Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

Jiang Jiang,Yongxiang Xia,Sheng Xu,Hui-Liang Shen,Jiajing Wu

DOI: https://doi.org/10.1063/1.5139254

2020-01-01

Abstract:Cyber-physical systems (CPSs) are integrations of information technology and physical systems, which are more and more significant in society. As a typical example of CPSs, smart grids integrate many advanced devices and information technologies to form a safer and more efficient power system. However, interconnection with the cyber network makes the system more complex, so that the robustness assessment of CPSs becomes more difficult. This paper proposes a new CPS model from a complex network perspective. We try to consider the real dynamics of cyber and physical parts and the asymmetric interdependency between them. Simulation results show that coupling with the communication network makes better robustness of power system. But since the influences between the power and communication networks are asymmetric, the system parameters play an important role to determine the robustness of the whole system.

Marius-Constantin Ilau,Tristan Caulfield,David Pym

2024-07-10

Abstract:The nature of information security has been, and probably will continue to be, marked by the asymmetric competition of attackers and defenders over the control of an uncertain environment. The reduction of this degree of uncertainty via an increase in understanding of that environment is a primary objective for both sides. Models are useful tools in this context because they provide a way to understand and experiment with their targets without the usual operational constraints. However, given the technological and social advancements of today, the object of modelling has increased in complexity. Such objects are no longer singular entities, but heterogeneous socio-technical systems interlinked to form large-scale ecosystems. Furthermore, the underlying components of a system might be based on very different epistemic assumptions and methodologies for construction and use. Naturally, consistent, rigorous reasoning about such systems is hard, but necessary for achieving both security and resilience. The goal of this paper is to present a modelling approach tailored for heterogeneous systems based on three elements: an inferentialist interpretation of what a model is, a distributed systems metaphor to structure that interpretation and a co-design cycle to describe the practical design and construction of the model. The underlying idea is that an open world interpretation, supported by a formal, yet generic abstraction facilitating knowledge translation and providing properties for structured reasoning and, used in practice according to the co-design cycle could lead to models that are more likely to achieve their pre-stated goals. We explore the suitability of this method in the context of three different security-oriented models: a physical data loss model, an organisational recovery under ransomware model and an surge capacity trauma unit model.

Software Engineering,Cryptography and Security

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Georgios Bakirtzis,Tim Sherburne,Stephen Adams,Barry M. Horowitz,Peter A. Beling,Cody H. Fleming

DOI: https://doi.org/10.1007/s10270-021-00892-z

2021-06-01

Abstract:Abstract Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.

computer science, software engineering

Christophe Ponsard

2024-09-12

Abstract:Nowadays, companies are highly exposed to cyber security threats. In many industrial domains, protective measures are being deployed and actively supported by standards. However the global process remains largely dependent on document driven approach or partial modelling which impacts both the efficiency and effectiveness of the cybersecurity process from the risk analysis step. In this paper, we report on our experience in applying a model-driven approach on the initial risk analysis step in connection with a later security testing. Our work rely on a common metamodel which is used to map, synchronise and ensure information traceability across different tools. We validate our approach using different scenarios relying domain modelling, system modelling, risk assessment and security testing tools.

Cryptography and Security,Software Engineering

Michael D. Norman,Matthew T. K. Koehler,Matthew T.K. Koehler

DOI: https://doi.org/10.48550/arXiv.1706.08598

2017-06-19

Physics and Society

Abstract:In a world of ever-increasing systems interdependence, effective cybersecurity policy design seems to be one of the most critically understudied elements of our national security strategy. Enterprise cyber technologies are often implemented without much regard to the interactions that occur between humans and the new technology. Furthermore, the interactions that occur between individuals can often have an impact on the newly employed technology as well. Without a rigorous, evidence-based approach to ground an employment strategy and elucidate the emergent organizational needs that will come with the fielding of new cyber capabilities, one is left to speculate on the impact that novel technologies will have on the aggregate functioning of the enterprise. In this paper, we will explore a scenario in which a hypothetical government agency applies a complexity science perspective, supported by agent-based modeling, to more fully understand the impacts of strategic policy decisions. We present a model to explore the socio-technical dynamics of these systems, discuss lessons using this platform, and suggest further research and development.

Ioannis Zografopoulos,Juan Ospina,XiaoRui Liu,Charalambos Konstantinou

DOI: https://doi.org/10.48550/arXiv.2101.10198

2021-01-25

Cryptography and Security

Abstract:Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the system's performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.

