and fleet context. Whether a vehicle is driving on the highway or parked at home, what software version is installed, or what security incidents have occurred affect the legitimacy of data and network traffic. However, current security measures lack an understanding of how to operate in an adjusted manner in different contexts. This work is therefore dedicated to a concept to make security measures for vehicles context-aware. We present our approach, which consists of an object-oriented model of relevant context information within the vehicle and a Knowledge Graph for the fleet. With this approach, various use cases can be addressed, according to the different requirements for the use of context knowledge in the vehicle and operations center.

Object Oriented Security - Several software vulnerabilities emerge during the design phase of a software development process, which can be addressed using secure design patterns. However, using these patterns over web application vulnerabilities is comparatively more tricky for developers than using traditional design patterns. Although several practices exist for addressing software security vulnerabilities, they are sometimes difficult to reuse due to their implementation-specific nature. In this study, we discuss the secure design patterns that are intended to prevent vulnerabilities from being accidentally introduced into code or reduce the effects of flaws. The patterns are created by combining current best security design practices and adding security-specific functionality to the existing design patterns. Hence, this work outlines a convenient mechanism for deciding which secure design patterns to use for addressing online application vulnerabilities. We have demonstrated the applicability of our concept over a prevalent database security threat, namely SQL injection.

Object Oriented Security - Aerial surveillance plays an important role for security applications. It can be further used to monitor borders, restricted zones and critical infrastructure. With the help of drones one can perform surveillance and get the exact location of various objects. Aerial object detection comes with many challenges like the object size which can be as low as 20×20 pixels. Images taken from satellites are hundreds of megapixels. Traditional methods like Histogram of oriented gradients (HOG) and Scale invariant feature transformation (SIFT) were used to extract features from the objects. Then these features were given to machine learning classifier like logistic regression, Support vector machine (SVM) and Random forest (RF) for detection and classification. However, the issue with these methods is that they are highly inaccurate and generated many false detections and misclassifications too. With the evolution of Graphics processing units (GPU) and the introduction of convolutional neural networks (CNN) as well as Deep Learning algorithms situation got changed. Now, it is possible to extract more information and provide better accuracy. In this paper for object detection You only look once version 4 (YOLOv4) is used which is one of the state-of-the-art algorithms. It uses Darknet 53 which is a type of CNN as a backbone for feature extraction. In this work the YOLOv4 based proposed system detect and localize vehicles present in the restricted zone and then geotag them.

Object Oriented Security - Service-oriented architecture (SOA) is a widely adopted architecture that uses web services, which have become increasingly important in the development and integration of applications. Its purpose is to allow information system technologies to interact by exchanging messages between sender and recipient using the simple object access protocol (SOAP), an XML document, or the HTTP protocol.

Object Oriented Security - Smart distribution grids have new protection concepts known as fault self-healing whereby Intelligent Electronic Devices (IEDs) can automatically reconfigure the power circuits to isolate faults and restore power to the relevant sections. This is typically implemented with IEDs exchanging IEC 61850 Generic Object Oriented Substation Event (GOOSE) messages in a peer-to-peer communication network. However, a selfhealing application may be faced by challenges of emerging cyber-physical security threats. These can result in disruption to the applications’ operations thereby affecting the power system reliability. Blockchain is one technology that has been deployed in several applications to offer security and bookkeeping. In this paper, we propose a novel concept using blockchain as a second-tier security mechanism to support time-critical selfhealing operations in smart distribution grids. We show through a simulation study the impact of our proposed architecture when compared with a normal self healing architecture. The results show that our proposed architecture can achieve significant savings in time spent in no-power state by portions of the grid during cyber-physical attacks.

Object Oriented Security - In object-oriented software development, UML has become a de facto modeling standard. However, although UML is easy to understand and apply, it has inaccurate semantics, and UML is a semi-formal modeling language, which cannot be formally verified. Event-B is a formal method based on a large number of mathematical predicate logic, which is precise but difficult to understand and apply. Therefore, how to combine the advantages of UML diagram and Event-B method is the focus of the research. The previous transformation methods are based on the transformation from UML scatter diagram to Event-B, which is prone to conflict and inconsistency. Therefore, we propose a systematic transformation method that can realize the corresponding unification of elements in UML and those in Event-B. The general software system is a medium-sized system. We believe that the medium-sized system can be clearly expressed by using use case diagram, class diagram, state diagram and sequence diagram. In this paper, the transformation methods from these four diagrams to EventB are given respectively. The transformation method of the system is applied to the elevator control system which requires high safety and reliability. The system transformation method from UML to Event-B not only improves the accuracy of UML and is easy for software practitioners to use, but also enhances the comprehensibility of formal methods and is conducive to the promotion and application of formal methods.

