Πλοήγηση ανά Επιβλέπων "Gritzalis, Dimitrios"

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Α Β Γ Δ Ε Ζ Η Θ Ι Κ Λ Μ Ν Ξ Ο Π Ρ Σ Τ Υ Φ Χ Ψ Ω

Τώρα δείχνει 1 - 9 από 9

Cyber - attack threats and cyber resilience in civil aviation
(10/24/2018) Evangeliou, Nikolaos; Athens University of Economics and Business, Department of Informatics; Stergiopoulos, George; Douskas, Theodoros; Gritzalis, Dimitrios
The use of ICT in civil aviation has increased exponentially over the last years. Today, the global civil aviation community is relying on information technology (IT) systems. This reliance will continue to grow as new and modern aviation systems are developed, new aircrafts are introduced into service and new passengers’ facilitation processes are created. As a result, aviation industry is a critical infrastructure which is not only vulnerable to physical threats, but also to cyber threats. Cyber security incidents are increasing in frequency, magnitude and complexity, and have no border. New technologies related to e-enabled aircraft and air traffic management systems are changing the risk landscape of the aviation systems and the adoption of such technology must be handled carefully. With the trend going towards systems automation, new solutions and strategies are required for all stakeholders as well as standardization of technical cyber security and organizational practices should be implemented. Aiming at protecting aircrafts and systems from getting hacked, the whole aviation chain should be involved by implementing cyber-risk assessment methods as part of their safety and security management system. The purpose of this Thesis is to examine all these communication technologies which are used in Airspace in order to raise awareness of airspace system vulnerabilities and provoke change among cyber security policies, procedures and standards. Existed cyber threats and vulnerabilities in aviation systems as well as the assets which need to be protected are analyzed. Furthermore, effective actions and recommendations to increase aviation cyber resilience are provided. The results of this Thesis have showed that the security awareness of aviation members, their familiarity with cyber security governance and relative cyber-security measures are not totally effective. The recurring cyber-security events which range from data leakage to loss of human life and even to revenue losses illustrate that a series of audits and penetration tests should be conducted in the future, and ensure that staff will be properly trained. Although many attempts have been done from various international organizations, an enormous gap still remains. It is worth to mention that the successful treatment of the risks and cyber security awareness is a common shared responsibility for all aviation stakeholders, such as airlines, ground handlers and third party operators, employees, civil aviation authorities, vendors, passengers, citizens etc.
Developing resilience and cyber-physical protection capabilities for critical aviation infrastructures
(06/14/2021) Lykou, Georgia; Λύκου, Γεωργία; Athens University of Economics and Business, Department of Informatics; Apostolopoulos, Theodoros; Stamatiou, Υannis; Μαυρίδης, Ιωάννης; Μάγκος, Εμμανουήλ; Κοτζανικολάου, Παναγιώτης; Στεργιόπουλος, Γεώργιος; Gritzalis, Dimitrios
Transport sector is a critical infrastructure that greatly supports the smooth functioning of society's welfare and viability of economies worldwide. Disruptions to transportation systems can cause large economic impacts or even human losses, so they should be adequately protected from physical and cyber-physical threats.We focused our research on aviation sector, which is the safest transport mode, however the most interdepended one in terms of information and communication technologies applied. Cyber-attacks are increasing in quantity and persistence, so the consequences of a successful malicious cyber-attack to civil aviation operations could be severe nowadays. Aiming to enhance operational practices and develop robust cybersecurity governance in smart airports, we have presented a systematic and comprehensive analysis of unlawful attacks towards smart airports, by implementing cybersecurity best practices and resilience measures.Our research examined cyber security challenges and interoperability in Air Traffic Management systems and proposed an extended threat model for analysing possible targets and risks involved. We analysed cyber resilience aspects in the aviation context and the need for holistic strategy of defence, prevention, and response. Furthermore, as the fastest growing segment of aviation, Unmanned Aerial Systems(UAS) continue to increase in technical complexity, and capabilities. However, UAS pose significant challenges in terms of safety, security, and privacy. An increasing phenomenon, nowadays, is drone-related incidents near airport facilities, which are expected to proliferate in frequency and severity, as drones become larger and more powerful. Critical infrastructures need to be protected from such aerial attacks, through effective counteracting technologies, risk management, and resilience plans. In this dissertation, we have explored how counter drone technologies can prevent, detect, identify, and mitigate rogue drones. We have analysed realistic attack scenarios of malicious drones’ attacks and proposed an effective C-UAS protection plan for each case. We have also discussed the applicability limitations of C-UAS in the aviation context and proposed a resilience action plan for airports stakeholders for defending airborne threats from misused drones.The integration of our research in the aviation sector, focused on air transport networks and introduced a risk-based method to analyse interdependencies and congestions in the aviation network. The proposed methodology and software tool can assess delay incidents in airports, produce weighted risk dependency graphs, presenting how a delay that occurred in one airport may affect the operational efficiency of other interconnected airports. The tool can also detect the most critical airports and congested connections, while it can indicate the n-order dependency chains, which should be avoided by airline flight planners, to reduce delay impacts in the aviation network.
