Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach

Proceedings - 2012 5th International Symposium on Resilient Control Systems, ISRCS 2012

Volumn , Issue , 2012, Pages 55-62

  Yampolskiy, Mark ^a   Horvath, Peter ^a   Koutsoukos, Xenofon D ^a   Xue, Yuan ^a   Sztipanovits, Janos ^a  

^a VANDERBILT UNIVERSITY   (United States)

Author keywords

CPS security; CPS vulnerability assessment; Cyber Physical Attacks; Cyber Physical Systems (CPS); Taxonomy

Indexed keywords

CPS SECURITY; CYBER PHYSICAL SYSTEMS (CPSS); CYBER-ATTACKS; CYBER-PHYSICAL ATTACKS; DATA FLOW DIAGRAMS; MANUAL ANALYSIS; PHYSICAL ELEMENTS; STRUCTURAL ELEMENTS; SYSTEMATIC ANALYSIS; VULNERABILITY ASSESSMENTS;

COMPUTER CRIME; CONTROL SYSTEMS; DATA FLOW GRAPHS; EMBEDDED SYSTEMS; TAXONOMIES;

SECURITY OF DATA;

EID: 84868596713     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISRCS.2012.6309293     Document Type: Conference Paper

References (22)

1. M. Abrams and J. Weiss, "Malicious control system cyber security attack case study-maroochy water services," Australia, NIST, pp. 8-9, 2008.
2. J. Slay and M. Miller, "Lessons learned from the maroochy water breach," Critical Infrastructure Protection, pp. 73-82, 2007.
3. D. Albright, P. Brannan, C. Walrond, I. for Science, and I. Security, "Did stuxnet take out 1,000 centrifuges at the natanz enrichment plant?" Tech. Rep., 2010. [Online]. Available: http://isis-online.org/ uploads/isis-reports/documents/stuxnet FEP 22Dec2010.pdf
4. N. Falliere, L. Murchu, and E. Chien, "W32. stuxnet dossier," White paper, Symantec Corp., Security Response, 2011.
5. A. Cárdenas, S. Amin, and S. Sastry, "Research challenges for the security of control systems," in Proceedings of the 3rd conference on Hot topics in security. USENIX Association, 2008, p. 6.
6. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, "Experimental security analysis of a modern automobile," in Proc. IEEE Symp. Security and Privacy (SP), 2010, pp. 447-462.
7. Y. Mo, T. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, "Cyber-physical security of a smart grid infrastructure," Proceedings of the IEEE, no. 99, pp. 1-15, 2012.
8. J. Laprie, "Dependable computing and fault-tolerance," Digest of Papers FTCS-15, pp. 2-11, 1985. [Online]. Available: http://www. macedo.ufba.br/conceptsANDTermonology.pdf
9. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing," vol. 1, no. 1, pp. 11-33, 2004.
10. S. Schneider, "Security properties and csp," in Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on. IEEE, 1996, pp. 174-187.
11. D. M. Nicol, W. H. Sanders, and K. S. Trivedi, "Model-based evaluation: from dependability to security," vol. 1, no. 1, pp. 48-65, 2004.
12. I. J. H. Marburger and E. F. Kvamme, "Leadership under challenge: Information technology r&d in a competitive world. an assessment of the federal networking and information technology r&d program," Tech. Rep., 2007.
13. S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, "Identifying, understanding, and analyzing critical infrastructure interdependencies," IEEE Control Systems, vol. 21, no. 6, pp. 11-25, 2001.
14. S. M. Rinaldi, "Modeling and simulating critical infrastructures and their interdependencies," in Proc. 37th Annual Hawaii Int System Sciences Conf, 2004.
15. E. Lee, "Cyber physical systems: Design challenges," in Object Oriented Real-Time Distributed Computing (ISORC), 2008 11th IEEE Interna-tional Symposium on. IEEE, 2008, pp. 363-369.
16. S. Burns, "Threat modeling: A process to ensure application security," GIAC Security Essentials Cer-ti?cation (GSEC) Practical Assignment, 2005. [Online]. Available: http://www.sans.org/reading room/whitepapers/securecode/threat-modeling-process-ensure-application-security 1646
17. S. Hernan, S. Lambert, T. Ostwald, and A. Shostack, "Threat modeling-uncover security design flaws using the stride approach," MSDN Magazine-Louisville, pp. 68-75, 2006. [Online]. Available: http://msdn. microsoft.com/en-us/magazine/cc163519.aspx
18. S. Hansman and R. Hunt, "A taxonomy of network and computer attacks," Computers & Security, vol. 24, no. 1, pp. 31-43, 2005.
19. C. Simmons, C. Ellis, S. Shiva, D. Dasgupta, and Q. Wu, "Avoidit: A cyber attack taxonomy," University of Memphis, Technical Report CS-09-003, 2009. [Online]. Available: http://issrl.cs.memphis.edu/files/papers/ CyberAttackTaxonomy IEEE Mag.pdf
20. Asctec hummingbird autopilot. [Online]. Available: http://www.asctec. de/asctec-hummingbird-autopilot-5/
21. M. Howard, D. LeBlanc, S. T. B. Online, and S. B. O. (Firme), Writing secure code. Microsoft press Redmond, WA, 2003, vol. 2.
22. A. Cárdenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, and S. Sastry, "Challenges for securing cyber physical systems," in Workshop on Future Directions in Cyber-physical Systems Security. DHS, 2009.