STAM

The 4th International Workshop on Safety and Security Testing and Monitoring
  • Date
    Jul 30, 2024
  • Location
    SR04
  • Duration
    13:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Ana Rosa Cavalli
  • → Valentina Casola
  • → Erkuden Rios
  • → Wissam Mallouli
  • → Edgardo Montes de Oca

Accepted Paper

A Multi-layer Approach through Threat Modelling and Attack Simulation for Enhanced Cyber Security Assessment
Eider Iturbe (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain), Javier Arcas (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain), Erkuden Rios (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain)
Full Paper
There is a growing concern about the dynamic landscape of cyber security threats escalating, and the need for improvement in defence capabilities against emerging sophisticated incidents. In response, this paper presents a solution called the Cyber Incident Simulation System, which enables system security engineers to simulate cyber-physical attacks and incidents without the requirement to affect or disrupt the ongoing business operation of the system. Leveraging graph-based threat modelling and AI-generated incident data, the system empowers professionals to predict the effect of the incident within the system under study. The synthetic data is used by anomaly-based Intrusion Detection Systems (IDSs) and other additional security controls to improve their detection algorithms to enhance their accuracy and effectiveness. The Cyber Incident Simulation System is designed to enhance the cyber security measures through the simulation of various incident scenarios.
Workshop STAM
Automated Passport Control: Mining and Checking Models of Machine Readable Travel Documents
Stefan Marksteiner (AVL List Gmbh, Austria / Mälardalen University, Sweden), Marjan Sirjani (Mälardalen University, Sweden), Mikael Sjödin (Mälardalen University, Sweden)
Full Paper
Passports are part of critical infrastructure for a very long time. They also have been pieces of automatically processable information devices, more recently through the ISO/IEC 14443 (Near-Field Communication - NFC) protocol. For obvious reasons, it is crucial that the information stored on devices are sufficiently protected. The International Civil Aviation Organization (ICAO) specifies exactly what information should be stored on electronic passports (also Machine Readable Travel Documents - MRTDs) and how and under which conditions they can be accessed. We propose a model-based approach for checking the conformance with this specification in an automated and very comprehensive manner: we use automata learning to learn a full model of passport documents and use equivalence checking techniques (trace equivalence and bisimlarity) to check the conformance with an automaton modeled after the ICAO standard. The result is an automated (non-interactive), yet very thorough test for compliance. This approach can also be used with other applications for which a specification automaton can be modeled and is therfore broadly applicable.
Workshop STAM
A Framework for In-network Inference using P4
Huu Nghia Nguyen (Montimage, France), Manh-Dung Nguyen (Montimage, France), Edgardo Montes de Oca (Montimage, France)
Full Paper
Machine learning (ML) has been widely used in network security monitoring. Although, its application to highly data intensive use cases and those requiring ultra-low latency remains challenging. It is caused by the large amounts of network data and the need of transferring data to a central location hosting analyses services.

In this paper, we present a framework to perform in-network analysis by offloading ML inference tasks from end servers to P4-capable programmable network devices. This helps reducing transfer latency and, thus, allows faster attack detection and mitigation. It also improves privacy since the data is processed at the networking devices.

