• Workshops
  • Accepted Papers
  • Attending ARES & DOD
  • Social Events
  • Presenter Information
  • Venue and Location
  • Co-located Conferences
  • ICS-CSR 2024
  • Archive
  • Registration & Visa
  • STAM

    The 4th International Workshop on Safety and Security Testing and Monitoring
    • Date
      Jul 30, 2024
    • Location
      SR04
    • Duration
      13:00 — 18:30
    Workshops Lettering

    Workshop Chairs

    Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
    • → Ana Rosa Cavalli
    • → Valentina Casola
    • → Erkuden Rios
    • → Wissam Mallouli
    • → Edgardo Montes de Oca

    Accepted Paper

    A Multi-layer Approach through Threat Modelling and Attack Simulation for Enhanced Cyber Security Assessment
    Eider Iturbe (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain), Javier Arcas (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain), Erkuden Rios (TECNALIA Research Innovation, Basque Research and Technology Alliance (BRTA), Spain)
    Full Paper
    There is a growing concern about the dynamic landscape of cyber security threats escalating, and the need for improvement in defence capabilities against emerging sophisticated incidents. In response, this paper presents a solution called the Cyber Incident Simulation System, which enables system security engineers to simulate cyber-physical attacks and incidents without the requirement to affect or disrupt the ongoing business operation of the system. Leveraging graph-based threat modelling and AI-generated incident data, the system empowers professionals to predict the effect of the incident within the system under study. The synthetic data is used by anomaly-based Intrusion Detection Systems (IDSs) and other additional security controls to improve their detection algorithms to enhance their accuracy and effectiveness. The Cyber Incident Simulation System is designed to enhance the cyber security measures through the simulation of various incident scenarios.
    Workshop STAM
    Automated Passport Control: Mining and Checking Models of Machine Readable Travel Documents
    Stefan Marksteiner (AVL List Gmbh, Austria / Mälardalen University, Sweden), Marjan Sirjani (Mälardalen University, Sweden), Mikael Sjödin (Mälardalen University, Sweden)
    Full Paper
    Passports are part of critical infrastructure for a very long time. They also have been pieces of automatically processable information devices, more recently through the ISO/IEC 14443 (Near-Field Communication - NFC) protocol. For obvious reasons, it is crucial that the information stored on devices are sufficiently protected. The International Civil Aviation Organization (ICAO) specifies exactly what information should be stored on electronic passports (also Machine Readable Travel Documents - MRTDs) and how and under which conditions they can be accessed. We propose a model-based approach for checking the conformance with this specification in an automated and very comprehensive manner: we use automata learning to learn a full model of passport documents and use equivalence checking techniques (trace equivalence and bisimlarity) to check the conformance with an automaton modeled after the ICAO standard. The result is an automated (non-interactive), yet very thorough test for compliance. This approach can also be used with other applications for which a specification automaton can be modeled and is therfore broadly applicable.
    Workshop STAM
    A Framework for In-network Inference using P4
    Huu Nghia Nguyen (Montimage, France), Manh-Dung Nguyen (Montimage, France), Edgardo Montes de Oca (Montimage, France)
    Full Paper
    Machine learning (ML) has been widely used in network security monitoring. Although, its application to highly data intensive use cases and those requiring ultra-low latency remains challenging. It is caused by the large amounts of network data and the need of transferring data to a central location hosting analyses services.

    In this paper, we present a framework to perform in-network analysis by offloading ML inference tasks from end servers to P4-capable programmable network devices. This helps reducing transfer latency and, thus, allows faster attack detection and mitigation. It also improves privacy since the data is processed at the networking devices.