Salim Chehida,Eric Rutten,Guillaume Giraud,Stéphane Mocanu

DOI: https://doi.org/10.1016/j.sysarc.2024.103118

IF: 5.836

2024-03-24

Journal of Systems Architecture

Abstract:Security risk assessment is an important challenge in the design of Cyber Physical Systems (CPS). Even more importantly, the intrinsically dynamical nature of these systems, due to changes in their environment, as well as evolutions in their infrastructures, makes them self-adaptive systems, where security aspects have to be considered in terms of management of detections and reactions for self-protection. In this work, we propose an approach to autonomously mitigate the threats in each reconfiguration at application or infrastructure levels of CPS. We propose and implement a framework for self-adaptive security: software architecture, design method, and integration with model-based decision. We use Attack-Defense Trees for modeling threats, and our approach involves security risk assessment, taking into account its balancing and coordination with quality-of-service aspects. We formulate and formalize the on-line decision problem to be solved at each cycle of the self-adaptation control loop in terms of Constraint Programming (CP) modeling and resolution. The CP model implements a set of constraints that allow to specify secure configurations, evaluated regarding their impact on system performance to pinpoint the most relevant one portraying a good balance between the security and quality of service. We perform validation of our approach with its application to Smart Grids, more particularly to an industrial case study from RTE (the French Energy Transmission company).

computer science, software engineering, hardware & architecture

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Marek Amanowicz,Mariusz Kamola

DOI: https://doi.org/10.3390/electronics11223835

IF: 2.9

2022-11-22

Electronics

Abstract:Protection against a growing number of increasingly sophisticated and complex cyberattacks requires the real-time acquisition of up-to-date information on identified threats and their potential impact on an enterprise's operation. However, the complexity and variety of IT/OT infrastructure interdependencies and the business processes and services it supports significantly complicate this task. Hence, we propose a novel solution here that provides security awareness of critical infrastructure entities. Appropriate measures and methods for comprehensively managing cyberspace security and resilience in an enterprise are provided, and these take into account the aspects of confidentiality, availability, and integrity of the essential services offered across the underlying business processes and IT infrastructure. The abstraction of these entities as business objects is proposed to uniformly address them and their interdependencies. In this paper, the concept of modeling the cyberspace of interdependent services, business processes, and systems and the procedures for assessing and predicting their attributes and dynamic states are depicted. The enterprise can build a model of its operation with the proposed formalism, which takes it to the first level of security awareness. Through dedicated simulation procedures, the enterprise can anticipate the evolution of actual or hypothetical threats and related risks, which is the second level of awareness. Finally, simulation-driven analyses can serve in guiding operations toward improvement with respect to resilience and threat protection, bringing the enterprise to the third level of awareness. The solution is also applied in the case study of an essential service provider.

engineering, electrical & electronic,computer science, information systems,physics, applied

Valentina Casola,Alessandra De Benedictis,Carlo Mazzocca,Rebecca Montanari

DOI: https://doi.org/10.1109/tetc.2022.3197464

2022-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Cyber-physical systems (CPSs) rely upon the deep integration of computation and physical processes/systems, enabled by Internet of Things (IoT), edge computing, and cloud technologies. Noticeably, cybersecurity is a major concern in CPSs, since attacks may exploit both cyber and physical vulnerabilities and damage significantly physical equipment, compromise operational safety, and impact negatively on product quality and performance. In this context, CPS design should take both security and resilience requirements into account, by identifying the needed measures not only to prevent but also to withstand, recover from, and adapt to adverse conditions and attacks. The approach proposed in this paper aims at improving the security and resilience of a CPS deployment through a model-based design methodology leveraging security-by-design principles and Moving Target Defense (MTD) techniques, consisting in continually shifting a system configuration to reduce the attack success probability and survive attacks. Our methodology, in particular, is meant to support the threat modeling process of a CPS and the identification, based on spotted threats and on the properties of involved assets and data, of the security controls to include within the design to mitigate existing threats and of the MTD techniques to integrate in order to increase resilience.

computer science, information systems,telecommunications

Shaofei Huang,Christopher M. Poskitt,Lwin Khin Shar

2024-09-19

Abstract:Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the inherent weaknesses of critical infrastructure reliant on CPS. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system lifecycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for CPS security. A systematic search yielded 428 articles, from which 15 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the lifecycle of CPS, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Cryptography and Security

Georgios Bakirtzis,Garrett L. Ward,Christopher J. Deloglos,Carl R. Elks,Barry M. Horowitz,Cody H. Fleming

DOI: https://doi.org/10.1109/DSN-S50200.2020.00021

2020-05-01

Abstract:Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyber-physical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.

