Radio links are used to provide backhaul connectivity for base stations of mobile networks, in cases in which cable-based alternatives are not available and cannot be deployed in an economic or timely manner. While such wireless backhauls have been predominantly used in redundant tree and ring topologies in the past, mobile network operators have become increasingly interested in meshed topolog...

The ubiquity of wireless communications, in the home and office environment, introduces information security risks specific to WLANs and handheld devices. It is crucial to continuously monitor their evolution but every threat must be examined in terms of potential impact and likelihood. Only when both conditions are present, it does need to be mitigated. This paper shows how the problem can be ...

The nation's critical infrastructures, such as those found in Supervisory Control and Data Acquisition (SCADA) and industrial control systems (ICS), are increasingly at risk and vulnerable to internal and external threats. Security best practices on these systems come at a very opportune time. Further, the value of risk assessment of these systems is something that cannot just be relegated as i...

Cyber-Physical System (CPS) is a system of system which integrates physical system with cyber capability in order to improve the physical performance. It is being widely used in areas closely related to national economy and people's livelihood, therefore CPS security problems have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. In this paper, a security fr...

Existing security risk assessment methodologies have three major flaws: they rely on the assessor to formulate the chain of events that describe each of its threat scenarios, their models cause a combinatorial explosion of calculations due to analysis of the effectiveness of each countermeasure against each threat/vulnerability pair, and they do not spotlight the specific area of improvement ne...

Computer networks are present throughout all sectors of our critical infrastructure and these networks are under a constant threat of cyber attack. One prevalent computer network threat takes advantage of unauthorized, and thus insecure, hardware on a network. This paper presents a prototype simulation system for network risk assessment that is intended for use by administrators to simulate and...

The criticality of cyber infrastructure makes it a very attractive target, which we try to protect by building perimeter defences. This paper argues that a reactive-oriented network defence policy based solely on perimeter defences is not sufficient to properly safeguard IT infrastructure. An argument is made for an approach based on the idea that defence begins with an understanding of those a...

Risk assessment has been advocated as a principle means of improving military safety. For instance, the US Army’s Composite Risk Management urges personnel to assess the likelihood and consequences of potential hazards before making strategic, tactical and operational decisions. The British army advocates risk assessment to guide both tactical planning and force protection. However, it can be d...

Mobile computing devices and the services offered by them are utilized by millions of users on a daily basis. However, they operate in hostile environments getting exposed to a wide variety of threats. Accordingly, vulnerability management mechanisms are highly required. We present in this paper a novel approach for increasing the security of mobile devices by efficiently detecting vulnerable c...

Migrating data, applications or services to the cloud exposes a business to a number of new threats and vulnerabilities, which need to be properly assessed. Assessing privacy risk in cloud environments remains a complex challenge; mitigation of this risk requires trusting a cloud service provider to implement suitable privacy controls. Furthermore, auditors and authorities need to be able to ho...