Threat modeling in cyber-physical systems

被引:17
作者
Fernandez, Eduardo B. [1 ]
机构
[1] Florida Atlantic Univ, Boca Raton, FL 33431 USA
来源
2016 IEEE 14TH INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, 14TH INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, 2ND INTL CONF ON BIG DATA INTELLIGENCE AND COMPUTING AND CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/DATACOM/CYBERSC | 2016年
关键词
Cyber-physical systems; threat modeling; misuse patterns; secure systems design; security patterns; ELICITING SECURITY REQUIREMENTS;
D O I
10.1109/DASC-PICom-DataCom-CyberSciTec.2016.89
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
To design a secure system we need to understand its possible threats; more specifically we need to understand how the components of the architecture are compromised and used by an attacker in order to fulfill his objectives and how the attack proceeds through these units. We can do this using misuse patterns, an artifact we have introduced in earlier work. Threat modeling of IT systems has been widely explored but there is no much work on cyber-physical system (CPS) threats. CPSs are complex and heterogeneous systems and have many vulnerabilities. We discuss here how to extend misuse patterns to describe CPS threats and how to enumerate and unify CPS threats. This approach can be valuable to complement methodologies to build secure CPSs. We show our ideas through a metamodel and an example.
引用
收藏
页码:448 / 453
页数:6
相关论文
共 47 条
[1]   Security aspects of SCADA and DCS environments [J].
Alcaraz, Cristina ;
Fernandez, Gerardo ;
Carvajal, Fernando .
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2012, 7130 :120-149
[2]  
[Anonymous], 1996, PATTERN ORIENTED SOF
[3]  
[Anonymous], 2011, P 6 ACM S INF COMP C, DOI DOI 10.1145/1966913.1966959
[4]  
Archer L., MISUSE PATTERN UNPUB
[5]  
B Fernandez E., 2013, Wiley Series on Software Design Patterns
[6]   Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber-Physical Systems [J].
Banerjee, Ayan ;
Venkatasubramanian, Krishna K. ;
Mukherjee, Tridib ;
Gupta, Sandeep Kumar S. .
PROCEEDINGS OF THE IEEE, 2012, 100 (01) :283-299
[7]   Eliciting security requirements through misuse activities [J].
Braz, Fabricio A. ;
Ferriandez, Eduardo B. ;
VanHilst, Michael .
DEXA 2008: 19TH INTERNATIONAL CONFERENCE ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, 2008, :328-+
[8]  
Carlson Albert H., RAILWAY SECURITY ISS
[9]  
Caselli Marco, 2014, 9 INT C CRIT INF INF
[10]  
Checkoway S., COMPREHENSIVE EXPT A
12345