Improving security and cyber resilience in smart airports
(2018) Anagnostopoulou, Argiro-Aggeliki; Athens University of Economics and Business, Department of Informatics; Stergiopoulos, George; Ntouskas, Theodoros; Gritzalis, Dimitrios
Airports are places where the majority of people spend their time while traveling, being in transit, waiting friends or just their luggage. They are at the forefront of technological innovation, evolving infrastructure’s intelligence and they unfold as smart facilities with the integration of Internet of Things (IoT). Under both American and European legislation, Aviation is a critical subsector of transportation, and thus airports constitute critical infrastructures that must be sufficiently protected. According to ENISA, smart airports use networked, data driven response capabilities that provide travelers with a better and seamless travel experience. However, since smart airports adopt the IoT technology, they also inherit its security risks. Consequently, their cybersecurity protection is a crucial yet difficult to achieve. The motivation of our work lies in understanding the security awareness of airport personnel about the introduction of the IoT to airports, their familiarity with cybersecurity governance and relative cyber-security measures implemented. For the sake of this study, the busiest airports in Europe and USA were approached through an online questionnaire. Findings of our survey show that many of the airports do not exactly know what IoT actually means and how it can be incorporated to their airports. These infelicities in determining IoT technology may drive to events ranging from a security incident, such as data leakage and information integrity, to revenue losses or even human casualties. All things considered, securing smart airports and staying ahead of evolving cyber threats is a shared responsibility, which involves airlines, airports, vendors as well as regulators. In order to be properly prepared, all airports should adopt a holistic cybersecurity approach, not only by conducting risk management, security audits and penetration tests, but also by ensuring that their staff is properly trained to react in security incidents and enhance airport’s cyber resilience.
Increasing security and resilience in cyber-physical processes of critical infrastructures
(26-09-2023) Δεδούσης, Παναγιώτης; Dedousis, Panagiotis; Athens University of Economics and Business, Department of Informatics; Apostolopoulos, Theodoros; Stamatiou, Υannis; Mavridis, Ioannis; Katos, Vasilios; Kotzanikolaou, Panagiotis; Stergiopoulos, George; Gritzalis, Dimitrios
Η σύγχρονη κοινωνία και η εθνική ευημερία εξαρτώνται σε μεγάλο βαθμό από τις Κρίσιμες Υποδομές (ΚΥ). Ωστόσο, σημαντικά ζητήματα ασφάλειας και αξιοπιστίας αποτελούν τροχοπέδη στη λειτουργία τους. Αυτή η διατριβή επικεντρώνεται στη δημιουργία νέων και καινοτόμων εργαλείων και μεθοδολογιών για την ανάλυση της επικινδυνότητας σε δίκτυα γράφων με σκοπό τη βελτίωση της Ασφάλειας και της Ανθεκτικότητας των ΚΥ.Αρχικά, προτείναμε μια μέθοδο που αυτοματοποιεί την ανάλυση των αλληλεξαρτήσεων αγαθών που υποστηρίζουν επιχειρηματικές διαδικασίες σε δίκτυα ΚΥ με σκοπό τη μείωση της επικινδυνότητας απέναντι σε κυβερνοαπειλές. Επιπλέον, προτείναμε μια μέθοδο για την αυτόματη ανάλυση σύνθετων γράφων επιθέσεων σε υποδομές νέφους, που μπορεί να εντοπίζει κρίσιμες ευπάθειες για το υπό μελέτη σύστημα.Αναπτύξαμε μια αυτοματοποιημένη μέθοδο που αξιοποιεί την εξόρυξη δεδομένων από αρχεία καταγραφής συμβάντων ενός πληροφοριακού συστήματος για τη διεξαγωγή ταχύτερων και πιο εμπεριστατωμένων Αποτιμήσεων Επικινδυνότητας. Η αποτελεσματική παρακολούθηση των επιφανειών επίθεσης των ΚΥ είναι ζωτικής σημασίας. Στο πλαίσιο αυτό, η προσέγγισή μας για τη διαδικασία εξόρυξης δεδομένων αναγνωρίζει απροσδόκητους διανυσματικούς επιθετικούς τομείς εντός των επιχειρηματικών διαδικασιών. Επιπλέον, αναπτύξαμε μια τεχνική δικτυακής επίθεσης (bit-masking) που επιτρέπει την κακόβουλη αμφίδρομη επικοινωνία, η οποία αποκαλύπτει ελαττώματα ασφαλείας στις λύσεις ασφαλείας και υπογραμμίζει την ανάγκη για προηγμένη πρόληψη των απειλών.Τα δίκτυα αεροπορικών μεταφορών παίζουν κρίσιμο ρόλο στις λειτουργίες των ΚΥ. Προς αυτήν την κατεύθυνση, παρουσιάσαμε μια μέθοδο βασισμένη στην επικινδυνότητα για την ανάλυση των αλληλεξαρτήσεων και των συμφορήσεων στο αεροπορικό δίκτυο, με σκοπό την διασφάλιση της ανθεκτικότητας των δικτύων αεροπορίας.Για να ενισχύσουμε την ανθεκτικότητα των Κυβερνο-Φυσικών Συστημάτων, προτείναμε ένα πλαίσιο που ενσωματώνει αρχές ασφάλειας και ανθεκτικότητας στον σχεδιασμό βιομηχανικών συστημάτων. Τέλος, παρουσιάσαμε μια μέθοδο που συνδυάζει και εφαρμόζει τις έννοιες των Digital twins και του Chaos Engineering σε βιομηχανικές εγκαταστάσεις και τις υποκείμενες διαδικασίες τους για τη δημιουργία μοντέλων με στόχο τη μελέτη και τη βελτίωση της ανθεκτικότητάς τους.
