Automatic attack surface reduction in next-generation industrial control systems

Obermeier, Sebastian; Wahler, Michael; Sivanthi, Thanikesavan; Schlegel, Roman; Monot, Aurelien

doi:10.1109/cicybs.2014.7013366

Cited by 4 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [30] the authors explored the attack surface of modern hypervisors to evaluate the security of cloud-based applications. From a CPS perspective, work in [13] explored graph-based models and algorithms to explore the attack surface of various key information objects used to control the grid, while in [23] the authors propose a technique to reduce the attack surface by dynamically controlling network paths.…”

Section: Related Workmentioning

confidence: 99%

Attack Surface Metrics and Privilege-based Reduction Strategies for Cyber-Physical Systems

Tamimi,

Oksuz,

Lee

et al. 2018

Preprint

View full text Add to dashboard Cite

Cybersecurity risks are often managed by reducing the system's attack surface, which includes minimizing the number of interconnections, privileges, and impacts of an attack. While attack surface reduction techniques have been frequently deployed in more traditional information technology (IT) domains, metrics tailored to cyber-physical systems (CPS) have not yet been identified. This paper introduces attack surface analysis metrics and algorithms to evaluate the attack surface of a CPS. The proposed approach includes both physical system impact metrics, along with a variety of cyber system properties from the software (network connections, methods) and operating system (privileges, exploit mitigations). The proposed algorithm is defined to incorporate with the Architecture Analysis & Design Language (AADL), which is commonly used to many CPS industries to model their control system architecture, and tools have been developed to automate this analysis on an AADL model. Furthermore, the proposed approach is evaluated on a distribution power grid case study, which includes a 7 feeder distribution system, AADL model of the SCADA control centers, and analysis of the OpenDNP3 protocol library used in many real-world SCADA systems.

show abstract

Section: Related Workmentioning

confidence: 99%