In this paper, the existing models of supply chain resilience assessment are extended by incorporating ripple effect and structure reconfiguration. Ripple effect mitigation control is vital for supply chain risk management from positions of structural resilience and recoverability. The research approach is based on a hybrid fuzzy-probabilistic approach. The genome method is applied with the objective of including the structural properties of supply chain design into resilience assessment. A supply chain design resilience index is developed, and its computation and application are demonstrated. The results suggest a method of comparing different supply chain designs regarding the resilience both to disruption propagation and with recovery consideration. It also allows the identification of groups of critical suppliers whose failure interrupts supply chain operation.

Attribute-Based Access Control (ABAC) model is a perspective access control model for cloud infrastructures used for automation of industrial, transport and energy systems as they include large number of users, resources and dynamical changed permissions. The paper considers the features of ABAC model and the theoretical background for verification of the ABAC policies based on the model checking. The possibility of applying the model checking is justified on the example of the ABAC policy. Implementation of the proposed approach was made using the UPPAAL verification tool. Experimental assessment shows high acceptability of the model checking not only for finding anomalies in ABAC policies but for finding decisions to eliminate them.

This study develops a resilience control model and computational algorithm for simultaneous structural-operational design of supply chain (SC) structural dynamics and recovery policy control. Our model integrates both structural recovery control in the SC as a whole and the corresponding functional recovery control at individual firms in the SC. Such a comprehensive combination is unique in literature and affords more realistic application to SC resilience control decisions. The focus of our study is to advance insights into feedback-driven understanding of resilience within open system control context. We construct a model that allows theorizing the notion of SC resilience within a disruption dynamics profile as a product of degradation and recovery control loops and examine the conditions for changes of disruption profile states. We show that the deviations from the resilient trajectory are associated with structural and performance degradation, and the recovery operations in structural adaptation yield the performance recovery. We contribute to existing works by comprehensively modelling structural dynamics and operational dynamics within an integrated feedback-driven framework to enable proactive SC resilience control. Our approach conceptualizes a new perspective as compared to the more common closed system view where SC resilience is treated from the performance equilibrium point of view. The proposed approach can help explain and improve the firms' operations in multiple ways. First, the combination of structural and functional dynamics can help revealing the latent supply-demand allocations which would be disrupted in case of particular changes in the SC design and suggest re-allocations of supply and demand Second, the model can be used to perform the dynamic analysis of SC disruption and recovery and to explain the reasons of SC performance degradation and restoration. This analysis can be further used to improve SC risk mitigation policies and recovery plans.

Abstract: This paper comprises the development and implementation of systems using the concept of Internet of Things. Due to the active development of industries using the concept of the Internet of Things, the information security problem is getting more and more important. To create a protected module of information-telecommunication system which implements the Internet of Things concept, it is important to take into account all its aspects. To determine relevant threats, it is necessary to use the detailed risk analysis according to existing standards. Then choosing protection measures, one must rely on identified relevant threats. Actual threats and necessary protective actions are determined in this paper for implementation of Smart House computer appliance module, in order to develop a protected part of Smart House, which is necessary for realization of room access control. We solved the following tasks in the work, namely, description of the Smart Home system; description of steps and security evaluation of Smart Home; implementation of hardware assembly and writing a code for the selected fragment of the system; safety evaluation of the selected fragment of Smart House and identification of actual threats; making recommendations to counter threats; software implementation of one of the most important threats and software implementation of protective measures for the selected threat. The key peculiarity of the work is an integrated approach to the design by the use of specific intruder models, analysis of the system’s assets and evaluation of their security. © 2019, Allerton Press, Inc.