Interdependencies and congestion delays in the US aviation network and the COVID-19 era
(07/08/2022) Mitromaras, Ioannis-Rafail; Μητρομάρας, Ιωάννης-Ραφαήλ; Athens University of Economics and Business, Department of Informatics; Stergiopoulos, George; Ntouskas, Theodoros; Gritzalis, Dimitrios
In this paper we follow a risk dependency approach in order to assess the effects of propagated delays on the aviation network. Various similar approaches have been proposed in the past. Ours differs in the manner that we do not trace the root delays back to their source, rather we investigate the effects of delays from the immediate predecessor. As we strive to contribute to resilience to delays between interdependent airports, we study air flight congestion amid the COVID-19 pandemic and compare it to when the air network was operating under normal conditions. In particular, we analyze a wealth of data, which we have drawn from the U.S. Bureau of Transportation Statistics, in order to model a dependency graph of the aviation network. Extending previous research that developed a risk-based methodology and software tool to analyze interdependencies and congestions in the aviation network, we identify and compare the most critical airports in the US air transportation network. We also distinguish the worst-case dependency chains of interdependent routes that cause delays in the network and correlate the order flight sequence with the occurrence of delays. Our findings identified a positive aspect; although the COVID-19 pandemic has had a significant economic impact, flights are departing and arriving with less delay.
Retaliation within the scope of cybersecurity
(06/28/2022) Leventopoulos, Sozon A.; Λεβεντόπουλος, Σώζων; Athnes University of Economics and Business, Department of Informatics; Stergiopoulos, George; Ntouskas, Theodoros; Gritzalis, Dimitrios
During the past years a series of cyber-related incidents proved that it is possible to use cyber-attacks as an alternate form of warfare. These incidents were either preemptive or retaliate in nature. In one instance cyber-attacks were used instead of a kinetic strike or a relevant electronic warfare attack in order to diminish or remove the capability of the targeted entity to gather intelligence, or to disable critical production devices in large factories. Today it is clear that cyber-attacks can be viewed as the “weapon of choice” in order to prevent or retaliate kinetic or cyber-attacks. In the view of the above events, an examination of whether retaliations and reprisals, could formally be used as means for both military agencies and corporations/enterprises to prevent or actively respond to cyber-attacks. The words retaliation and reprisal are not easily accepted within the framework of International Law or the “Law of War”, since they describe some short of revenge. On the other hand, cyberspace and cyber operations are novelty terms within the scope of above-mentioned law frameworks. Still, today there is no globally accepted law framework tailored specifically in order to address cyber-related issues. The scope of this research is to examine whether retaliation (and reprisal) cyber operations can ultimately promote world peace and cybersecurity, from both the military and corporate aspect. Current law frameworks and how these are addressing various cybersecurity related issues will also be examined. The main purpose of this research is to examine whether cyber-attacks can be used as retaliation and reprisal acts in both the military and the corporate frameworks, propose a certain decision process, an approach to evaluate the relevant results, and what the “exit strategy” could look like. The legal and technical challenges will also be examined for both frameworks.
