Security Operations Center: A Framework for Automated Triage, Containment and Escalation

There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a framework to automate the SOC’s performance of triage, containment and escalation. The research leveraged on qualitative desk review to collect data for analysis, deduced strengths and weaknesses for the current SOC implementations and used that as a basis for proposing the framework. In view of the constant evolution of SOC operations and capabilities coupled with the huge volumes of data collected for analysis, an efficient framework for SOC operations is proposed. The qualitative analysis is used to deduce strengths and weaknesses for the current SOC implementations as a premise for proposing the framework. It consists of eight interactive stages that further leverage on a proposed algorithm for baselining, remediation and escalation. The result of this research is a proposed framework that serves as a unique contribution to enhancing the SOC’s ability to automatically perform triage, containment and escalation. Supplementary to similar and earlier work reviewed, the framework is proposed as the way forward to automatically enable SOC setups with the capacity to efficiently perform triage of security threats, vulnerabilities and incidents, effectively contain identified breaches and appropriately escalate for prompt and accurate solutions.

Hybrid Physics and Data-driven Contingency Filtering for Security Operation of Micro Energy-water Nexus

This paper investigates a novel engineering problem,i.e.,security-constrained multi-period operation of micro energywater nexuses.This problem is computationally challenging because of its high nonlinearity,nonconvexity,and large dimension.We propose a two-stage iterative algorithm employing a hybrid physics and data-driven contingency filtering(CF)method and convexification to solve it.The convexified master problem is solved in the first stage by considering the base case operation and binding contingencies set(BCS).The second stage updates BCS using physics-based data-driven methods,which include dynamic and filtered data sets.This method is faster than existing CF methods because it relies on offline optimization problems and contains a limited number of online optimization problems.We validate effectiveness of the proposed method using two different case studies:the IEEE 13-bus power system with the EPANET 8-node water system and the IEEE 33-bus power system with the Otsfeld 13-node water system.

Robustness Assessment of Wind Power Generation Considering Rigorous Security Constraints for Power System: A Hybrid RLO-IGDT Approach

Fossil fuel depletion and environmental pollution problems promote development of renewable energy(RE)glob-ally.With increasing penetration of RE,operation security and economy of power systems(PS)are greatly impacted by fluctuation and intermittence of renewable power.In this paper,information gap decision theory(IGDT)is adapted to handle uncertainty of wind power generation.Based on conventional IGDT method,linear regulation strategy(LRS)and robust linear optimization(RLO)method are integrated to reformulate the model for rigorously considering security constraints.Then a robustness assessment method based on hybrid RLO-IGDT approach is proposed for analyzing robustness and economic performance of PS.Moreover,a risk-averse linearization method is adapted to convert the proposed assessment model into a mixed integer linear programming(MILP)problem for convenient optimization without robustness loss.Finally,results of case studies validate superiority of proposed method in guaranteeing operation security rigorously and effectiveness in assessment of RSR for PS without overestimation.Index Terms-Hybrid RLO-IGDT approach,information gap decision theory(IGDT),operation security,robustness assessment,robustness security region(RSR).

A buffer overflow detection and defense method based on RiSC-V instruction set extension

Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.

Design of secure operating systems with high security levels

Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level （hereafter simply referred to as ANSHENG OS）, this paper addresses the following key issues in the design of secure operating systems with high security levels： security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models： confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis （CCA） is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

Voltage Security Operation Region Calculation Based on Improved Particle Swarm Optimization and Recursive Least Square Hybrid Algorithm

Large-scale voltage collapse incidences, which result in power outages over large regions and extensive economic losses, are presently common occurrences worldwide. To avoid voltage collapse and operate more safely and reliably, it is necessary to analyze the voltage security operation region(VSOR) of power systems, which has become a topic of increasing interest lately. In this paper, a novel improved particle swarm optimization and recursive least square(IPSO-RLS) hybrid algorithm is proposed to determine the VSOR of a power system. Also, stability analysis on the proposed algorithm is carried out by analyzing the errors and convergence accuracy of the obtained results. Firstly, the voltage stability and VSOR-surface of a power system are analyzed in this paper. Secondly, the two algorithms,namely IPSO and RLS algorithms, are studied individually.Based on this understanding, a novel IPSO-RLS hybrid algorithm is proposed to optimize the active and reactive power,and the voltage allowed to identify the VSOR-surface accurately. Finally, the proposed algorithm is validated by using a simulation case study on three wind farm regions of actual Hami Power Grid of China in DIg SILENT/Power Factory software.The error and accuracy of the obtained simulation results are analyzed and compared with those of the particle swarm optimization(PSO), IPSO and IPSO-RLS hybrid algorithms.

Does Security of Land Operational Rights Matter for the Improvement of Agricultural Production Efficiency under the Collective Ownership in China?

Under the"separation of three rights"policy,the impact of security of land operationalrights on agricultural production efficiency has attracted much attention in recentyears.Data envelopment analysis and mediation effect analysis were applied to 888family farms run by new-type agricultural operators from Songjiang to identify themechanism of the effect of land operational rights security on agricultural productionefficiency through long-term investment.The results show that greater security of landoperational rights generally increased agricultural production efficiency.Approximately37.94 percent of the impact could be explained by long-term investment.The resultsalso indicate that significant heterogeneity exists in the effect of land operational rightssecurity on agricultural production efficiency at various levels of the family farms'efficiency distributions.lt is suggested that government should legalize land operationalrights and give them a status equal to those of households'contractual rights and landownership rights in China's future land tenure reform.

Real-time security margin control using deep reinforcement leamning

This paper develops a real-time control method based on deep reinforcement learning aimed to determine the optimal control actions to maintain a sufficient secure operating limit.The secure operating limit refers to the limit to the most stressed pre-contingency operating point of an electric power system that can withstand a set of credible contingencies without violating stability criteria.The developed deep reinforcement learning method uses a hybrid control scheme that is capable of simultaneously adjusting both discrete and continuous action variables.The performance is evaluated on a modified version of the Nordic32 test system.The results show that the developed deep reinforcement learning method quickly learns an effective control policy to ensure a sufficient secure operating limit for a range of different system scenarios.The performance is also compared to a control based on a rule-based look-up table and a deep reinforcement learning control adapted for discrete action spaces.The hybrid deep reinforcement learning control managed to achieve significantly better on all of the defined test sets,indicating that the possibility of adjusting both discrete and continuous action variables resulted in a more flexible and efficient control policy.