Object Oriented Security - The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safetycritical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both highcriticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).

Object Oriented Security - At present, the traditional substation auxiliary control system is faced with the following four problems: poor real-time capability to abnormal response, high dependence on people when solving malfunctions, the communication, deployment and expansion of different underlying devices, and the lack of security mechanism. To solve these problems or optimize the functions, an intelligent substation auxiliary control system is proposed. The system innovatively applies OPC UA to the construction of the auxiliary control system. First, through the use of OPC UA s unique object-oriented modeling method as well as the joint specification modeling of OPC UA and IEC61850, to solve the data communication problems caused by heterogeneous devices. Second, applying the Client/Server mode to realize the remote access from authorized mobile clients and give instructions, to cope with abnormal conditions, which reduces the dependency on people. Clients of other authorized enterprises are allowed to access the working data of the devices they are interested in, makes full use of massive data and ensures the information security of the system. Third, Pub/Sub mode is applied to enable the underlying devices to communicate directly with each other through the middleware, which reduces the response time of equipment joint debugging and improve the real-time performance. In addition, through OPC UA, the industrial data of the system can be transmitted over the Internet, realizing the combination of the Internet of Things and the Internet, which is an idea of the combination of the two in the future.

Object Oriented Security - In Production System Engineering (PSE), domain experts aim at effectively and efficiently analyzing and mitigating information security risks to product and process qualities for manufacturing. However, traditional security standards do not connect security analysis to the value stream of the production system nor to production quality requirements. This paper aims at facilitating security analysis for production quality already in the design phase of PSE. In this paper, we (i) identify the connection between security and production quality, and (ii) introduce the Production Security Network (PSN) to efficiently derive reusable security requirements and design patterns for PSE. We evaluate the PSN with threat scenarios in a feasibility study. The study results indicate that the PSN satisfies the requirements for systematic security analysis. The design patterns provide a good foundation for improving the communication of domain experts by connecting security and quality concerns.

Object Oriented Security - For the last 20 years, the number of vulnerabilities has increased near 20 times, according to NIST statistics. Vulnerabilities expose companies to risks that may seriously threaten their operations. Therefore, for a long time, it has been suggested to apply security engineering – the process of accumulating multiple techniques and practices to ensure a sufficient level of security and to prevent vulnerabilities in the early stages of software development, including establishing security requirements and proper security testing. The informal nature of security requirements makes it uneasy to maintain system security, eliminate redundancy and trace requirements down to verification artifacts such as test cases. To deal with this problem, Seamless Object-Oriented Requirements (SOORs) promote incorporating formal requirements representations and verification means together into requirements classes.

Object Oriented Security - A growing number of attacks and the introduction of new security standards, e.g. ISO 21434, are increasingly shifting the focus of industry and research to the cybersecurity of vehicles. Being cyber-physical systems, compromised vehicles can pose a safety risk to occupants and the environment. Updates over the air and monitoring of the vehicle fleet over its entire lifespan are therefore established in current and future vehicles. Elementary components of such a strategy are security sensors in the form of firewalls and intrusion detection systems, for example, and an operations center where monitoring and response activities are coordinated. A critical step in defending against, detecting, and remediating attacks is providing knowledge about the vehicle and fleet context. Whether a vehicle is driving on the highway or parked at home, what software version is installed, or what security incidents have occurred affect the legitimacy of data and network traffic. However, current security measures lack an understanding of how to operate in an adjusted manner in different contexts. This work is therefore dedicated to a concept to make security measures for vehicles context-aware. We present our approach, which consists of an object-oriented model of relevant context information within the vehicle and a Knowledge Graph for the fleet. With this approach, various use cases can be addressed, according to the different requirements for the use of context knowledge in the vehicle and operations center.

Service-oriented architecture (SOA) is a widely adopted architecture that uses web services, which have become increasingly important in the development and integration of applications. Its purpose is to allow information system technologies to interact by exchanging messages between sender and recipient using the simple object access protocol (SOAP), an XML document, or the HTTP protocol. We will attempt to provide an overview and analysis of standards in the field of web service security, specifically SOAP messages, using Kerberos authentication, which is a computer network security protocol that provides users with high security for requests between two or more hosts located in an unreliable location such as the internet.Everything that has to do with Kerberos has to deal with systems that rely on data authentication.