The Experts below are selected from a list of 219 Experts worldwide ranked by ideXlab platform
Patrick Mcdaniel - One of the best experts on this subject based on the ideXlab platform.
-
Structured Security Testing in the Smartgrid
2015Co-Authors: Patrick Mcdaniel, Stephan MclaughlinAbstract:Abstract—The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI “smart meters” report real time usage data that enables efficient energy gener-ation and use. However, aggressive deployments often outpace security efforts: new devices from a dizzying array of Vendors are being introduced into grids with limited understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. We provide a detailed example of one such attack as tested using our developed methodology. I
-
ISCCSP - Structured security testing in the smart grid
2012 5th International Symposium on Communications Control and Signal Processing, 2012Co-Authors: Patrick Mcdaniel, Stephan MclaughlinAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI “smart meters” report real time usage data that enables efficient energy generation and use. However, aggressive deployments often outpace security efforts: new devices from a dizzying array of Vendors are being introduced into grids with limited understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. We provide a detailed example of one such attack as tested using our developed methodology.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
ACSAC - Multi-Vendor penetration testing in the advanced metering infrastructure
Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
M.f. Robinson - One of the best experts on this subject based on the ideXlab platform.
-
EURO-DAC - Technology independent boundary scan synthesis (design flow issues)
Proceedings of EURO-DAC 93 and EURO-VHDL 93- European Design Automation Conference, 1993Co-Authors: M.f. RobinsonAbstract:A design flow paradigm that integrates technology independent boundary scan synthesis into a chip design methodology is presented. The approach accommodates Multiple Vendor boundary scan technologies and the requirements of (sometimes non-1149.1-compliant) user specified boundary scan architectures. Boundary scan synthesis is described and design-specific requirements, 1149.1 compliance verification, boundary scan manufacturing test, and interfacing with the board and system test environments are discussed. >
-
ITC - Technology-independent boundary scan synthesis (technology and physical issues)
Proceedings of IEEE International Test Conference - (ITC), 1Co-Authors: M.f. Robinson, Frederic Mailhot, James L. KonsevichAbstract:The paper presents key technology and physical issues associated with a boundary scan synthesis system. The system accommodates Multiple Vendor technologies and the requirements of (sometimes non-1149.1 compliant) user specified boundary scan architectures that access core test structures. >
Stephen Mclaughlin - One of the best experts on this subject based on the ideXlab platform.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
ACSAC - Multi-Vendor penetration testing in the advanced metering infrastructure
Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
Ali Diabat - One of the best experts on this subject based on the ideXlab platform.
-
Multiple-Vendor, Multiple-retailer based Vendor-managed inventory
Annals of Operations Research, 2016Co-Authors: Xianpei Hong, Wang Chunyuan, Lei Xu, Ali DiabatAbstract:Vendor-managed inventory is a coordinated system where a Vendor decides about the retailer’s replenishment quantity and time. This work studies a two-echelon distribution work composed of Multiple Vendors and retailers in traditional and Vendor-managed inventory systems where unsatisfied demands are lost sales. We also consider that the retailers’ demand is stochastic following a uniform distribution. The mathematical models are developed and applied in Vendor-managed inventory and traditional systems. Under the traditional supply chain, the Vendor incurs the cost of holding and production setup, while a retailer incurs expenses for inventory holding, ordering, transportation and lost sales. In a Vendor-managed inventory system, as the Vendor is responsible for his retailers, the retailer’s costs are transferred to the Vendor. We aim to identify benefits of Vendor-managed inventory. The total cost per unit time is used as a comparable measure between Vendor-managed inventory and traditional systems. Numerical examples and a sensitivity analysis of key parameters include the Vendor’s setup cost and holding cost; the retailer’s transportation and ordering costs are presented in both Vendor-managed inventory and traditional systems. The results illustrate that Vendor-managed inventory total system inventory cost is lower than a traditional system where shortage is allowed. Copyright Springer Science+Business Media New York 2016
-
Multiple-Vendor, Multiple-retailer based Vendor-managed inventory
Annals of Operations Research, 2015Co-Authors: Xianpei Hong, Wang Chunyuan, Ali DiabatAbstract:Vendor-managed inventory is a coordinated system where a Vendor decides about the retailer’s replenishment quantity and time. This work studies a two-echelon distribution work composed of Multiple Vendors and retailers in traditional and Vendor-managed inventory systems where unsatisfied demands are lost sales. We also consider that the retailers’ demand is stochastic following a uniform distribution. The mathematical models are developed and applied in Vendor-managed inventory and traditional systems. Under the traditional supply chain, the Vendor incurs the cost of holding and production setup, while a retailer incurs expenses for inventory holding, ordering, transportation and lost sales. In a Vendor-managed inventory system, as the Vendor is responsible for his retailers, the retailer’s costs are transferred to the Vendor. We aim to identify benefits of Vendor-managed inventory. The total cost per unit time is used as a comparable measure between Vendor-managed inventory and traditional systems. Numerical examples and a sensitivity analysis of key parameters include the Vendor’s setup cost and holding cost; the retailer’s transportation and ordering costs are presented in both Vendor-managed inventory and traditional systems. The results illustrate that Vendor-managed inventory total system inventory cost is lower than a traditional system where shortage is allowed.
Adam Delozier - One of the best experts on this subject based on the ideXlab platform.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
ACSAC - Multi-Vendor penetration testing in the advanced metering infrastructure
Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.
-
multi Vendor penetration testing in the advanced metering infrastructure
Annual Computer Security Applications Conference, 2010Co-Authors: Stephen Mclaughlin, Sergei Miadzvezhanka, Adam Delozier, Dmitry Podkuiko, Patrick McdanielAbstract:The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of Vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across Multiple-Vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to Vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with Multiple Vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.