Abstract:Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a mod… Show more
“…However, each element of the system model is described by a standardized schema as presented by Bakirtzis et al [11]. It is, therefore, not necessary to capture this model in SysML.…”
Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safetycritical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such system models. We propose the cybersecurity body of knowledge (CYBOK), which takes in sufficiently characteristic models of systems and acts as a search engine for potential attack vectors. CYBOK is fundamentally an algorithmic approach to vulnerability exploration, which is a significant extension to the body of knowledge it builds upon. By using CYBOK, security analysts and system designers can work together to assess the overall security posture of systems early in their lifecycle, during major design decisions and before final product designs. Consequently, assisting in applying security earlier and throughout the systems lifecycle.Index Terms-Cyber-physical systems, security, safety, modelbased engineering. arXiv:1909.02923v1 [eess.SY]
“…However, each element of the system model is described by a standardized schema as presented by Bakirtzis et al [11]. It is, therefore, not necessary to capture this model in SysML.…”
Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safetycritical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such system models. We propose the cybersecurity body of knowledge (CYBOK), which takes in sufficiently characteristic models of systems and acts as a search engine for potential attack vectors. CYBOK is fundamentally an algorithmic approach to vulnerability exploration, which is a significant extension to the body of knowledge it builds upon. By using CYBOK, security analysts and system designers can work together to assess the overall security posture of systems early in their lifecycle, during major design decisions and before final product designs. Consequently, assisting in applying security earlier and throughout the systems lifecycle.Index Terms-Cyber-physical systems, security, safety, modelbased engineering. arXiv:1909.02923v1 [eess.SY]
“…Furthermore, since this model is intended for security analysis, a component should be characterized by a set of attributes relevant to its security. These component attributes include: its operating system, hardware, firmware, software, communication protocols, and entry points . We use SysML part properties to define these attributes for a particular component.…”
Section: Mission‐aware Modeling In Sysmlmentioning
confidence: 99%
“…In our previous work, we describe how to generate the mission context information and how the model can be applied to vulnerability analysis . This paper instead focuses on applying the modeling methodology to use a case, assuming that all the information in the model is known ahead of time.…”
Section: Introductionmentioning
confidence: 99%
“…We believe that SysML is an attractive choice for this methodology due to its flexibility for use throughout the system life cycle and its familiarity within industry. In our modeling approach, using SysML does not limit modeling efforts to a single language, as it is transformable into a graph structure and can be input to other analysis techniques through this more generalized schema . However, it does provide a medium to reason how requirements are connected to behaviors, and, further, how those behaviors are implemented in a modeled system architecture.…”
Cyber‐physical systems (CPS) present a unique modeling challenge due to their numerous heterogeneous components, complex physical interactions, and disjoint communication networks. Modeling CPS to aid security analysis further adds to these challenges, because securing CPS requires not only understanding of the system architecture, but also the system's role within its broader expected service. This is due to the infeasibility of completely securing every single component, network, and part within a CPS. As such it is necessary to be cognizant of the system's expected service, or mission, so that the effects of an exploit can be mitigated and the system can perform its mission at least in a partially degraded manner—in other words, a mission‐aware approach to security. As such, a security analysis methodology based on this philosophy is greatly aided by the creation of a model that combines system architecture information, its admissible behaviors, and its mission context. This paper presents a technique for creating such a model using the Systems Modeling Language.
“…The red team effort in particular allows for the use of tool-based support for providing historical evidence of cyber attacks that take advantage of similar system components or architectures. As described in [24][25][26], natural language processing (NLP) techniques can be used to search attack databases and support the red team in making their judgments on the system.…”
Despite “cyber” being in the name, cyber–physical systems possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. Furthermore, vulnerabilities to cyber–physical systems can have significant safety implications. The physical and cyber interactions inherent in these systems require that cyber vulnerabilities not only be defended against or prevented, but that the system also be resilient in the face of successful attacks. Given the complex nature of cyber–physical systems, the identification and evaluation of appropriate defense and resiliency strategies must be handled in a targeted and systematic manner. Specifically, what resiliency strategies are appropriate for a given system, where, and which should be implemented given time and/or budget constraints? This paper presents two methodologies: (1) the cyber security requirements methodology and (2) a systems-theoretic, model-based methodology for identifying and prioritizing appropriate resiliency strategies for implementation in a given system and mission. This methodology is demonstrated using a case study based on a hypothetical weapon system. An assessment and comparison of the results from the two methodologies suggest that the techniques presented in this paper can augment and enhance existing systems engineering approaches with model-based evidence.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.