Spelling suggestions: "subject:"2security assessment"" "subject:"bsecurity assessment""
1 |
Design and Implementation of an Environment to Support Development of Methods for Security AssessmentBengtsson, Johan, Brinck, Peter January 2008 (has links)
<p>There is no debate over the importance of IT security. Equally important is the research on security assessment; methods for evaluating the security of IT systems. The Swedish Defense Research Agency has for the last couple of years been conducting research on the area of security assessment. To verify the correctness of these methods, tools are implemented.</p><p>This thesis presents the design and implementation of an environment to support and aid future implementations and evaluations of security assessment methods. The aim of this environment, known as the New Tool Environment, NTE, is to assist the developer by facilitating the more time consuming parts of the implementation. A large part of this thesis is devoted to the development of a database solution, which results in an object/relational data access layer.</p>
|
2 |
Design and Implementation of an Environment to Support Development of Methods for Security AssessmentBengtsson, Johan, Brinck, Peter January 2008 (has links)
There is no debate over the importance of IT security. Equally important is the research on security assessment; methods for evaluating the security of IT systems. The Swedish Defense Research Agency has for the last couple of years been conducting research on the area of security assessment. To verify the correctness of these methods, tools are implemented. This thesis presents the design and implementation of an environment to support and aid future implementations and evaluations of security assessment methods. The aim of this environment, known as the New Tool Environment, NTE, is to assist the developer by facilitating the more time consuming parts of the implementation. A large part of this thesis is devoted to the development of a database solution, which results in an object/relational data access layer.
|
3 |
Application of energy-based power system features for dynamic security assessmentGeeganage, Janath Chaminda 10 November 2016 (has links)
To date, the potential of on-line Dynamic Security Assessment (DSA) to monitor, alert, and enhance system security is constrained by the longer computational cycle time. Traditional techniques requiring extensive numerical computations make it challenging to complete the assessment within an acceptable time. Longer computational cycles produce obsolete security assessment results as the system operating point evolves continuously. This thesis presents a DSA algorithm, based on Transient Energy Function (TEF) method and machine learning, to enable frequent computational cycles in on-line DSA of power systems.
The use of selected terms of the TEF as pre-processed input features for machine learning demonstrated the ability to successfully train a contingency-independent classifier that is capable of classifying stable and unstable operating points. The network is trained for current system topology and loading conditions. The classifier can be trained using a small dataset when the TEF terms are used as input features. The prediction accuracy of the proposed scheme was tested under the balanced and unbalanced faults with the presence of voltage sensitive and dynamic loads for different operating points. The test results demonstrate the potential of using the proposed technique for power system on-line DSA. Power system devices such as HVDC and
FACTS can be included in the algorithm by incorporating the effective terms of a corresponding TEF.
An on-line DSA system requires the integration of several functional components. The practicality of the proposed technique in terms of a) critical data communications aspects b) computational hardware requirements; and c) capabilities and limitations of the tools in use was tested using an implementation of an on-line DSA system. The test power system model was simulated using a real-time digital simulator. The other functional units were distributed over the Local Area Network (LAN). The implementation indicated that an acceptable computational cycle time can be achieved using the proposed method.
In addition, the work carried out during this thesis has produced two tools that can be used for a) web-based automated data generation for power system studies; and b) testing of on-line DSA algorithms. / February 2017
|
4 |
Metodologia de avaliação de margem de estabilidade devido a bifurcações em sistemas elétricos de potência / Assessment methodology due to margin stability bifurcations in electric power systemsKaren Caino de Oliveira Salim 19 March 2012 (has links)
A complexidade da avaliação de segurança em sistemas de potência vem se tornando elevada, principalmente devido ao aumento por demanda de energia elétrica. Diariamente são inseridas cargas de forma sucessiva nos sistemas elétricos, podendo este fato conduzir o sistema ao colapso, caso não haja um planejamento adequado que evite tal ocorrência. Visando evitar um cenário de instabilidade, metodologias de estudo relativas à determinação de máximo carregamento para sistemas elétricos de potência vem sendo estudadas e desenvolvidas. Apesar de apresentarem avanços, este trabalhos possuem limitações que os impedem de serem utilizados em estudos de pré-operação e até em tempo real nos centros de operação. Considerando estas limitações, este trabalho apresenta o desenvolvimento de uma metodologia direta e combinada para determinar o ponto de perda de estabilidade do sistema (a máxima transferência de potência, ou o aparecimento de bifurcações de Hopf), a partir de um sistema de equações diferenciais-algébricas. Esta metodologia engloba características fundamentais para os estudos supracitados como velocidade e robustez. Desta forma, um aplicativo computacional para a avaliação de segurança de um sistema de potência baseado na metodologia proposta foi desenvolvido contemplando a determinação da margem de estabilidade devido a bifurcações no sistema de forma eficiente e robusta. Para tanto, esta tese apresenta uma