The paper also presents an experimental use-case of the framework to classify network traffic, and to early detect and rapidly mitigate against IoT malicious traffic.
Workshop STAM
AI-Powered Penetration Testing using Shennina: From Simulation to Validation
Stylianos Karagiannis (Ionian University - Department of Informatics, PDM, Greece), Camilla Fusco (University of Naples Federico II, Italy), Leonidas Agathos (PDM, Portugal), Wissam Mallouli (Montimage, France), Valentina Casola (University of Naples Federico II, Italy), Christoforos Ntantogian (Ionian University - Department of Informatics, Greece), Emmanouil Magkos (Department of Informatics, Ionian University, Corfu, Greece, Greece)
Full Paper
Artificial intelligence has been greatly improved nowadays, providing innovative approaches in cybersecurity both on offensive and defensive tactics. AI can be specifically utilized to automate and conduct penetration testing, a task that is usually time-intensive, involves high-costs, and requires cybersecurity professionals of high expertise. This research paper utilizes an AI penetration testing framework to validate and identify the impact and potential benefits of using AI on that perspective. More specifically, the research involves a validation process and tests the approach in a realistic environment to collect information and collect the relevant datasets. The research analyzes the behavior of the AI penetration testing framework in order to adapt and upgrade further. Finally, the research provides as a result the importance of using such frameworks or approaches to generate datasets and a methodology to retrieve the deep details of the attack simulation.
Workshop STAM
A comprehensive evaluation of interrupt measurement techniques for predictability in safety-critical systems
Daniele Lombardi (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy), Mario Barbareschi (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy), Salvatore Barone (Università degli Studi di Napoli - Federico II Department of Electrical Engineering and Information Technologies, Italy), Valentina Casola (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy)
Full Paper
In the last few decades, the increasing adoption of computer systems for monitoring and control applications has fostered growing attention to real-time behavior, i.e., the property that ensures predictable reaction times to external events. In this perspective, performance of the interrupt management mechanisms are among the most relevant aspects to be considered. Therefore, the service-latency of interrupts is one of the metrics considered while assessing the predictability of such systems. To this purpose, there are different techniques to estimate it, including the use of on-board timers, oscilloscopes and logic analyzers, or even real-time tracers. Each of these techniques, however, is affected by some degrees of inaccuracy, and choosing one over the other have pros and cons. In this paper, we review methodologies for measuring interrupt-latency from the scientific literature and, for the first time, we define an analytical model that we exploit to figure out measurement errors committed. Finally, we prove the effectiveness of the model relying on measurements taken from Xilinx MPSoC devices and present a case study whose purpose is to validate the proposed model.
Workshop STAM
AI4SOAR: A Security Intelligence Tool for Automated Incident Response
Manh-Dung Nguyen (Montimage EURL, France), Wissam Mallouli (Montimage EURL, France), Ana Rosa Cavalli (Montimage EURL, France), Edgardo Montes de Oca (Montimage EURL, France)
Full Paper
The cybersecurity landscape is fraught with challenges stemming from the increasing volume and complexity of security alerts. Traditional manual or semi-automated approaches to threat analysis and incident response often result in significant delays in identifying and mitigating security threats. In this paper, we address these challenges by proposing AI4SOAR, a security intelligence tool for automated incident response. AI4SOAR leverages similarity learning techniques and integrates seamlessly with the open-source SOAR platform Shuffle. We conduct a comprehensive survey of existing open-source SOAR platforms, highlighting their strengths and weaknesses. Additionally, we present a similarity-based learning approach to quickly identify suitable playbooks for incoming alerts. We implement AI4SOAR and demonstrate its application through a use case for automated incident response against SSH brute-force attacks.
Workshop STAM
Transfer Adversarial Attacks through Approximate Computing
Valentina Casola (University of Naples Federico II, Italy), Salvatore Della Torca (Università degli Studi di Napoli Federico II, Italy)
Full Paper
Convolutional Neural Networks (CNNs), have demonstrated remarkable performance across a range of domains, including computer vision and healthcare. However, they encounter challenges related to the increasing demands for resources and their susceptibility to adversarial attacks. Despite the significance of these challenges, they are often addressed independently in the scientific literature, which has led to conflicting findings.

In addressing the issue of resource demands, approaches have been developed which leverage the inherent error resilience of DNNs. The Approximate Computing (AxC) design paradigm reduces the resource requirements of DNNs by introducing controlled errors. With regard to the security domain, the objective is to develop precise adversarial attacks.

This paper introduces a novel technique for transferring adversarial attacks from CNN approximated through the AxC design paradigm (AxNNs), and other CNNs, regardless of their architecture and implementations. AxNNs are created by replacing components that require significant resources with approximate ones. Subsequently, adversarial attacks are generated targeting AxNNs and transferred to new CNNs.

