COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Handbook on Securing Cyber-Physical Critical Infrastructure - 1st Edition - ISBN: 9780124158153, 9780124159105

Handbook on Securing Cyber-Physical Critical Infrastructure

1st Edition

Authors: Sajal Das Krishna Kant Nan Zhang
eBook ISBN: 9780124159105
Hardcover ISBN: 9780124158153
Imprint: Morgan Kaufmann
Published Date: 25th January 2012
Page Count: 848
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.

Key Features

  • Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios
  • Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on
  • Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout


Researchers and security practitioners in relevant application areas such as smart power grid, transportation systems, communication networks, etc. The handbook is also intended to be suitable for advanced courses and seminars as well as graduate students working on various facets of security in cyber and physical systems

Table of Contents


About the Authors



Securing Cyber-Physical Infrastructure Perspectives and Overview of the Handbook

PART I. Theoretical Foundations


Chapter 1. Security and Vulnerability of Cyber-Physical Infrastructure Networks

1.1 Introduction

1.2 Definitions for Security and Vulnerability of Network Dynamics

1.3 Network Control Tools for Characterizing and Designing Security and Vulnerability

1.4 Conclusions and Future Work

Chapter 2. Game Theory for Infrastructure Security

2.1 Introduction

2.2 Preliminaries

2.3 Intent-based Adversary Model for Anomaly Detection

2.4 Intent-based Adversary Model for Anonymous Communication Systems

2.5 Conclusion

Chapter 3. An Analytical Framework for Cyber-Physical Networks

3.1 Introduction

3.2 Spatial Dispersion Models

3.3 CPN Design and Analysis

3.4 CPN Infrastructure Robustness

3.5 Conclusions


Chapter 4. Evolution of Widely Spreading Worms and Countermeasures

4.1 Introduction

4.2 Objectives and strategies of Worm propagator and defender

4.3 Worm Initial Attacks

4.4 Defense against initial attacks

4.5 Worm Evolution

4.6 Defense Evolution versus Worm Evolution

4.7 Final Remarks

PART II. Security for Wireless Mobile Networks


Chapter 5. Mobile Wireless Network Security

5.1 Introduction

5.2 Wireless Communications Security

5.3 Mobility Support Security

5.4 Conclusion and Future Research

Chapter 6. Robust Wireless Infrastructure against Jamming Attacks

6.1 Introduction

6.2 Design Vulnerabilities of Wireless Infrastructure

6.3 Resiliency to Outsider Cross-Layer Attacks

6.4 Resiliency to Insider Cross-Layer Attacks

6.5 Game-Theoretic Models and Mechanisms

6.6 Conclusions

Chapter 7. Security for Mobile Ad Hoc Networks

7.1 Introduction

7.2 Basic Features of Manet

7.3 Security Challenges

7.4 Security Attacks

7.5 Providing Basic Security Infrastructure

7.6 Security Solutions

7.7 Secure AD HOC Routing

7.8 Intrusion Detection and Response

7.9 Conclusions and Future work

Chapter 8. Defending Against Identity-Based Attacks in Wireless Networks

8.1 Introduction

8.2 Feasibility of Launching Identity-Based Attacks

8.3 Preventing Identity-Based Attacks via Authentication

8.4 Defending Against Spoofing Attacks

8.5 Defending Against Sybil Attacks

8.6 A Generalized Identity-Based Attack Detection Model

8.7 Challenges and Research Directions

8.8 Conclusion

PART III. Security for Sensor Networks


Chapter 9. Efficient and Distributed Access Control for Sensor Networks

9.1 Introduction

9.2 Existing Schemes

9.3 System Models and Assumptions

9.4 Scheme I: Uni-Access Query

9.5 Scheme II: Multi-Access Query

9.6 Evaluation

9.7 Conclusion and Future Work

Chapter 10. Defending Against Physical Attacks in Wireless Sensor Networks

10.1 Introduction

10.2 Related Work

10.3 Physical Attacks in Sensor Networks

10.4 Challenges in Defending Against Physical Attacks

