Low-earth orbit (LEO) satellite constellations require high levels of security and resilience to provide high quality, reliable and trustworthy global connectivity services to customers. For these systems to develop customer trust and find widespread use, developers must demonstrate compliance to a variety of security standards, policies, and regulations. However, because these systems are very large and complex, it is difficult to clearly and effectively show how the system satisfies all of its compliance requirements throughout its development lifetime. In this project, we aim to develop an architecture and design framework for the operations segment of the Telesat LEO satellite constellation. The operations segment is responsible for connecting the overall LEO system by directing the other system components cooperate to deliver the service. The framework seeks to support security compliance-by-design and help developers trace security compliance requirements to the design of the operations segment so that they can easily show where and how such requirements are satisfied. This support can provide a competitive advantage and help solidify Telesat’s position as a Canadian leader in LEO satellite communications.
The overall aim of this research program is to establish comprehensive security assurance solutions by enhancing security-by-design approaches for engineering secure software-dependent systems. More specifically, it aims to develop more incremental, modular, and compositional solutions for securing systems from the outset and for generating sufficient evidence of their built-in resilience to a range of cyber-attacks and failures. This requires the integration of formal (mathematically rigorous) methods and security-by-design approaches to provide verifiable evidence to support security assurance claims from early stages of system development. We will achieve this by: (1) Developing formal modeling and analysis frameworks with which we can provide mathematical proofs of assurance of security properties of software-dependent systems at early stages of development; (2) Establishing system-level security evaluation methods and techniques for understanding and mitigating the risks to system assets posed by identified security vulnerabilities; and (3) Advancing techniques to support the management, evaluation, and presentation of sufficient evidence for developing incremental security assurance cases.
Natural Sciences and Engineering Research Council of Canada (NSERC), Ottawa ON, Canada
Discovery Grants Program
April 2019 – March 2024
System-Level Security for IoT-enabled e-Health Systems
The evolution of e-health systems with increased connectivity through the advancement of the Internet of Things (IoT) has exposed them to a new frontier of cybersecurity vulnerabilities from which they were previously shielded. Healthcare providers today depend on nearly 100 million connected medical devices to deliver cost-effective and lifesaving treatment to patients, and the number of these connected devices is expected to double in the next 2-3 years. The primary goal of this work is to develop a comprehensive system-level security platform, capable of guaranteeing acceptable levels of security, privacy, and trust in a heterogeneous IoT-enabled e-health system. We aim to develop a system-level security management platform that can help to identify vulnerabilities in a heterogeneous e-health system and inform the development of suitable security mechanisms and protocols.
This project is funded through the Canadian Safety and Security Program (CSSP) led by Defence Research and Development Canada’s Centre for Security Science (DRDC CSS), in partnership with Public Safety Canada.
Defence Research and Development Canada, Centre for Security Science (DRDC CSS), Ottawa ON, Canada
Collaborators: Mohamed Ibnkahla (Carleton University), Ashraf Matrawy (Carleton University)
April 2019 – March 2022
Protection of critical infrastructure is rapidly growing as one of the most important areas of cybersecurity. The primary goal of this project is to design and develop critical infrastructure cybersecurity assessment methodologies and associated modelling and simulation environments. We are working on a rigorous, formal methods-based approach for identifying and analyzing the existence of implicit component interactions in critical infrastructure systems. Our goal is to provide a formal understanding of how and why implicit interactions can exist in distributed systems, such as those commonly found in critical infrastructures. Additionally, the methods we are developing can identify deficiencies in important existing system components, allowing for better assessment of the risks being taken by using such components in critical systems.
Critical Infrastructure Resilience Institute (CIRI), University of Illinois, Urbana IL, USA
U.S. Department of Homeland Security Science & Technology Directorate
January 2016 – June 2022
Validating the Effectiveness of Security Design Patterns
Security design patterns have been proposed for mitigating security threats at early stages of software design. However, approaches for verifying and validating that using a security design pattern mitigates a particular threat, or class of threats, and improves system security, do not currently exist. This research project aims to close this gap in the research by developing approaches for: (1) detecting security threats targeting communication channels in the architectural design of distributed software systems, and (2) analyzing, verifying, and validating the effectiveness of security design patterns for mitigating detected security threats and improving system security at design-time.
CU Development Grant, Carleton University, Ottawa ON, Canada
September 2018 – August 2019
Assurance Cases for Security and Resilience of Advanced Metering Infrastructure
Smart energy grids depend on advanced metering infrastructure (AMI) and enormous amounts of information collected and used to make important decisions related to energy services including billing, monitoring, distribution, load balancing, and more. Therefore, ensuring the confidentially, integrity, and availability of this information is paramount. However, proving that AMI is secure, and that it is acceptably resilient is a difficult task. In this project, we seek to establish the ground work required for the development of assurance case templates for security and resilience properties of AMI. We aim to form the foundation for ongoing research in the development of assurance cases for security and resilience of critical infrastructure. Our goal is to take the important first step towards developing a more holistic and comprehensive approach for ensuring the security and resilience of critical infrastructures. Having a systematic way in which we can assure that providers of AMI have done their due diligence in protecting against, and planning for, potential compromise or failure of their systems, and the components from which they are built, can advance and enhance cybersecurity assurance in the complex distributed systems that are now a part of so many critical infrastructures. This will ultimately provide valuable and insightful information regarding how to mitigate the security vulnerabilities and risks, and how to reduce the impact when a system experiences an attack or failure.
Natural Resources Canada, Ottawa ON, Canada
February 2018 – March 2018