Attack Modeling for Information Security and Survivability

Moore, Andrew P.; Ellison, Robert J.; Linger, Richard C.

doi:10.21236/ada387544

Cited by 204 publications

(134 citation statements)

References 0 publications

Supporting

Mentioning

128

Contrasting

Unclassified

Order By: Relevance

“…These solutions generate accurate results as compare with other simulation based solutions and attacks within SCADA stations are analyzed and test in real (laboratory) environment (Giani et al, 2008). Several attacks scenarios such as "denial of service attacks, integrity attacks, phishing attacks" are implemented to check the integrity and availability of SCADA communication between field devices and performance impacts on entire system (NSTB, 2009;Moore et al, 2001). …”

Section: Scada Vulnerabilities Potential Thread/attacks and Recommenmentioning

confidence: 99%

The Security Survey and Anaylsis on Supervisory Control and Data Acquisition Communication

Shahzad¹,

Musa²,

Aborujilah³

et al. 2014

Journal of Computer Science

View full text Add to dashboard Cite

The SCADA system connectivity with several open networks using internet facility brought SCADA platform more vulnerable from attacks/threads. Therefore, the detail security review has been conducted, to find the potential security issues which are residing and warming the SCADA communication and also existing potential security solutions that are used to protect the SCADA communication. However, Security deployments are the future tread of this study. This security review is divided into four main sections: (1) Security Analysis for SCADA System, (2) SCADA Security using Cryptography Solution, (3) Key Management and Distribution Protocols for SCADA System and (4) SCADA Communication using Security Patterns. In this study; the SCADA security review has been conducted and generic security solution using cryptography will implement in future.

show abstract

Section: Scada Vulnerabilities Potential Thread/attacks and Recommenmentioning

confidence: 99%

The Security Survey and Anaylsis on Supervisory Control and Data Acquisition Communication

Shahzad¹,

Musa²,

Aborujilah³

et al. 2014

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…(Dawkins et al 2002, IEC1025 1999, Moore et al 2001. For each component, three security attributes exist:…”

Section: The Infrastructure Hypergraphmentioning

confidence: 99%

Hierarchical, model-based risk management of critical infrastructures

Baiardi

Telmon

Sgandurra

2009

Reliability Engineering & System Safety

View full text Add to dashboard Cite

Risk management is a process that includes several steps, from vulnerability analysis to the formulation of a risk mitigation plan that selects countermeasures to be adopted. With reference to an information infrastructure, we present a risk management strategy that considers a sequence of hierarchical models, each describing dependencies among infrastructure components. A dependency exists any time a security related attribute of a component depends upon the attributes of other components. We discuss how this notion supports the formal definition of risk mitigation plan and the evaluation of the infrastructure robustness. A hierarchical relation exists among models that are analyzed because each model increases the level of details of some components in a previous one. Since components and dependencies are modeled through a hypergraph, to increase the model detail level, some hypergraph nodes are replaced by more and more detailed hypergraphs. We show how critical information for the assessment can be automatically deduced from the hypergraph and define conditions that determine cases where a hierarchical decomposition simplifies the assessment. In these cases, the assessment has to analyze the hypergraph that replaces the component rather than applying again all the analyses to a more detailed, and hence larger, hypergraph. We also show how the proposed framework supports the definition of a risk mitigation plan and discuss some indicators of the overall infrastructure robustness. Lastly, the development of tools to support the assessment is discussed.

show abstract

“…Attack trees have been previously proposed [2,8,11,12] as a systematic method to specify system security based on varying attacks. They help organize intrusion and/or misuse scenarios by 1. utilizing known vulnerabilities and/or weak spots in the system, and 2. analyzing system dependencies and weak links and representing these dependencies in the form of an And-Or tree.…”

Section: Modeling Attacks Using Attack Treesmentioning

confidence: 99%

An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems

Ray

Poolsappasit

Dewri

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Pervasive computing applications typically involve cooperation among a number of entities spanning multiple organizations. Any security breach in any single entity can have very far-reaching consequences. In addition, a number of factors make the task of defending against malicious attacks in pervasive systems even more complex than conventional systems. Foremost among them is that a significant number of the devices deployed in such environments are frequently severely resource constrained. Thus strong security controls cannot be easily deployed on these devices. A second factor is that since a large number of such devices are also involved, attacks can propagate very fast in pervasive environments. These prompt us to propose a model for predicting malicious activities in pervasive systems. Our model is based on a logic of opinion that has been proposed elsewhere. Ours is not an intrusion detection system for pervasive systems but works in tandem with one. The system we propose can be used as a standard interface to analyze pervasive system activities in general and generate an opinion about the possibility of an attack.

show abstract

Attack Modeling for Information Security and Survivability

Cited by 204 publications

References 0 publications

The Security Survey and Anaylsis on Supervisory Control and Data Acquisition Communication

The Security Survey and Anaylsis on Supervisory Control and Data Acquisition Communication

Hierarchical, model-based risk management of critical infrastructures

An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems

Contact Info

Product

Resources

About