TY - GEN
T1 - A Model-based Approach for Assessing the Security of Cyber-Physical Systems
AU - Teixeira De Castro, Hugo
AU - Hussain, Ahmed
AU - Blanc, Gregory
AU - El Hachem, Jamal
AU - Blouin, Dominique
AU - Leneutre, Jean
AU - Papadimitratos, Panos
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/7/30
Y1 - 2024/7/30
N2 - Cyber-Physical Systems (CPSs) complexity has been continuously increasing to support new life-impacting applications, such as Internet of Things (IoT) devices or Industrial Control Systems (ICSs). These characteristics introduce new critical security challenges to both industrial practitioners and academics. This work investigates how Model-Based System Engineering (MBSE) and attack graph approaches could be leveraged to model secure Cyber-Physical System solutions and identify high-impact attacks early in the system development life cycle. To achieve this, we propose a new framework that comprises (1) an easily adoptable modeling paradigm for Cyber-Physical System representation, (2) an attack-graph-based solution for Cyber-Physical System automatic quantitative security analysis, based on the MulVAL security tool, (3) a set of Model-To-Text (MTT) transformation rules to bridge the gap between SysML and MulVAL. We illustrated the validity of our proposed framework through an autonomous ventilation system example. A Denial of Service (DoS) attack targeting an industrial communication protocol was identified and displayed as attack graphs. In future work, we intend to connect the approach to dynamic security databases for automatic countermeasure selection.
AB - Cyber-Physical Systems (CPSs) complexity has been continuously increasing to support new life-impacting applications, such as Internet of Things (IoT) devices or Industrial Control Systems (ICSs). These characteristics introduce new critical security challenges to both industrial practitioners and academics. This work investigates how Model-Based System Engineering (MBSE) and attack graph approaches could be leveraged to model secure Cyber-Physical System solutions and identify high-impact attacks early in the system development life cycle. To achieve this, we propose a new framework that comprises (1) an easily adoptable modeling paradigm for Cyber-Physical System representation, (2) an attack-graph-based solution for Cyber-Physical System automatic quantitative security analysis, based on the MulVAL security tool, (3) a set of Model-To-Text (MTT) transformation rules to bridge the gap between SysML and MulVAL. We illustrated the validity of our proposed framework through an autonomous ventilation system example. A Denial of Service (DoS) attack targeting an industrial communication protocol was identified and displayed as attack graphs. In future work, we intend to connect the approach to dynamic security databases for automatic countermeasure selection.
KW - Critical Infrastructures
KW - Risk Analysis
KW - Security and Privacy for Cyber-Physical Systems
KW - Security by Design.
KW - Threats and Attack Modelling
KW - Usable Security and Privacy
U2 - 10.1145/3664476.3670470
DO - 10.1145/3664476.3670470
M3 - Conference contribution
AN - SCOPUS:85200385847
T3 - ACM International Conference Proceeding Series
BT - ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings
PB - Association for Computing Machinery
T2 - 19th International Conference on Availability, Reliability and Security, ARES 2024
Y2 - 30 July 2024 through 2 August 2024
ER -