10.5 Case Study

10.6 Open Issues

10.7 Conclusions and Future Work

Chapter 11. Node Compromise Detection in Wireless Sensor Networks

11.1 Introduction

11.2 Related Work

11.3 Preliminaries

11.4 Limited Node Compromise Detection

11.5 Wide-spread Node Compromise Detection

11.6 Conclusion and Future Work

PART IV. Platform Security


Chapter 12. Hardware and Security

12.1 Introduction

12.2 Hardware Supply Chain Security

12.3 Hardware Support for Software Security

12.4 Conclusions and Future Work

Chapter 13. Languages and Security

13.1 Introduction

13.2 Compiler Techniques for Copyrights and Watermarking

13.3 Compiler Techniques for Code Obfuscation

13.4 Compiler Techniques for Code Integrity

13.5 Proof-Carrying Code and Authentication

13.6 Static Analysis Techniques and Tools

13.7 Information Flow Techniques

13.8 Rule checking, Verification, and Run-time Support

13.9 Language Modifications for Increased Safety and Security

13.10 Conclusions and Future Work

PART V. Cloud Computing and Data Security


Chapter 14. Protecting Data in Outsourcing Scenarios

14.1 Introduction

14.2 Data Encryption

14.3 Fragmentation for Protecting Data Confidentiality

14.4 Protecting Data Integrity

14.5 Open Issues

14.6 Conclusions


Chapter 15. Data Security in Cloud Computing

15.1 Overview

15.2 Data Security in Cloud Computing

15.3 Commercial and Organizational Practices

15.4 Summary

Chapter 16. Secure Mobile Cloud Computing

16.1 Introduction

16.2 Cloud Computing

16.3 Mobile Cloud Computing Security

16.4 Virtual Node Security

16.5 Virtual Network Security

16.6 Mobile Application Security

16.7 Research Challenges and Open Issues

16.8 Summary and Conclusion

Chapter 17. Relation Privacy Preservation in Publishing Online Social Networks

17.1 Introduction

17.2 Complete Identity Anonymization

17.3 Partially Exposing User Identity

17.4 Completely Disclosing User Identity

17.5 Utility Loss and Privacy Preservation Measures

17.6 Conclusion

PART VI. Event Monitoring and Situation Awareness


Chapter 18. Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure

18.1 Overview

18.2 System Model and Design Principles

18.3 Recent Progress and Major Milestone Results

18.4 Open Problems

18.5 Summary and Future Directions

Chapter 19. Discovering and Tracking Patterns of Interest in Security Sensor Streams

19.1 Introduction

19.2 Sensor Event Analysis for Health Monitoring

19.3 Related Work

19.4 Discovering Activities

19.5 Recognizing Activities

19.6 Validation of Activity Discovery and Tracking Algorithms

19.7 Anomaly Detection

19.8 Conclusions

Chapter 20. Pervasive Sensing and Monitoring for Situational Awareness

20.1 Introduction

20.2 Hierarchical Modeling and Reasoning in Cyber-Physical Systems

20.3 Adaptive Middleware for Cyber-Physical Spaces

20.4 Enabling Scalability in Cyber-Physical Spaces

20.5 Dependability in Sentient Spaces

20.6 Privacy in Pervasive Spaces

20.7 Conclusions

Chapter 21. Sense and Response Systems for Crisis Management

21.1 Introduction

21.2 Decentralized Event Detection

21.3 Agency-Based and Community-Based Systems

PART VII. Policy Issues in Security Management


Chapter 22. Managing and Securing Critical Infrastructure – A Semantic Policy- and Trust-Driven Approach

22.1 Introduction

22.2 Related Work

22.3 A Policy and Trust Framework to Secure CPS

22.4 Prototype Implementations

22.5 Conclusion and Future Work

Chapter 23. Policies, Access Control, and Formal Methods

23.1 Introduction

23.2 Access Control Concepts and Models

23.3 Tools and Methods for Managing Access Control

23.4 Formal Methods

23.5 Access Control for Critical Infrastructures – Open Problems and Possible Approaches

23.6 Concluding Remarks

Chapter 24. Formal Analysis of Policy-Based Security Configurations in Enterprise Networks