    The paper also presents an experimental use-case of the framework to classify network traffic, and to early detect and rapidly mitigate against IoT malicious traffic.
    Workshop STAM
    AI-Powered Penetration Testing using Shennina: From Simulation to Validation
    Stylianos Karagiannis (Ionian University - Department of Informatics, PDM, Greece), Camilla Fusco (University of Naples Federico II, Italy), Leonidas Agathos (PDM, Portugal), Wissam Mallouli (Montimage, France), Valentina Casola (University of Naples Federico II, Italy), Christoforos Ntantogian (Ionian University - Department of Informatics, Greece), Emmanouil Magkos (Department of Informatics, Ionian University, Corfu, Greece, Greece)
    Full Paper
    Artificial intelligence has been greatly improved nowadays, providing innovative approaches in cybersecurity both on offensive and defensive tactics. AI can be specifically utilized to automate and conduct penetration testing, a task that is usually time-intensive, involves high-costs, and requires cybersecurity professionals of high expertise. This research paper utilizes an AI penetration testing framework to validate and identify the impact and potential benefits of using AI on that perspective. More specifically, the research involves a validation process and tests the approach in a realistic environment to collect information and collect the relevant datasets. The research analyzes the behavior of the AI penetration testing framework in order to adapt and upgrade further. Finally, the research provides as a result the importance of using such frameworks or approaches to generate datasets and a methodology to retrieve the deep details of the attack simulation.
    Workshop STAM
    A comprehensive evaluation of interrupt measurement techniques for predictability in safety-critical systems
    Daniele Lombardi (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy), Mario Barbareschi (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy), Salvatore Barone (Università degli Studi di Napoli - Federico II Department of Electrical Engineering and Information Technologies, Italy), Valentina Casola (University of Naples Federico II Department of Electrical Engineering and Information Technologies, Italy)
    Full Paper
    In the last few decades, the increasing adoption of computer systems for monitoring and control applications has fostered growing attention to real-time behavior, i.e., the property that ensures predictable reaction times to external events. In this perspective, performance of the interrupt management mechanisms are among the most relevant aspects to be considered. Therefore, the service-latency of interrupts is one of the metrics considered while assessing the predictability of such systems. To this purpose, there are different techniques to estimate it, including the use of on-board timers, oscilloscopes and logic analyzers, or even real-time tracers. Each of these techniques, however, is affected by some degrees of inaccuracy, and choosing one over the other have pros and cons. In this paper, we review methodologies for measuring interrupt-latency from the scientific literature and, for the first time, we define an analytical model that we exploit to figure out measurement errors committed. Finally, we prove the effectiveness of the model relying on measurements taken from Xilinx MPSoC devices and present a case study whose purpose is to validate the proposed model.
    Workshop STAM
    AI4SOAR: A Security Intelligence Tool for Automated Incident Response
    Manh-Dung Nguyen (Montimage EURL, France), Wissam Mallouli (Montimage EURL, France), Ana Rosa Cavalli (Montimage EURL, France), Edgardo Montes de Oca (Montimage EURL, France)
    Full Paper
    The cybersecurity landscape is fraught with challenges stemming from the increasing volume and complexity of security alerts. Traditional manual or semi-automated approaches to threat analysis and incident response often result in significant delays in identifying and mitigating security threats. In this paper, we address these challenges by proposing AI4SOAR, a security intelligence tool for automated incident response. AI4SOAR leverages similarity learning techniques and integrates seamlessly with the open-source SOAR platform Shuffle. We conduct a comprehensive survey of existing open-source SOAR platforms, highlighting their strengths and weaknesses. Additionally, we present a similarity-based learning approach to quickly identify suitable playbooks for incoming alerts. We implement AI4SOAR and demonstrate its application through a use case for automated incident response against SSH brute-force attacks.
    Workshop STAM
    Transfer Adversarial Attacks through Approximate Computing
    Valentina Casola (University of Naples Federico II, Italy), Salvatore Della Torca (Università degli Studi di Napoli Federico II, Italy)
    Full Paper
    Convolutional Neural Networks (CNNs), have demonstrated remarkable performance across a range of domains, including computer vision and healthcare. However, they encounter challenges related to the increasing demands for resources and their susceptibility to adversarial attacks. Despite the significance of these challenges, they are often addressed independently in the scientific literature, which has led to conflicting findings.

    In addressing the issue of resource demands, approaches have been developed which leverage the inherent error resilience of DNNs. The Approximate Computing (AxC) design paradigm reduces the resource requirements of DNNs by introducing controlled errors. With regard to the security domain, the objective is to develop precise adversarial attacks.

    This paper introduces a novel technique for transferring adversarial attacks from CNN approximated through the AxC design paradigm (AxNNs), and other CNNs, regardless of their architecture and implementations. AxNNs are created by replacing components that require significant resources with approximate ones. Subsequently, adversarial attacks are generated targeting AxNNs and transferred to new CNNs.