Cryptography and Security,Systems and Control

Phu H. Nguyen,Shaukat Ali,Tao Yue

DOI: https://doi.org/10.1016/j.infsof.2016.11.004

2017-01-01

Abstract:ContextCyber-physical systems (CPSs) have emerged to be the next generation of engineered systems driving the so-called fourth industrial revolution. CPSs are becoming more complex, open and more prone to security threats, which urges security to be engineered systematically into CPSs. Model-Based Security Engineering (MBSE) could be a key means to tackle this challenge via security by design, abstraction, and automation. ObjectiveWe aim at providing an initial assessment of the state of the art in MBSE for CPSs (MBSE4CPS). Specifically, this work focuses on finding out 1) the publication statistics of MBSE4CPS studies; 2) the characteristics of MBSE4CPS studies; and 3) the open issues of MBSE4CPS research. MethodWe conducted a systematic mapping study (SMS) following a rigorous protocol that was developed based on the state-of-the-art SMS and systematic review guidelines. From thousands of relevant publications, we systematically identified 48 primary MBSE4CPS studies for data extraction and synthesis to answer predefined research questions. ResultsSMS results show that for three recent years (2014-2016) the number of primary MBSE4CPS studies has increased significantly. Within the primary studies, the popularity of using Domain-Specific Languages (DSLs) is comparable with the use of the standardised UML modelling notation. Most primary studies do not explicitly address specific security concerns (e.g., confidentiality, integrity) but rather focus on security analyses in general on threats, attacks or vulnerabilities. Few primary studies propose to engineer security solutions for CPSs. Many focus on the early stages of development lifecycle such as security requirement engineering or analysis. ConclusionThe SMS does not only provide the state of the art in MBSE4CPS, but also points out several open issues that would deserve more investigation, e.g., the lack of engineering security solutions for CPSs, limited tool support, too few industrial case studies, and the challenge of bridging DSLs in engineering secure CPSs.

Simon Yusuf Enoch,Mengmeng Ge,Jin B. Hong,Dong Seong Kim

DOI: https://doi.org/10.1109/rams48097.2021.9605784

2021-05-24

Abstract:Summary & Conclusions Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software- Defined Networking, and Moving Target Defenses. Moreover, we discuss the pros and cons of each variant of HARM based on its applications and usage. Furthermore, several security metrics have been developed to be used with the graphical security model (including HARMs) to analyze the security posture of the systems and evaluate the effectiveness of defense mechanisms which is also being taken as input into optimization algorithms to compute optimal defense deployment. Thus, we provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.

Uchenna D Ani,Jeremy D McK Watson,Nilufer Tuptuk,Steve Hailes,Madeline Carr,Carsten Maple

DOI: https://doi.org/10.48550/arXiv.2208.07965

2022-08-16

Cryptography and Security

Abstract:The UK Critical National Infrastructure is critically dependent on digital technologies that provide communications, monitoring, control, and decision-support functionalities. Digital technologies are progressively enhancing efficiency, reliability, and availability of infrastructure, and enabling new benefits not previously available. These benefits can introduce vulnerabilities through the connectivity enabled by the digital systems, thus, making it easier for would-be attackers, who frequently use socio-technical approaches, exploiting humans-in-the-loop to break in and sabotage an organization. Therefore, policies and strategies that minimize and manage risks must include an understanding of operator and corporate behaviors, as well as technical elements and the interfaces between them and humans. Better security via socio-technical security Modelling and Simulation can be achieved if backed by government effort, including appropriate policy interventions. Government, through its departments and agencies, can contribute by sign-posting and shaping the decision-making environment concerning cybersecurity M&S approaches and tools, showing how they can contribute to enhancing security in Modern Critical Infrastructure Systems.

Carlos Rubio-Medrano,Josephine Lamp,Vu Coughlin,Ziming Zhao,Anna Scaglione

2017-01-01

Abstract:Description of research activity: Our approach is described as follows: first, we provide support for the creation of dedicated repositories depicting security requirements, which are to be modeled leveraging ontological representations, in such a way that an unambiguous and comprehensive description of requirements, as well as common vulnerabilities and exposures (CVEs) (Mitre 2016), is synthesized cohesively. Using ontologies, the relationships between different security concepts can be better modeled, thus allowing for the exploration and discovery of similar and complimentary requirements obtained from different sources. We have identified already a starting collection of documents which we plan to enhance over time as a result of our interactions with both industry and academic partners, in such a way that our requirements repository is effectively constructed from source materials that are deemed as relevant by the EDS and cybersecurity communities.

Robert Laddaga,Paul Robertson,Howard Shrobe,Dan Cerys,Prakash Manghwani,Patrik Meijer

DOI: https://doi.org/10.48550/arXiv.1901.01867

2019-01-07

Cryptography and Security

Abstract:Today's cyber physical systems (CPS) are not well protected against cyber attacks. Protected CPS often have holes in their defense, due to the manual nature of today's cyber security design process. It is necessary to automate or semi-automate the design and implementation of CPS to meet stringent cyber security requirements (CSR), without sacrificing functional performance, timing and cost constraints. Step one is deriving, for each CPS, the CSR that flow from the particular functional design for that CPS. That is the task assumed by our system, Deriving Cyber-security Requirements Yielding Protected Physical Systems - DCRYPPS. DCRYPPS applies Artificial Intelligence (AI) technologies, including planning and model based diagnosis to an important area of cyber security.