The experimental results indicate that it is possible to transfer adversarial samples from an AxNN to target CNNs, especially whne the source AxNN has either a high accuracy, or an architecture that is deeper than the ones of the target CNNs.
Workshop STAM
NERO: Advanced Cybersecurity Awareness Ecosystem for SMEs
Charalambos Klitis (eBOS Technologies Ltd, Cyprus), Ioannis Makris (METAMIND INNOVATIONS IKE, Greece), Pavlos Bouzinis (METAMIND INNOVATIONS IKE, Greece), Dimitrios Christos Asimopoulos (METAMIND INNOVATIONS IKE, Greece), Wissam Mallouli (MONTIMAGE EURL, France), Kitty Kioskli (TRUSTILIO BV, Netherlands), Eleni Seralidou (TRUSTILIO BV, Netherlands), Christos Douligeris (UNIVERSITY OF PIRAEUS RESEARCH CENTER, Greece), Loizos Christofi (eBOS Technologies Ltd, Cyprus)
Full Paper
NERO represents a sophisticated Cybersecurity Ecosystem comprising five interconnected frameworks designed to deliver a Cybersecurity Awareness initiative, as advocated by ENISA as the optima
method for cultivating a security-centric mindset among employees to mitigate the impact of cyber threats. It integrates activities, resources, and training to nurture a culture of cybersecurity. NERO primarily equips SMEs with a repository of Cyber Immunity Toolkits, a Cyber Resilience Program, and Gamified Cyber Awareness Training, all accessible through a user-friendly Marketplace. The efficacy and performance of this concept will be affirmed through three distinct use case demonstrations across various sectors: Improving Patient Data Security in Healthcare with Cybersecurity Tools, Enhancing Supply Chain Resilience in the Transportation and Logistics Industry through Cybersecurity Awareness, and Elevating Financial Security via Enhanced Cybersecurity Awareness and Tools.
Workshop STAM
Towards the adoption of automated cyber threat intelligence information sharing with integrated risk assessment
Valeria Valdés Ríos (Université Paris-Saclay - Montimage, France), Fatiha Zaidi (Université Paris-Saclay, CNRS, ENS Paris-Saclay, Laboratoire Méthodes Formelles, France), Ana Rosa Cavalli (Institut Polytechnique, Telecom SudParis - Montimage, France), Angel Rego (Tecnalia, Basque Research and Technology Alliance (BRTA), Spain)
Full Paper
In the domain of cybersecurity, effective threat intelligence and information sharing are critical operations for ensuring appropriate and timely response against threats, but limited in automation, standardization, and user-friendliness in current platforms. This paper introduces a Cyber Threat Intelligence (CTI) Information Sharing platform, designed for critical infrastructures and cyber-physical systems. Our platform integrates existing cybersecurity tools and leverages digital twin technology, enhancing threat analysis and mitigation capabilities. It features an automated process for disseminating standardized and structured intelligence, utilizing the Malware Information Sharing Platform (MISP) for effective dissemination. A significant enhancement is the integration of risk assessment tools, which enriches the shared intelligence with detailed risk information, supporting an informed decision-making. The platform encompasses an user-friendly dashboard and a robust backend, streamlining the threat intelligence cycle and transforming raw data coming from diverse sources into actionable insights. Overall the CTI4BC platform presents a solution to overcome challenges in the CTI sharing, contributing to a more resilient cybersecurity domain.
Workshop STAM
The PRECINCT Ecosystem Platform for Critical Infrastructure Protection: Architecture, Deployment and Transferability
Djibrilla Amadou Kountche (AKKODIS Reaserach, France), Jocelyn Aubert (Luxembourg Institute of Science and Technology, Luxembourg), Manh Dung Nguyen (Montimage, France), Natalia Kalfa (ATTD, Greece), Nicola Durante (ENGINEERING, Italy), Cristiano Passerini (LEPIDA, Italy), Stephane Kuding (KONNECTA, Greece)
Full Paper
Critical infrastructures (CIs) are equipped with sensors and actuators which communicate using open (for e.g., MQTT, AMQP, CoAP, Modbus, DNP3) or commercially licensed protocols (LoRA, IEC 6870-5-101, Profibus) to share data and commands. The management of these systems are also built on Information Communication Technologies (ICT) which are considered as Critical Information Infrastructure (CII). As identified by a recent European Union Agency for Cybersecurity (ENISA) study, the software used in CIs are subjected to supply chain compromise of software dependencies, human error (misconfigurations), ransomware attack, Artificial Intelligence abuse, the usage of legacy systems inside cyber-physical systems within CIs. This paper presents an approach to re-use ICT tools for Critical Infrastructures Protection (CIP) exploiting Topology and Orchestration Specification for Cloud Applications (TOSCA), reference architectures and ICT automation tools as well as to describe, deploy and orchestrate them. Therefore, our proposed approach will help in the re-usability of the outcomes of CIP research projects and the transferability of knowledge gained during these projects and help researchers to identify human errors, ease system updates, recovery and identify conceptual errors in the CI software architectures
Workshop STAM
Automating Side-Channel Testing for Embedded Systems: A Continuous Integration Approach
Philipp Schloyer (Technical University of Applied Sciences Augsburg, Germany), Peter Knauer (Technical University of Applied Sciences Augsburg, Germany), Bernhard Bauer (Uni Augsburg, Germany), Dominik Merli (Technical University of Applied Sciences Augsburg, Germany)
Full Paper
Software testing is vital for strengthening the security of embedded systems by identifying and rectifying code errors, flaws and vulnerabilities. This is particularly significant when addressing vulnerabilities associated with side-channel attacks, given that they introduce a distinctive class of vulnerabilities, primarily subject to manual testing procedures. Manual testing remains prevalent despite advances in automation, posing challenges, particularly for complex environments. This research aims to automate embedded software testing on hardware in a modular and scalable manner, addressing the limitations of manual testing. We present a system designed to automate testing, including Side-Channel Analysis (SCA), in Continuous Integration (CI) environments, emphasizing accessibility and collaboration through open-source tools. Our evaluation setup based on GitLab, Jenkins and the ChipWhisperer framework shows that automating and integrating SCA in CI environments is possible in an efficient way.
Workshop STAM
A Framework Towards Assessing the Resilience of Urban Transport Systems
Gérald Rocher (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Jean-Yves Tigli (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Stéphane Lavirotte (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Nicolas Ferry (Université Côte d'Azur (UCA), Institut national de recherche en sciences et technologies du numérique (INRIA, Kairos), France)
Full Paper
As critical cyber-physical systems, urban transport systems are vul- nerable to natural disasters and deliberate attacks. Ensuring their resilience is crucial for sustainable operations and includes the abil- ity to withstand, absorb and recover efficiently from disruptions. Assessing the resilience of such systems requires a comprehensive set of performance indicators covering social, economic, organi- sational, environmental and technical concerns. In addition, the interdependence of the different modes of transport and the result- ing human activities requires the inclusion of the spatial dimension to capture potential cascading failures. Furthermore, the integration of both aleatory (data) and epistemic (modelling) uncertainties is essential for robust performance indicators.