    The experimental results indicate that it is possible to transfer adversarial samples from an AxNN to target CNNs, especially whne the source AxNN has either a high accuracy, or an architecture that is deeper than the ones of the target CNNs.
    Workshop STAM
    NERO: Advanced Cybersecurity Awareness Ecosystem for SMEs
    Charalambos Klitis (eBOS Technologies Ltd, Cyprus), Ioannis Makris (METAMIND INNOVATIONS IKE, Greece), Pavlos Bouzinis (METAMIND INNOVATIONS IKE, Greece), Dimitrios Christos Asimopoulos (METAMIND INNOVATIONS IKE, Greece), Wissam Mallouli (MONTIMAGE EURL, France), Kitty Kioskli (TRUSTILIO BV, Netherlands), Eleni Seralidou (TRUSTILIO BV, Netherlands), Christos Douligeris (UNIVERSITY OF PIRAEUS RESEARCH CENTER, Greece), Loizos Christofi (eBOS Technologies Ltd, Cyprus)
    Full Paper
    NERO represents a sophisticated Cybersecurity Ecosystem comprising five interconnected frameworks designed to deliver a Cybersecurity Awareness initiative, as advocated by ENISA as the optima
    method for cultivating a security-centric mindset among employees to mitigate the impact of cyber threats. It integrates activities, resources, and training to nurture a culture of cybersecurity. NERO primarily equips SMEs with a repository of Cyber Immunity Toolkits, a Cyber Resilience Program, and Gamified Cyber Awareness Training, all accessible through a user-friendly Marketplace. The efficacy and performance of this concept will be affirmed through three distinct use case demonstrations across various sectors: Improving Patient Data Security in Healthcare with Cybersecurity Tools, Enhancing Supply Chain Resilience in the Transportation and Logistics Industry through Cybersecurity Awareness, and Elevating Financial Security via Enhanced Cybersecurity Awareness and Tools.
    Workshop STAM
    Towards the adoption of automated cyber threat intelligence information sharing with integrated risk assessment
    Valeria Valdés Ríos (Université Paris-Saclay - Montimage, France), Fatiha Zaidi (Université Paris-Saclay, CNRS, ENS Paris-Saclay, Laboratoire Méthodes Formelles, France), Ana Rosa Cavalli (Institut Polytechnique, Telecom SudParis - Montimage, France), Angel Rego (Tecnalia, Basque Research and Technology Alliance (BRTA), Spain)
    Full Paper
    In the domain of cybersecurity, effective threat intelligence and information sharing are critical operations for ensuring appropriate and timely response against threats, but limited in automation, standardization, and user-friendliness in current platforms. This paper introduces a Cyber Threat Intelligence (CTI) Information Sharing platform, designed for critical infrastructures and cyber-physical systems. Our platform integrates existing cybersecurity tools and leverages digital twin technology, enhancing threat analysis and mitigation capabilities. It features an automated process for disseminating standardized and structured intelligence, utilizing the Malware Information Sharing Platform (MISP) for effective dissemination. A significant enhancement is the integration of risk assessment tools, which enriches the shared intelligence with detailed risk information, supporting an informed decision-making. The platform encompasses an user-friendly dashboard and a robust backend, streamlining the threat intelligence cycle and transforming raw data coming from diverse sources into actionable insights. Overall the CTI4BC platform presents a solution to overcome challenges in the CTI sharing, contributing to a more resilient cybersecurity domain.
    Workshop STAM
    The PRECINCT Ecosystem Platform for Critical Infrastructure Protection: Architecture, Deployment and Transferability
    Djibrilla Amadou Kountche (AKKODIS Reaserach, France), Jocelyn Aubert (Luxembourg Institute of Science and Technology, Luxembourg), Manh Dung Nguyen (Montimage, France), Natalia Kalfa (ATTD, Greece), Nicola Durante (ENGINEERING, Italy), Cristiano Passerini (LEPIDA, Italy), Stephane Kuding (KONNECTA, Greece)
    Full Paper
    Critical infrastructures (CIs) are equipped with sensors and actuators which communicate using open (for e.g., MQTT, AMQP, CoAP, Modbus, DNP3) or commercially licensed protocols (LoRA, IEC 6870-5-101, Profibus) to share data and commands. The management of these systems are also built on Information Communication Technologies (ICT) which are considered as Critical Information Infrastructure (CII). As identified by a recent European Union Agency for Cybersecurity (ENISA) study, the software used in CIs are subjected to supply chain compromise of software dependencies, human error (misconfigurations), ransomware attack, Artificial Intelligence abuse, the usage of legacy systems inside cyber-physical systems within CIs. This paper presents an approach to re-use ICT tools for Critical Infrastructures Protection (CIP) exploiting Topology and Orchestration Specification for Cloud Applications (TOSCA), reference architectures and ICT automation tools as well as to describe, deploy and orchestrate them. Therefore, our proposed approach will help in the re-usability of the outcomes of CIP research projects and the transferability of knowledge gained during these projects and help researchers to identify human errors, ease system updates, recovery and identify conceptual errors in the CI software architectures
    Workshop STAM
    Automating Side-Channel Testing for Embedded Systems: A Continuous Integration Approach
    Philipp Schloyer (Technical University of Applied Sciences Augsburg, Germany), Peter Knauer (Technical University of Applied Sciences Augsburg, Germany), Bernhard Bauer (Uni Augsburg, Germany), Dominik Merli (Technical University of Applied Sciences Augsburg, Germany)
    Full Paper
    Software testing is vital for strengthening the security of embedded systems by identifying and rectifying code errors, flaws and vulnerabilities. This is particularly significant when addressing vulnerabilities associated with side-channel attacks, given that they introduce a distinctive class of vulnerabilities, primarily subject to manual testing procedures. Manual testing remains prevalent despite advances in automation, posing challenges, particularly for complex environments. This research aims to automate embedded software testing on hardware in a modular and scalable manner, addressing the limitations of manual testing. We present a system designed to automate testing, including Side-Channel Analysis (SCA), in Continuous Integration (CI) environments, emphasizing accessibility and collaboration through open-source tools. Our evaluation setup based on GitLab, Jenkins and the ChipWhisperer framework shows that automating and integrating SCA in CI environments is possible in an efficient way.
    Workshop STAM
    A Framework Towards Assessing the Resilience of Urban Transport Systems
    Gérald Rocher (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Jean-Yves Tigli (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Stéphane Lavirotte (Université Côte d'Azur (UniCA), Centre National de la Recherche Scientifique (CNRS, I3S), France), Nicolas Ferry (Université Côte d'Azur (UCA), Institut national de recherche en sciences et technologies du numérique (INRIA, Kairos), France)
    Full Paper
    As critical cyber-physical systems, urban transport systems are vul- nerable to natural disasters and deliberate attacks. Ensuring their resilience is crucial for sustainable operations and includes the abil- ity to withstand, absorb and recover efficiently from disruptions. Assessing the resilience of such systems requires a comprehensive set of performance indicators covering social, economic, organi- sational, environmental and technical concerns. In addition, the interdependence of the different modes of transport and the result- ing human activities requires the inclusion of the spatial dimension to capture potential cascading failures. Furthermore, the integration of both aleatory (data) and epistemic (modelling) uncertainties is essential for robust performance indicators.