The studies on supply chain (SC) disruption management frequently assume the existence of some negative scenarios and suggest ways to proactively protect and reactively recover the SC operations and performance if such scenarios occur. Though, there is a paucity of research on how to support methodologically the detection of realistic disruption scenarios, ideally of different risk aversion degrees. The contribution of our study lies in a conceptualization of a new methodical approach to the detection of disruption scenarios, ripple effect dispersal and recovery paths in supply chains on the basis of structural genomes. The objective is to integrate and expand the existing knowledge gained isolated in robustness analysis and recovery planning into a comprehensive framework for building a theory as well as for managerial purposes. The outcomes of this research constitute a useful decision-making support tool that allows detecting disruption scenarios at different risk-aversion levels based on the quantification of the structural robustness with the use of the genome method and observing the scope of disruption propagation, i.e., the ripple effect. The advantage of using a robustness computation by the genome method is that this allows detecting both the disruption scenarios of different severity, the ripple effect dispersal, and the corresponding recovery paths. Our results can be of value for decision-makers to compare different supply chain structural designs regarding the robustness and to identify disruption scenarios that interrupt the supply chain operations to different extents. The scenario detection can be further used for identifying optimal reconfiguration paths to deploy proactive contingency and reactive recovery policies. We show a correlation between the risk aversion degree of disruption scenarios and the outcomes of the reconfiguration policies.

The analysis of the assessment methods of modern supply chain networks' (SCN) resilience while managing their configuration and reconfiguration under the conditions of predictable disruptions has shown that under the conditions of unpredictable disruptions these methods are not acceptable. In addition, these are not acceptable in case of the design and creation of SCNs, which are completely different in composition and structure from the known SCNs. This situation requires the development of conceptually new methodological foundations for assessing the SCN's resilience and analyzing such an important characteristic of SCN as structural resilience's configuration. The article presents possible ways of assessing the SCN's configurations of structural resilience, which depict the implementation of their own functions by elements and key nodes of the SCN as well as their participation in the production and technological processes of supply chain management. © 2019, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved.

Currently, energy resource exhaustion attacks targeted on modern autonomously working mobile devices are becoming more and more important. The underdevelopment of specialized defenses against energy exhaustion attacks as well as their often hidden nature for the owner of the target device determine a necessity of an integrated approach to modeling and evaluation of this class of attacks and various types of intruders. The paper analyzes conditions of applicability of energy resource exhaustion attacks performed by various classes of intruders, models them on physical implementations of devices for two application areas, and calculates their performance indicators. Application areas are a TCP/IP network of end-user mobile devices and a self-organizing mesh network designed for operational management and emergency response.

The secure functioning of cyber-physical systems depends on the presence and amount of harmful (unwanted and malicious) information in its digital network content. The functioning of cyber-physical systems is carried out in non-stationary conditions and in conditions of continuous exposures. This leads to the uncertainty of indicators (parameters, features) of harmful information that must be assessed in the analytical processing of digital network content. The paper proposes an approach to analyse the sensitivity of algorithms for estimating the status of indicators of harmful information observed in noise. This approach allows one to consider possible errors in the estimation accuracy. It gives the possibility to identify the allowable range of changes in the parameters of the digital network content of cyber-physical systems, within which the requirements for the assessment reliability are met. This, in turn, makes a significant contribution to the effectiveness of harmful information detection and counteraction against it. Accounting for a priori uncertainty of the indicators under various influences is advisable to carry out on the basis of expressions for the sensitivity coefficients (functions) described in the paper.

Currently the problem of monitoring the security of information systems is highly relevant. One of the important security monitoring tasks is to automate the process of determination of the system weaknesses for their further elimination. The paper considers the techniques for analysis of vulnerability indexes and exploit source code, as well as their subsequent classification. The suggested approach uses open security sources and incorporates two techniques, depending on the available security data. The first technique is based on the analysis of publicly available vulnerability indexes of the Common Vulnerability Scoring System for vulnerability classification by weaknesses. The second one complements the first one in case if there are exploits but there are no associated vulnerabilities and therefore the indexes for classification are absent. It is based on the analysis of the exploit source code for the features, i.e. indexes, using graph models. The extracted indexes are further used for weakness determination using the first technique. The paper provides the experiments demonstrating an effectiveness and potential of the developed techniques. The obtained results and the methods for their enhancement are discussed.

Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats. It is relevant for the stage of determining the necessary and sufficient set of security countermeasures for specific information systems. The required set of security response tools and means depends on the determined threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks. The authors applied various classification methods for vulnerabilities considering values of their properties. The paper describes source data used for classification, their preprocessing stage, and the classification results. The obtained results and the methods for their enhancement are discussed.