Analyzing the Impact of Cyberattacks on Industrial Control Systems using Timed Automata

Jawad, Alvi; Jaskolka, Jason

doi:10.1109/qrs54544.2021.00106

Cited by 8 publications

(7 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(iv) Results (R Sec ): Table 2. Some security assessment results 15 Each figure is an average of 10 consecutive measurements.…”

Section: Example 5 (Security Verification)mentioning

confidence: 99%

“…The positive and negative impacts of the evaluated countermeasures are then assessed by comparing the verification results. Formal modeling and verification for the assessment of cybersecurity-related events (countermeasures deployment, attacks) is well-suited to the context of CPS -including ICS -, and further promising contributions have been proposed by Jawad et Jaskolka in [15] regarding the impact assessment of cyberattacks, and by Jawad et al in [16] where the authors model a botnet infrastructure with UPPAAL NTAs and evaluate the efficiency of a countermeasure thanks to simulation. Nevertheless, as we explained in [24], a drawback of our previous approach [26] is that the NTA-based modeling formalism lacks in expressiveness with respect to data security aspects: for instance, data confidentiality is here modeled in a too simplistic way, with a boolean variable modeling an illegitimate access to the component processing the data.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

W-Sec: A Model-Based Formal Method for Assessing the Impacts of Security Countermeasures

Sultan

Apvrille

Jaillon

et al. 2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

The chapter provides a detailed description of W-Sec, a formal model-based countermeasures' impact assessment method. It also introduces a new formal definition of the two SysML profiles used in SysML-Sec and W-Sec, enabling (i) for the future automation of several W-Sec stages and (ii) for the definition of consistency rules ensuring the consistency of the models written in these two distinct modeling languages. In addition, the chapter evaluates W-Sec with a new industry 4.0 case-study and discusses the strengths and the current limitations of the approach in this new application field.

show abstract

“…(iv) Results (R Sec ): Table 2. Some security assessment results 15 Each figure is an average of 10 consecutive measurements.…”

Section: Example 5 (Security Verification)mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

W-Sec: A Model-Based Formal Method for Assessing the Impacts of Security Countermeasures

Sultan

Apvrille

Jaillon

et al. 2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…Furthermore, targeted spoofing attacks on one or more system agents may result in an unexpected sequence of events, leading to unpredictable outcomes. Such deviations from the normal behavior can lead to system malfunctions as well as damage to the production equipment or the final products [JJ21a].…”

Section: Threats To the Systemmentioning

confidence: 99%

“…A method to automatically generate timed automata models does not exist, and as such, for large ICSs, it becomes a largely manual and time-consuming practice [JJ21a].…”

Section: Prior Requirementsmentioning

confidence: 99%

“…The work is also heavily focused on clarity instead of trying to demonstrate the efficacy of the approach on a complicated system. While small, the illustrative MCCS contains the necessary internal component communication, dependencies, and timeconstrained actions commonly found in almost all ICS [JJ21a]. It is important to understand that we do not necessarily need to model every component of the target system.…”

Section: Modeling Considerationsmentioning

confidence: 99%

See 1 more Smart Citation

A Cyberattack Impact Analysis Approach for Industrial Control Systems

Jawad¹

View full text Add to dashboard Cite

Many of today's critical infrastructures, including Industrial Control Systems (ICSs), are evolving with the integration of numerous connected cyber components with legacy systems. This evolution has exposed ICS to a wide range of security vulnerabilities, requiring different cybersecurity considerations. Understanding how severely cyberattacks can exploit such system vulnerabilities to disrupt or delay system operations is paramount for developing targeted and effective defenses.In this thesis, we present a four-stage impact analysis approach to observe and characterize the manifold impact of cyberattacks on ICS operations. Representative tampering and spoofing attacks demonstrated on a timed automata model of a manufacturing cell control system show how classical and statistical model checking, respectively, are effective at identifying and quantifying the severity of cyberattack impact on ICS mission objectives. Furthermore, the impact analysis results provide extensive insight into the varying impact caused by different attackers and how systems with defenses can mitigate such impacts.iii This work began with a collection of fragmented ideas on viewing system security from a different perspective, which has since evolved into something much more. The work itself, and my growth during its progress, would not be possible without the sincere and unwavering support from my supervisor Professor Jason Jaskolka. His guidance, most times as a supervisor but at times as a guardian or even an elder brother, has helped me pull through the hardest of times. I am grateful beyond words.I thank my colleagues for creating an earnest yet relaxing environment to blend in. A very special thank you goes to Joe Samuel for his overwhelmingly optimistic influence, and more importantly, for simply being a great friend.I express my sincere gratitude to Dr. Mohammad T. Kawser, who, even during his unimaginably agonizing moments, guided me to explore the fundamentals of research. I thank Professor Abdur Rouf and Dr. Rifat Ahmed for being the two best teachers in my life and allowing me to clearly see where my interests and ultimate goals lie.Lastly, I convey my heartfelt gratitude to my family for supporting me with everything they had throughout my journey so far.

show abstract

Defense Models for Data Recovery in Industrial Control Systems

Jawad¹,

Jaskolka²

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Analyzing the Impact of Cyberattacks on Industrial Control Systems using Timed Automata

Cited by 8 publications

References 39 publications

W-Sec: A Model-Based Formal Method for Assessing the Impacts of Security Countermeasures

W-Sec: A Model-Based Formal Method for Assessing the Impacts of Security Countermeasures

A Cyberattack Impact Analysis Approach for Industrial Control Systems

Defense Models for Data Recovery in Industrial Control Systems

Contact Info

Product

Resources

About