    Current methods for assessing the resilience of transport systems lack standardised performance indicator systems and assessment methods, making comparative analysis and benchmarking of dis- ruption management strategies difficult. This paper proposes a unified framework for modelling and assessing performance indica- tors for urban transport systems. The framework is demonstrated using a simulated scenario in Eclipse SUMO and paves the way for future research in this area.
    Workshop STAM

    Detail STAM 02/05

    Topics of interest include, but are not limited to 03/05

    • Security requirements definition, modeling and analysis automation
    • CI/CD practices for requirements analysis, testing and monitoring
    • Vulnerability, threats and attacks modelling techniques
    • Risk assessment frameworks for complex systems
    • Security testing techniques and tools
    • Security monitoring techniques and tools
    • Testing and monitoring automation
    • Attacks tolerance in distributed environments
    • Resilience techniques evaluation for critical systems
    • ML/AI and Cybersecurity solutions
    • Trust and privacy assessment in complex environments
    • Cybersecurity for small businesses (MSEs and SMEs)
    • Security testing and monitoring for 5G/6G networks, cloud/Edge, CPS/IoT,
    • Critical Industrial systems, e-health etc.
    • Industrial experience reports

    Workshop Chairs 04/05

    Workshop Chairs

    Workshop Chairs Logo
    Ana Rosa Cavalli
    (HE ResilMesh) Institut Mines Telecom, France
    Workshop Chairs Logo
    Valentina Casola
    University of Naples Federico II, Italy
    Workshop Chairs Logo
    Erkuden Rios
    (HE DYNABIC, HE AI4CYBER) Tecnalia, Spain
    Workshop Chairs Logo
    Wissam Mallouli
    (HE NERO, HE AI4CYBER) Montimage, France
    Workshop Chairs Logo
    Edgardo Montes de Oca
    (HE DETERMINISTIC-6G, NATWORK) Montimage, France

    Program Committee

    Stefan Marksteiner | AVL, Austria
    Andrea Pferscher | University of Oslo, Norway
    Eider Iturbe | Tecnalia, Spain
    Dragos Truscan | abo, Finland
    Cristina Seceleanu | MDU, Sweden
    Phu H. Nguyen | SINTEF, Norway
    Panagiotis Radoglou-Grammatikis | University of Western Macedonia, Greece
    Nicolas Ferry | University Cote d’Azur, France
    Gürkan Gür | Zurich University of Applied Sciences (ZHAW), Switzerland
    Charalambos Klitis | EBOS Technologies Limited, Cyprus
    Martin Schneider | Fraunhofer FOKUS, Germany
    Hui Song | SINTEF ICT, Norway
    Menno Visscher | Massive Dynamic Sweden, Sweden
    Alessandra De Benedictis | University of Naples Federico II, Italy
    Fatiha Zaidi | University of Paris-Sud, France

    Submission 05/05

    Important Dates

    Submission Deadline Apr 30, 2024
    Author Notification May 29, 2024
    Proceedings Version Jun 18, 2024
    ARES EU Projects Symposium Jul 30, 2024
    Conference Jul 30 — Aug 02, 2024
    Register here!
    Join us at ARES 2024 in Vienna, Austria