Current methods for assessing the resilience of transport systems lack standardised performance indicator systems and assessment methods, making comparative analysis and benchmarking of dis- ruption management strategies difficult. This paper proposes a unified framework for modelling and assessing performance indica- tors for urban transport systems. The framework is demonstrated using a simulated scenario in Eclipse SUMO and paves the way for future research in this area.
Workshop STAM

Detail STAM 02/05

Topics of interest include, but are not limited to 03/05

  • Security requirements definition, modeling and analysis automation
  • CI/CD practices for requirements analysis, testing and monitoring
  • Vulnerability, threats and attacks modelling techniques
  • Risk assessment frameworks for complex systems
  • Security testing techniques and tools
  • Security monitoring techniques and tools
  • Testing and monitoring automation
  • Attacks tolerance in distributed environments
  • Resilience techniques evaluation for critical systems
  • ML/AI and Cybersecurity solutions
  • Trust and privacy assessment in complex environments
  • Cybersecurity for small businesses (MSEs and SMEs)
  • Security testing and monitoring for 5G/6G networks, cloud/Edge, CPS/IoT,
  • Critical Industrial systems, e-health etc.
  • Industrial experience reports

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Ana Rosa Cavalli
(HE ResilMesh) Institut Mines Telecom, France
Workshop Chairs Logo
Valentina Casola
University of Naples Federico II, Italy
Workshop Chairs Logo
Erkuden Rios
(HE DYNABIC, HE AI4CYBER) Tecnalia, Spain
Workshop Chairs Logo
Wissam Mallouli
(HE NERO, HE AI4CYBER) Montimage, France
Workshop Chairs Logo
Edgardo Montes de Oca
(HE DETERMINISTIC-6G, NATWORK) Montimage, France

Program Committee

Stefan Marksteiner | AVL, Austria
Andrea Pferscher | University of Oslo, Norway
Eider Iturbe | Tecnalia, Spain
Dragos Truscan | abo, Finland
Cristina Seceleanu | MDU, Sweden
Phu H. Nguyen | SINTEF, Norway
Panagiotis Radoglou-Grammatikis | University of Western Macedonia, Greece
Nicolas Ferry | University Cote d’Azur, France
Gürkan Gür | Zurich University of Applied Sciences (ZHAW), Switzerland
Charalambos Klitis | EBOS Technologies Limited, Cyprus
Martin Schneider | Fraunhofer FOKUS, Germany
Hui Song | SINTEF ICT, Norway
Menno Visscher | Massive Dynamic Sweden, Sweden
Alessandra De Benedictis | University of Naples Federico II, Italy
Fatiha Zaidi | University of Paris-Sud, France

Submission 05/05

Important Dates

Submission Deadline Apr 30, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
ARES EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium