| 1. |
- Deng, Ruilong, et al.
(author)
-
False Data Injection on State Estimation in Power Systems—Attacks, Impacts, and Defense: A Survey
- 2017
-
In: IEEE Transactions on Industrial Informatics. - : IEEE. - 1551-3203 .- 1941-0050. ; 13:2, s. 411-423
-
Journal article (peer-reviewed)abstract
- The accurately estimated state is of great importance for maintaining a stable running condition of power systems. To maintain the accuracy of the estimated state, bad data detection (BDD) is utilized by power systems to get rid of erroneous measurements due to meter failures or outside attacks. However, false data injection (FDI) attacks, as recently revealed, can circumvent BDD and insert any bias into the value of the estimated state. Continuous works on constructing and/or protecting power systems from such attacks have been done in recent years. This survey comprehensively overviews three major aspects: constructing FDI attacks; impacts of FDI attacks on electricity market; and defending against FDI attacks. Specifically, we first explore the problem of constructing FDI attacks, and further show their associated impacts on electricity market operations, from the adversary's point of view. Then, from the perspective of the system operator, we present countermeasures against FDI attacks. We also outline the future research directions and potential challenges based on the above overview, in the context of FDI attacks, impacts, and defense.
|
|
| 2. |
- D'Orazio, Christian Javier, et al.
(author)
-
A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps
- 2017
-
In: Applied Mathematics and Computation. - : Elsevier. - 0096-3003 .- 1873-5649. ; 293, s. 523-544
-
Journal article (peer-reviewed)abstract
- With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published adversary model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our adversary model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices.
|
|