24.1 Introduction

24.2 State of the Art

24.3 Formal Verification of Security Policy Implementations

24.4 Verification of IPSec Policies

24.5 Conclusion

24.6 Open Research Problems

PART VIII. Security in Real-World Systems


Chapter 25. Security and Privacy in the Smart Grid

25.1 Introduction

25.2 The Smart Grid

25.3 Security and Privacy Challenges

25.4 Toward a Secure and Privacy-Preserving Smart Grid

25.5 Concluding Remarks

Chapter 26. Cyber-Physical Security of Automotive Information Technology

26.1 Introduction

26.2 Automotive Security Analysis

26.3 ECU Reprogramming Security Issues

26.4 Conclusion


Chapter 27. Security and Privacy for Mobile Health-Care (m-Health) Systems

27.1 Introduction

27.2 Electronic Health Record (EHR)

27.3 Privacy and Security in E-Health Care

27.4 State of the Art Design for Health Information Privacy and Sharing (HIPS)

27.5 Security Analysis

27.6 Conclusion and Future Work


Chapter 28. Security and Robustness in the Internet Infrastructure

28.1 Introduction

28.2 Vulnerabilities in Domain Name Resolution

28.3 Security Solutions for the Domain Name System

28.4 Secure End-to-End Communication Protocols

28.5 Integrity of Internet Routing

28.6 Integrity Below the IP Layer

28.7 Configuration Management Security

28.8 Conclusions and Future Challenges


Chapter 29. Emergency Vehicular Networks

29.1 Introduction

29.2 Emergency Vehicle Support

29.3 The “Emergency” Vehicle Grid

29.4 Basic Urban Grid Routing

29.5 Delay-Tolerant Vehicular Routing

29.6 Mobimesh and Geo-Location Server: Finding the Destination Coordinates During the Emergency

29.7 Content Routing Across the Vanet

29.8 Emergency Video Dissemination

29.9 Vehicular Grid Surveillance

29.10 Map Updates Using Crowdsourcing

29.11 Security in the Emergency Vehicular Network

29.12 Conclusions

Chapter 30. Security Issues in VoIP Telecommunication Networks

30.1 Introduction

30.2 Connection Establishment and Call Routing

30.3 Man-in-the-Middle Attacks

30.4 Voice Pharming

30.5 Billing Attacks

30.6 Security Requirements of a P2P Telecommunication Network

30.7 Small World VIP-P2PSIP-Based on Trust

30.8 Conclusion




No. of pages:
© Morgan Kaufmann 2012
25th January 2012
Morgan Kaufmann
eBook ISBN:
Hardcover ISBN:

About the Authors

Sajal Das

Sajal K. Das is a University Distinguished Scholar Professor of Computer Science and Engineering and the Founding Director of the Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington (UTA).

Affiliations and Expertise

University of Texas at Arlington (UTA).

Krishna Kant

Krishna Kant is currently with George Mason University and on leave of absence from Intel

Corporation where he has worked since 1997. His current areas of research include robustness in the Internet, cloud computing security, and sustainable computing.

Affiliations and Expertise

George Mason University

Nan Zhang

Nan Zhang is an Assistant Professor of Computer Science at the George Washington University, Washington, DC, USA. Prior to joining GWU, he was an assistant professor of Computer Science and Engineering at the University of Texas at Arlington from 2006 to 2008.

His current research interests span security and privacy issues in databases, data mining, and computer networks.

Affiliations and Expertise

George Washington University


"This impressive collection presents different viewpoints on the security of cyber-physical infrastructure. With more than 40 different contributors and 30 chapters organized in eight parts, the authors provide a unique introduction to the current state of the art in this field. The recent rise in both security awareness and the criticality of cyber-physical systems justifies the publishing of such a comprehensive book.", March 2013

Ratings and Reviews