A survey of fault and attack tree modeling and analysis for cyber risk management

Nagaraju, Vidhyashree; Fiondella, Lance; Wandji, Thierry

doi:10.1109/ths.2017.7943455

Cited by 37 publications

(20 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chockalingam et al [57] present a survey on integrated safety and security risk assessments methods and their application domains. An overview of approaches based on attack and fault trees has been presented by V. Nagaraju et al [58]. In our review, we consider system analyses without a limitation to a particular approach form, moreover identified methods have been analysed depending on more general categories, e.g., association to existing standards, approach validation, etc.…”

Section: Related Workmentioning

confidence: 99%

Safety and Security Co-Analyses: A Systematic Literature Review

Lisova

Šljivo

Čaušević

2019

IEEE Systems Journal

View full text Add to dashboard Cite

Latest technological trends lead towards systems connected to public networks even in critical domains. Bringing together safety and security work is becoming imperative, as a connected safety-critical system is not safe if it is not secure. The main objective of this study is to investigate the current status of safety and security co-analysis in system engineering by conducting a Systematic Literature Review. The steps of the review are the following: the research questions identification; agreement upon a search string; applying the search string to chosen databases; a selection criterion formulation for the relevant publications filtering; selected papers categorization and analysis. We focused on the early system development stages and identified 33 relevant publications categorized as: combined safety and security approaches that consider the mutual influence of safety and security; safety informed security approaches that consider influence of safety on security; security informed safety approaches that consider influence of security on safety. The results showed that a number of identified approaches are driven by needs in fast developing application areas, e.g., automotive, while works focusing on combined analysis are mostly application area independent. Overall, the study shows that safety and security co-analysis is still a developing domain.

show abstract

Section: Related Workmentioning

confidence: 99%

Safety and Security Co-Analyses: A Systematic Literature Review

Lisova

Šljivo

Čaušević

2019

IEEE Systems Journal

View full text Add to dashboard Cite

show abstract

“…The risk assessment in Step 3 of our framework (see Table ) involves the use of fault tree analysis for detailed quantitative assessment along with the safety integrity levels (SILs) defined in standards: EN‐50128 (for railway software), which are based on a common standard defined by IEC (International Electrotechnical Commission), IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety‐related Systems standard), used during the development of a safety critical system from any field of application.…”

Section: Proposed Solutionmentioning

confidence: 99%

A security risk mitigation framework for cyber physical systems

Zahid

Inayat

Daneva

et al. 2019

J Software Evolu Process

View full text Add to dashboard Cite

Cyber physical systems (CPSs) are safety‐critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber‐security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man‐in‐the‐middle attack, spoofing, and data tempering.

show abstract

“…[7]. Carefully thought over tree of the attacks lowers the level of vulnerabilities and risks [8].So, a tree of threats and attacks was constructed to analyze the cyber security of the digital substation ( Fig. 1) A tree of threats and attacks can be constructed for each substation in an understandable form.…”

Section: Tree Of Threats and Attacksmentioning

confidence: 99%

Problems of Cyber Security of Digital Substations

Kolosok¹,

Korkina²

2019

Proceedings of the VIth International Workshop 'Critical Infrastructures: Contingency Management, Intelligent, Agent-Based, Clo

View full text Add to dashboard Cite

Digital substation is a substation with a highly automated control, where almost all processes of information exchange between substation components, communication with external systems, and control of the substation operation are carried out digitally based on IEC 61850 protocols. The high importance of substations for the operation of power systems places unconditional requirements for their cyber security. Data transfer on Ethernet through the process bus and substation bus leads to an increased vulnerability of the digital substation to cyber attacks. The most common cyber attacks and their consequences influencing digital substation operability during cyber attacks, and also countermeasures are analyzed. A tree of threats and attacks to analyze digital substation capability to resist cyber attacks and restore operability after their exposure.

show abstract

A survey of fault and attack tree modeling and analysis for cyber risk management

Cited by 37 publications

References 48 publications

Safety and Security Co-Analyses: A Systematic Literature Review

Safety and Security Co-Analyses: A Systematic Literature Review

A security risk mitigation framework for cyber physical systems

Problems of Cyber Security of Digital Substations

Contact Info

Product

Resources

About