Open this publication in new window or tab >>Show others...
2024 (English)In: ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings, Association for Computing Machinery (ACM) , 2024, article id 121Conference paper, Published paper (Refereed)
Abstract [en]
Cyber-Physical Systems (CPSs) complexity has been continuously increasing to support new life-impacting applications, such as Internet of Things (IoT) devices or Industrial Control Systems (ICSs). These characteristics introduce new critical security challenges to both industrial practitioners and academics. This work investigates how Model-Based System Engineering (MBSE) and attack graph approaches could be leveraged to model secure Cyber-Physical System solutions and identify high-impact attacks early in the system development life cycle. To achieve this, we propose a new framework that comprises (1) an easily adoptable modeling paradigm for Cyber-Physical System representation, (2) an attack-graph-based solution for Cyber-Physical System automatic quantitative security analysis, based on the MulVAL security tool, (3) a set of Model-To-Text (MTT) transformation rules to bridge the gap between SysML and MulVAL. We illustrated the validity of our proposed framework through an autonomous ventilation system example. A Denial of Service (DoS) attack targeting an industrial communication protocol was identified and displayed as attack graphs. In future work, we intend to connect the approach to dynamic security databases for automatic countermeasure selection.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2024
Keywords
Critical Infrastructures, Risk Analysis, Security and Privacy for Cyber-Physical Systems, Security by Design., Threats and Attack Modelling, Usable Security and Privacy
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-351960 (URN)10.1145/3664476.3670470 (DOI)2-s2.0-85200385847 (Scopus ID)
Conference
19th International Conference on Availability, Reliability and Security, ARES 2024, Vienna, Austria, Jul 30 2024 - Aug 2 2024
Note
Part of ISBN 9798400717185
QC 20240827
2024-08-192024-08-192024-08-27Bibliographically approved