State of the art review of Risk Assessment Methodologies concerning Climate Change and Environmental Threats
(30-06-2017) Papachrysanthou, Antonios; Athens University of Economics and Business, Department of Informatics; Gritzalis, Dimitrios
This diploma thesis deals with the assessment of risks related to Climate Change and Environmental Threats and affects various sectors in Critical Infrastructures.More specifically, we present the Risk Assessment process as well as general methodologies used globally as best practices to fully understand the importance of properly recording threats in Critical Infrastructures and their outcomes.It then follows an extensive report on Climate Change and Environmental Threats. Finally, a study (detection / collection / creation) of Threat Analysis Scenarios for each sector / area of Critical Infrastructure is carried out.We highlight the overlapping impacts on interconnected assets, systems and more generally on operations in all critical infrastructure sectors, and we also propose preventive measures to adapt to climate change. Lastly, we emphasize the interdependencies between the sectors / areas in order to highlight the Critical Infrastructure sectors that play a leading role in their significance.
A time-based risk analysis of cascading failures
(31-12-2014) Λύκου, Γεωργία; Lykou, Georgia; Athens School of Economics and Business, Department of Informatics; Gritzalis, Dimitrios
One of the most challenging problems in Critical Infrastructure (CI) protection is the assessment and mitigation of cascading failures across infrastructures. Dependency analysis is a computationally intensive problem and various models worldwide have been examined in this work, which have been proposed for evaluating potential cascading effects and cumulative security risk due to high-order dependencies between CIs. The problem intensifies when attempting a dynamic time-based dependency analysis. Further research is needed to examine how failure duration and contingency plans restoration time, can affect CIs protection and resilience. This thesis presents a time based extension of previous C.I. cascading effects and common-cause failure Risk Analysis models. The method assesses the risk arising from cascading failures, triggered by major or concurrent common-cause events, when Impact is evaluated by using a time-related, functional analysis, which takes into account the type of vulnerability and time performance of contingency plans. We employ different growth models, to capture slow, linear and fast evolving effects, but instead of using static projections, the evolution of each dependency is “objectified” by a fuzzy control system, which also considers the effect of near dependencies. To achieve this, the impact (and eventually, risk) of dependency is quantified on a time axis, into a form of many-valued logic. Furthermore, the methodology is extended by analyzing major failures triggered by common-cause cascading events, with the use of CIDA (Critical Infrastructure Dependency Analysis tool), which implements this extended risk-based methodology. CIDA aims to support decision makers to proactively analyze dynamic and complex dependency risk paths in two ways: (a) to identify potentially hidden dependencies of high impact and risk, before they are actually realized and (b) to simulate the effectiveness of alternative mitigation controls with different reaction time. New methodology results provided a sound and more accurate dynamic cascading risk analysis of interdependent CIs, showing that the use of time –based impact ranks is congruent with what is happening in real world outages or failures in CI operation.
Web applications vulnerabilities analysis
(31-01-2016) Ιακωβάκης, Γεώργιος; Iakovakis, George; Athens University of Economics and Business, Department of Informatics; Gritzalis, Dimitrios
From the last twenty five years, the web has evolved into an important part of our lives. There are web applications for every kind of job and activity. In parallel, all this situation is very attractive for attackers who want to manipulate users’ data and other sensitive information. For this reason web applications are needed to be secure for every user. In this thesis we discuss many types of web attacks and vulnerabilities, giving examples of the way the attackers exploit these assailable parts. We also discuss about the defense ways and the use of detection and prevention tools. Finally we have to be referred that this analysis is guided by the OWASP Top Ten 2013.