Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e1
Context of the Course
and Lasaris lab at FI MU
Barbora Buhnova, PV260 Software Quality, 2023
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e2
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e3
Czech CyberCrime Centre of Excellence C4e
̶ A multidisciplinary center that brings
together expert academic departments to
address complex cyberspace problems
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e4
Cybersecurity Innovation Hub
Coordinated by National Cyber Security Competence Centre (NC3)
̶ Key initiatives
̶ Computer Security Incident Response Team (CSIRT) of MU https://csirt.muni.cz
̶ Lab of Software Architectures and Information Systems https://www.lasaris.cz
̶ Institute of Law and Technology at MU https://cyber.law.muni.cz
̶ CyberRange (Kybernetický polygon, KYPO) https://www.kypo.cz
̶ Collaboration on
̶ Cybersecurity Education (National CyberCzech Technical Exercise,
Cybersecurity Qualification Framework)
̶ Policy and Legislation in Cybersecurity (Cyber Security Act, Methodology)
̶ Partners
̶ Masaryk University, Brno University of Technology
̶ Czech National Cybersecurity Agency, Network Security Monitoring Cluster
̶ Regional Chamber of Commerce, Industry Cluster 4.0
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e5
DIGITALIZATION ADVANCEMENT
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e6
Digitalization as the new Darwinism
̶ Innovation – All major companies evolve through digitalization (or go extinct)
̶ Sustainability – Smart resource utilization (e.g., transportation, power grids,
buildings)
̶ Response to global issues
̶ Population growth in developing world (access to food, water, education, housing, medical care)
̶ Aging population in developed countries (healthcare, support, social inclusion)
̶ Environmental quality (climate change, pollution, renewable energy sources)
̶ Organized crime (terrorism, religious/ethnic/racial conflicts, disinformation, cybercrime)
̶ Automation – Critical processes being automated (autonomous driving, voting)
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e7
The Dual-Use Dilemma
Technology facilitates and speeds up activities around us
̶ Can be used for the good, as well as to cause harm
̶ E.g. it helps people to organize for the good, as well as for the bad
If we want to boost the good, opening up to its enormous potential, we
need to simultaneously boost the protection against the bad
© GAO, U.S. Congress
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e8
Digitalization meets Critical Infrastructures
What makes these
infrastructures critical?
̶ The cyber and physical
space merged into one
̶ If we stayed all digital, not
much would be in danger,
but we go into remote control
of everything
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e9
Context-related Challenges
̶ Hyperconnected world and business landscape, problem cascading,
unpredictable impacts
̶ Uncertainty about the trustability of connected devices
̶ Highly distributed environment, entry points to secure, data
inconsistency, unreliable sensors, partial failures
̶ Securing against threats that are not existing yet
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e10
Engineering for the Unknown
It is no longer enough to engineer systems for problem avoidance
̶ We need to anticipate intentional & unintentional problems on all levels
Prebuilt mechanisms for:
̶ recognizing an attack/fault,
̶ stopping it from propagating,
̶ ensuring safety under attack/fault,
̶ recovering from an attack/failure,
̶ forensics after the attack/failure
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e11
SOFTWARE ARCHITECTURE
SOFTWARE ARCHITECTURE Image from Architecture Review
SOFTWARE ARCHITECTURE Image from Crandall Arambula
SOFTWARE ARCHITECTURE Image from IEEE CSS
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e15
Dimensions and Guidelines
Quality Criteria Architectural Tactics Architectural Patterns
Reference Architectures Technologies Risk Analysis and Policy
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e16
Quality Criteria
̶ Reliability – The probability of correct/failure-free system operation.
̶ Availability – The degree to which a system is fully operational, i.e. up and running.
̶ Security – The ability of a system to prevent unauthorized access and protect the
confidentiality, integrity and availability of data.
̶ Safety – The ability of a system to operate without the danger of causing serious
harm (e.g. human injury).
̶ Robustness – Degree to which a system is able to withstand an unexpected event
without quality degradation.
̶ Resilience – The ability of a system to recover quickly after a disaster.
Barbora Buhnova / © Awais Rashid, University of Bristol (UK)17
Intentional vs. Unintentional Issues and Causes
̶ Threat/Vulnerability/Incident – Security, Safety
̶ Fault/Failure – Reliability, Availability
VULNERABILITY
Barbora Buhnova / FI MU / Czech CyberCrime Centre of Excellence C4e18
Thank you for your attention
Czech CyberCrime Centre of Excellence C4e
̶ A multidisciplinary center that brings together
expert academic departments to address complex
cyberspace problems
Barbora Buhnova, FI MU Brno
buhnova@fi.muni.cz
www.fi.muni.cz/~buhnova