Threat modeling in cyber-physical systems

被引：17

作者：

Fernandez, Eduardo B. ^{[1
]}

机构：

[1] Florida Atlantic Univ, Boca Raton, FL 33431 USA

来源：

2016 IEEE 14TH INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, 14TH INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, 2ND INTL CONF ON BIG DATA INTELLIGENCE AND COMPUTING AND CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/DATACOM/CYBERSC | 2016年

关键词：

Cyber-physical systems; threat modeling; misuse patterns; secure systems design; security patterns; ELICITING SECURITY REQUIREMENTS;

D O I：

10.1109/DASC-PICom-DataCom-CyberSciTec.2016.89

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

To design a secure system we need to understand its possible threats; more specifically we need to understand how the components of the architecture are compromised and used by an attacker in order to fulfill his objectives and how the attack proceeds through these units. We can do this using misuse patterns, an artifact we have introduced in earlier work. Threat modeling of IT systems has been widely explored but there is no much work on cyber-physical system (CPS) threats. CPSs are complex and heterogeneous systems and have many vulnerabilities. We discuss here how to extend misuse patterns to describe CPS threats and how to enumerate and unify CPS threats. This approach can be valuable to complement methodologies to build secure CPSs. We show our ideas through a metamodel and an example.

引用

页码：448 / 453

页数：6

共 47 条

[1] Alcaraz Cristina, 2012, Critical Infrastructure Protection. Information Infrastructure Models, Analysis, and Defense: LNCS 7130, P120, DOI 10.1007/978-3-642-28920-0_7
[2] [Anonymous], 1996, PATTERN ORIENTED SOF
[3] [Anonymous], 2011, P 6 ACM S INF COMP C, DOI DOI 10.1145/1966913.1966959
[4] Archer L., MISUSE PATTERN UNPUB
[5] B Fernandez E., 2013, Wiley Series on Software Design Patterns
[6] Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber-Physical Systems
Banerjee, Ayan
Venkatasubramanian, Krishna K.
Mukherjee, Tridib
Gupta, Sandeep Kumar S.
[J]. PROCEEDINGS OF THE IEEE, 2012, 100 (01) : 283 - 299
[7] Eliciting security requirements through misuse activities
Braz, Fabricio A.
Ferriandez, Eduardo B.
VanHilst, Michael
[J]. DEXA 2008: 19TH INTERNATIONAL CONFERENCE ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, 2008, : 328 - +
[8] Carlson Albert H., RAILWAY SECURITY ISS
[9] Caselli Marco, 2014, 9 INT C CRIT INF INF
[10] Checkoway S., COMPREHENSIVE EXPT A

← 1 2 3 4 5 →