A threat analysis methodology for smart home scenarios

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8448, Issue , 2014, Pages 94-124

  Beckers, Kristian ^a   Faßbender, Stephan ^a   Heisel, Maritta ^a   Suppan, Santiago ^b  

^a UNIVERSITY OF DUISBURG ESSEN   (Germany)

^b SIEMENS AG   (Germany)

Author keywords

Attack pattern; Context; Requirements engineering; Smart grid; Threat analysis

Indexed keywords

AUTOMATION; DATA FLOW ANALYSIS; DATA FLOW GRAPHS; INTELLIGENT BUILDINGS; MOBILE SECURITY; REQUIREMENTS ENGINEERING;

ASSET IDENTIFICATION; ATTACK PATTERNS; CONTEXT; ENVIRONMENTAL-FRIENDLY; SCENARIO DEFINITIONS; SECURITY DEVELOPMENT LIFECYCLE; SMART GRID; THREAT ANALYSIS;

SMART POWER GRIDS;

EID: 84927612152     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-10329-7_7     Document Type: Conference Paper

References (32)

1. Beckers, K., Faßbender, S., Heisel, M.: A meta-model approach to the fundamentals for a pattern language for context elicitation. In: Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop), ACM (2013) (Accepted for Publication)
2. Howard, M., Lipner, S.: The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, Cambridge (2006)
3. Aloula, F., Al-Alia, A.R., Al-Dalkya, R., Al-Mardinia, M., El-Hajj, W.: Smart grid security: threats, vulnerabilities and solutions. Int. J. Smart Grid Clean Energy 1(1), 1–6 (2012)
4. Lin, H., Fang, Y.: Privacy-aware profiling and statistical data extraction for smart sustainable energy systems. IEEE Trans. Smart Grid 4(1), 332–340 (2013)
5. NIST: Guidelines for smart grid cyber security (2010)
6. Geer, D.: Are companies actually using secure development life cycles? Computer 43(6), 12–16 (2010)
7. Win, B.D., Scandariato, R., Buyens, K., Gregoire, J., Joosen, W.: On the secure software development process: Clasp, {SDL} and touchpoints compared. Inf. Softw. Technol. 51(7), 1152–1171 (2009). Special Section: Software Engineering for Secure Systems Software Engineering for Secure Systems
8. SANS: Sans - a member of the microsoft security development lifecycle (sdl) pro network (2014). http://www.sans.org/security-resources/microsoft-sdl
9. OWASP: CLASP (Comprehensive, Lightweight Application Security Process). Technical report, The Open Web Application Security Project (OWASP) (2011). https://www.owasp.org/index.php/Category:OWASP CLASP Project
10. Commission of the European communities.: Communication from the commission to the european parliament, the council, the European economic and social committee and the committee of the regions (2011)
11. Lu, Z., Lu, X., Wang, W., Wang, C.: Review and evaluation of security threats on the communication networks in the smart grid. In: Military Communications Conference, 2010 - MILCOM 2010, pp. 1830–1835 (2010)
12. Wang, W., Lu, Z.: Survey cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013)
13. Yang, Y., Littler, T., Sezer, S., McLaughlin, K., Wang, H.: Impact of cyber-security issues on smart grid. In: 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe), pp. 1–7 (2011)
14. McDaniel, P., McLaughlin, S.: Security and privacy challenges in the smart grid. IEEE Secur. Priv. 7(3), 75–77 (2009)
15. Tøndel, I.A., Jaatun, M.G., Line, M.B.: Security threats in demo steinkjer - report from the telenor-sintef collaboration project on smart grids. Technical report, SINTEF/ NTNU (2012)
16. Dhillon, D.: Developer-driven threat modeling: lessons learned in the trenches. IEEE Secur. Priv. 9(4), 41–47 (2011)
17. ISO/IEC: Information technology - Security techniques - Information security management systems - Requirements. ISO/IEC 27001, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), Geneva, Switzerland (2005)
18. Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)
19. Beckers, K., Cote, I., Hatebur, D., Faßbender, S., Heisel, M.: Common criteria compliAnt software development (CC-CASD). In: Proceedings 28th Symposium on Applied Computing, pp. 937–943. ACM (2013)
20. Beckers, K., Hatebur, D., Heisel, M.: A problem-based threat analysis in compliance with common criteria. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES), pp. 111–120. IEEE Computer Society (2013)
21. Beckers, K., Kuster, J.C., Faßbender, S., Schmidt, H.: Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES), pp. 327–333. IEEE Computer Society (2011)
22. Beckers, K., Faßbender, S.: Peer-to-peer driven software engineering considering security, reliability, and performance. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 2nd InternationalWorkshop on Resilience and IT-Risk in Social Infrastructures(RISI 2012), pp. 485–494. IEEE Computer Society (2012)
23. Beckers, K., Faßbender, S., Heisel, M., Meis, R.: Pattern-based context establishment for service-oriented architectures. In: Heisel, M. (ed.) Software Service and Application Engineering. LNCS, vol. 7365, pp. 81–101. Springer, Heidelberg (2012)
24. Beckers, K., Faßbender, S., Küster, J.-C., Schmidt, H.: A pattern-based method for identifying and analyzing laws. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 256–262. Springer, Heidelberg (2012)
25. BSI: Protection Profile for the Gateway of a Smart Metering System (Gateway PP). Version 01.01.01(final draft), Bundesamt f¨ur Sicherheit in der Informationstechnik (BSI) - Federal Office for Information Security Germany, Bonn, Germany (2011). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/SmartMeter/PP-SmartMeter.pdf? blob=publicationFile
26. BSI: Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP). Version 1.0, Bundesamt f¨ur Sicherheit in der Informationstechnik (BSI) - Federal Office for Information Security Germany, Bonn, Germany (2013). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/SmartMeter/PPSecurity%20Module.pdf?blob=publicationFile
27. OPEN node project: Evaluation of general requirements according state of the art. Technical report, OPEN node project (2010)
28. OPEN node project: Functional Use cases. Technical report, OPEN node project (2011)
29. OPEN meter project: D1.1 Requirements of AMI. Technical report, OPEN meter project (2009)
30. Department of Energy and Climate Change: Smart metering implementation programme, response to prospectus consultation, overview document. Technical report, Office of Gas and Electricity Markets (2011)
31. Department of Energy and Climate Change: Smart metering implementation programme, response to prospectus consultation, design requirements. Technical report, Office of Gas and Electricity Markets (2011)
32. Mohsenian-Rad, A.H., Wong, V., Jatskevich, J., Schober, R., Leon-Garcia, A.: Autonomous demand-side management based on game-theoretic energy consumption scheduling for the future smart grid. IEEE Trans. Smart Grid 1(3), 320–331 (2010)