Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies

被引:26
作者
Barrere, Martin [1 ]
Hankin, Chris [1 ]
Nicolaou, Nicolas [2 ]
Eliades, Demetrios G. [2 ]
Parisini, Thomas [3 ]
机构
[1] Imperial Coll London, Inst Secur Sci & Technol, London, England
[2] Univ Cyprus, KIOS Res & Innovat Ctr Excellence, Nicosia, Cyprus
[3] Imperial Coll London, Dept Elect & Elect Engn, London, England
关键词
Security metric; Industrial control systems; Cyber-physical systems; AND/OR graphs; Hypergraphs; MAX-SAT resolution; CRITICAL NODES; STRUCTURAL CONTROLLABILITY; VULNERABILITY ASSESSMENT; GRAPH GENERATION; NETWORKS; COMPLEXITY; FRAMEWORK; DESIGN; RISK;
D O I
10.1016/j.jisa.2020.102471
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN). (C) 2020 The Authors. Published by Elsevier Ltd.
引用
收藏
页数:17
相关论文
共 100 条
[1]   Identifying critical nodes in undirected graphs: Complexity results and polynomial algorithms for the case of bounded treewidth [J].
Addis, Bernardetta ;
Di Summa, Marco ;
Grosso, Andrea .
DISCRETE APPLIED MATHEMATICS, 2013, 161 (16-17) :2349-2360
[2]  
AKERS SB, 1978, IEEE T COMPUT, V27, P509, DOI 10.1109/TC.1978.1675141
[3]  
Alcaraz C, 2014, IFIP ADV INF COMM TE, V441, P47
[4]  
Alhomidi M. A., 2012, 2012 4th Computer Science and Electronic Engineering Conference (CEEC 2012). Proceedings, P83, DOI 10.1109/CEEC.2012.6375383
[5]   The Maximum Flow Network Interdiction Problem: Valid inequalities, integrality gaps, and approximability [J].
Altner, Douglas S. ;
Ergun, Oezlem ;
Uhan, Nelson A. .
OPERATIONS RESEARCH LETTERS, 2010, 38 (01) :33-38
[6]  
Ammann P., 2002, P 9 ACM C COMP COMM, P217, DOI [DOI 10.1145/586110.586140, 10.1145/586110.586140]
[7]  
Andreeva TV, 2019, DILEMAS CONTEMP-EDUC, V7
[8]  
[Anonymous], 2011, Technical Report NIST Interagency Report 7788
[9]  
[Anonymous], 2019, P MAXSAT EV 2019 MSE
[10]  
[Anonymous], 2005, ANNOTATED REV PAPERS