contextualização da necessidade desta ferramenta, realiza modificações na metodologia direta de determinação da margem de estabilidade devido a oscilações no sistema coma finalidade de elevar sua faixa de convergência e desenvolve uma metodologia direta para determinação de bifurcações Sela-Nó. Por fim, o aplicativo final foi validado, utilizando a ferramenta Organon, em diversos sistemas incluindo o sistema interligado nacional modificado, juntamente com a avaliação de uma lista de contingências para o mesmo. / Security assessment complexity in power systems is becoming higher primarily due to increased demand for electricity. Daily, loads are successively connected to the power grids, which can actually lead the system to the collapse, if there is no adequate planning to avoid it. To avoid an instability scenario, methodologies for the determination of maximum loading for a power system have been studied and developed. Inspite of their progress, these works have limitations that prevent them from being used in pre-operation studies and even in real time in operation centers. Considering these limitations, this work presents the development of a direct and combined methodology to determine the operating point where the system stability is lost (the maximum power transfer or the oscillations appearance due to Hopf bifurcation), through differential-algebric equations. This methodology includes fundamental characteristics for the aforementioned studies such as speed and robustness. Thus, a computer application for power system security assessment based on the proposed methodology was developed with the objective of determining efficiently the stability margin due to bifurcations in the system. Therefore, this thesis presents an overview of the need for this tool, as well as changes to the direct method of determining the systems stability margin due to oscilations, with the purpose of increasing its convergence range and develops a methodology for direct determination of saddle-node bifurcations points. Finally, the final developed application is validated, using the Organon tool, in several systems including the national interconnected system modified in which a list of contingencies are evaluated for this system.
|
5 |
Metodologia de avaliação de margem de estabilidade devido a bifurcações em sistemas elétricos de potência / Assessment methodology due to margin stability bifurcations in electric power systemsSalim, Karen Caino de Oliveira 19 March 2012 (has links)
A complexidade da avaliação de segurança em sistemas de potência vem se tornando elevada, principalmente devido ao aumento por demanda de energia elétrica. Diariamente são inseridas cargas de forma sucessiva nos sistemas elétricos, podendo este fato conduzir o sistema ao colapso, caso não haja um planejamento adequado que evite tal ocorrência. Visando evitar um cenário de instabilidade, metodologias de estudo relativas à determinação de máximo carregamento para sistemas elétricos de potência vem sendo estudadas e desenvolvidas. Apesar de apresentarem avanços, este trabalhos possuem limitações que os impedem de serem utilizados em estudos de pré-operação e até em tempo real nos centros de operação. Considerando estas limitações, este trabalho apresenta o desenvolvimento de uma metodologia direta e combinada para determinar o ponto de perda de estabilidade do sistema (a máxima transferência de potência, ou o aparecimento de bifurcações de Hopf), a partir de um sistema de equações diferenciais-algébricas. Esta metodologia engloba características fundamentais para os estudos supracitados como velocidade e robustez. Desta forma, um aplicativo computacional para a avaliação de segurança de um sistema de potência baseado na metodologia proposta foi desenvolvido contemplando a determinação da margem de estabilidade devido a bifurcações no sistema de forma eficiente e robusta. Para tanto, esta tese apresenta uma contextualização da necessidade desta ferramenta, realiza modificações na metodologia direta de determinação da margem de estabilidade devido a oscilações no sistema coma finalidade de elevar sua faixa de convergência e desenvolve uma metodologia direta para determinação de bifurcações Sela-Nó. Por fim, o aplicativo final foi validado, utilizando a ferramenta Organon, em diversos sistemas incluindo o sistema interligado nacional modificado, juntamente com a avaliação de uma lista de contingências para o mesmo. / Security assessment complexity in power systems is becoming higher primarily due to increased demand for electricity. Daily, loads are successively connected to the power grids, which can actually lead the system to the collapse, if there is no adequate planning to avoid it. To avoid an instability scenario, methodologies for the determination of maximum loading for a power system have been studied and developed. Inspite of their progress, these works have limitations that prevent them from being used in pre-operation studies and even in real time in operation centers. Considering these limitations, this work presents the development of a direct and combined methodology to determine the operating point where the system stability is lost (the maximum power transfer or the oscillations appearance due to Hopf bifurcation), through differential-algebric equations. This methodology includes fundamental characteristics for the aforementioned studies such as speed and robustness. Thus, a computer application for power system security assessment based on the proposed methodology was developed with the objective of determining efficiently the stability margin due to bifurcations in the system. Therefore, this thesis presents an overview of the need for this tool, as well as changes to the direct method of determining the systems stability margin due to oscilations, with the purpose of increasing its convergence range and develops a methodology for direct determination of saddle-node bifurcations points. Finally, the final developed application is validated, using the Organon tool, in several systems including the national interconnected system modified in which a list of contingencies are evaluated for this system.
|
6 |
Design and implementation of a framework for security metrics creation / Konstruktion och användning av ett ramverk för säkerhetsmetrikerLundholm, Kristoffer January 2009 (has links)
<p>Measuring information security is the key to unlocking the knowledge of how secure information systems really are. In order to perform these measurements, security metrics can be used. Since all systems and organizations are different, there is no single set of metrics that is generally applicable. In order to help organizations create metrics, this thesis will present a metrics creation framework providing a structured way of creating the necessary metrics for any information system. The framework takes a high level information security goal as input, and transforms it to metrics using decomposition of goals that are then inserted into a template. The thesis also presents a set of metrics based on a minimum level of information security produced by the Swedish emergency management agency. This set of metrics can be used to show compliance with the minimum level or as a base when a more extensive metrics program is created.</p>
|
7 |
Assessment of Enterprise Information Security : - How to make it Credible and EfficientJohansson, Erik January 2005 (has links)
<p>Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.</p><p>This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.</p><p>The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.</p><p>The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.</p><p>It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.</p><p>The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.</p><p>The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.</p><p>The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.</p>
|
8 |
A framework and theory for cyber security assessmentsSommestad, Teodor January 2012 (has links)
Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security. The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it. / Informationsteknik (IT) är kritiskt och värdefullt för vårt samhälle. En viktig typ av IT-system är de styrsystem som ofta kallas SCADA-system (från engelskans "Supervisor Control And Data Acquisition"). Dessa system styr och övervakar fysiska industriella processer så som kraftförsörjning, vattenförsörjning och järnvägstransport. Eftersom vårt samhälle är beroende av dessa industriella processer så är vi också beroende av våra SCADA-systems beteende. SCADA-system har blivit (och fortsätter bli) integrerade med andra IT system och blir därmed mer sårbara för cyberhot. Beslutsfattare behöver utvärdera säkerheten som en systemarkitektur erbjuder för att kunna fatta informerade beslut rörande dess lämplighet. Men datainsamlingskostnader begränsar ofta hur mycket information som kan samlas in om ett SCADA-systems arkitektur och det är svårt för en beslutsfattare att veta hur viktiga olika variabler är eller vad deras värden betyder för SCADA-systemets säkerhet. Bidraget i denna avhandling är ett modelleringsramverk och en teori för att stödja cybersäkerhetsutvärderingar. Det har ett särskilt focus på SCADA-system. Avhandlingen är av sammanläggningstyp och består av sex artiklar. Artikel A beskriver en mall för hur probabilistiska relationsmodeller kan användas för att koppla samman cybersäkerhetsteori med arkitekturmodeller. Artikel B till E bidrar med teori inom operationell säkerhet. Mer exakt, de bidrar med teori angående: upptäckt av mjukvarusårbarheter (artikel B), fjärrexekvering av godtycklig kod (artikel C), intrångsdetektering (artikel D) och attacker mot tillgänglighet (artikel E). Artikel F beskriver hur bidraget i artikel A kombineras med bidragen i artikel B till E och annan operationell cybersäkerhetsteori. Resultatet är ett beslutsstödsverktyg kallat Cyber Security Modeling Language (CySeMoL). Beslutsstödsverktyget producerar sårbarhetsutvärdering för ett system baserat på en arkitekturmodell av det. / <p>QC 20121018</p>
|
9 |
Risk based dynamic security assessmentDissanayaka, Anuradha 13 September 2010 (has links)
This thesis presents a linearized technique to determine a risk-based index for dynamic security. The method is an extension to an existing technique in which the risk of steady state security is calculated using the mean and variance of load uncertainty. The proposed method is applied to calculate the risk indices for the New England 39 bus test system. The results obtained from the proposed method are validated against those estimated by Monte Carlo simulation. Both approaches produce virtually the same results for small load deviations.
|
10 |
Risk based dynamic security assessmentDissanayaka, Anuradha 13 September 2010 (has links)
This thesis presents a linearized technique to determine a risk-based index for dynamic security. The method is an extension to an existing technique in which the risk of steady state security is calculated using the mean and variance of load uncertainty. The proposed method is applied to calculate the risk indices for the New England 39 bus test system. The results obtained from the proposed method are validated against those estimated by Monte Carlo simulation. Both approaches produce virtually the same results for small load deviations.
|
Page generated in 0.0749 seconds