Learning from Vulnerabilities - Categorising, Understanding and Detecting Weaknesses in Industrial Control Systems

Thomas, Richard J.; Chothia, Tom

doi:10.1007/978-3-030-64330-0_7

Cited by 12 publications

(7 citation statements)

References 7 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Throughout the paper, we assume the attacker can compromise one actuator and change its control action. The attacker can achieve this partial compromise by exploiting memory vulnerabilities or resource access control vulnerabilities (based on the ICS vulnerabilities categorization [61]). In this paper we focus on post-exploitation rather than on the specific method the attacker used to get access into the system.…”

Section: Adversary Modelmentioning

confidence: 99%

Provable Adversarial Safety in Cyber-Physical Systems

Castellanos,

Maghenem,

Cárdenas

et al. 2023

2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Most proposals for securing control systems are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. This paper proposes a new way of modeling the security guarantees of a Cyber-Physical System (CPS) against arbitrary false command attacks. As our main case study, we use the most popular testbed for control systems security. We first propose a detailed formal model of this testbed and then show how the original configuration is vulnerable to a single-actuator attack. We then propose modifications to the control system and prove that our modified system is secure against arbitrary, single-actuator attacks.

show abstract

Section: Adversary Modelmentioning

confidence: 99%

Provable Adversarial Safety in Cyber-Physical Systems

Castellanos,

Maghenem,

Cárdenas

et al. 2023

2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

show abstract

“…Input: pddl file template domain_temp and problem_temp connection object to a graph database hg; planning goals Output: constructed pddl domain and problem files (1) function GENERATE PDDL FILE (domain_temp, problem_temp, hg) (2) query device nodes, device reachability, vulnerability and component via hg (3) generate domain file: (4) generate predicates of vulnerability, reachability, pre and postconditions (5) generate actions of vulnerability from pre-and postconditions of vulnerability ( 6) end (7) generate problem file: (8) generate objects from device nodes (9) generate initially satisfied conditions (10) generate goals based on your input (11) end (12) return generated domain and problem files (13) end function ALGORITHM 2: Automatic construction of PDDL domain and problem files. experimental setup is introduced by a hypothetical network topology from IT to OT networks in Section 6.1. en, attack paths are illustrated, and the corresponding data is stored in the form of graph data in Section 6.2.…”

Section: Case Studymentioning

confidence: 99%

“…Apart from the cyberattacks migrated from IT networks, some inherent issues exist in the OTnetworks, such as design defects in industrial control network protocols [3] and vulnerabilities of proprietary devices [4]. On account of frequent interactions between IT devices and OT components, there are no clear boundaries between IT and OT partitions in the current industrial environment.…”

Section: Introductionmentioning

confidence: 99%

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

Wang

Zhang

Liu

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is introduced into the attack graph modeling. However, while adopting the modeling method for large-scale IT and OT networks, it is difficult to meet urgent demands, such as scattered data management, scalability, and automation. To that end, an automatic planning-based attack path discovery approach is proposed in this paper. At first, information of the attacking knowledge and network topology is formally represented in a standardized planning domain definition language (PDDL), integrated into a graph data model. Subsequently, device reachability graph partitioning algorithm is introduced to obtain subgraphs that are small enough and of limited size, which facilitates the discovery of attack paths through the AI planner as soon as possible. In order to further cope with scalability problems, a multithreading manner is used to execute the attack path enumeration for each subgraph. Finally, an automatic workflow with the assistance of a graph database is provided for constructing the PDDL problem file for each subgraph and traversal query in an interactive way. A case study is presented to demonstrate effectiveness of attack path discovery and efficiency with the increase in number of devices.

show abstract

“…Others narrow their scope too far; for instance, [10] focuses on IoT devices, but specifically on communication protocols and hardware (no software). Similarly, [4] looks exclusively at industrial control system devices, and [3] examines IoT malware (i.e., malicious software that targets IoT devices). Existing surveys also frequently deal with privacy in addition to security, like [5] and [7].…”

Section: Introductionmentioning

confidence: 99%

A Survey and Analysis of Recent IoT Device Vulnerabilities

Ryan,

Rozier

2024

Preprint

View full text Add to dashboard Cite

The cyber threat landscape is constantly shifting, especially in the evolutionary area of the Internet of Things, which makes it vital to survey the vulnerabilities that are presently being discovered and attacked, so that we can better combat those threats in the future. By collecting and profiling all of the IoT vulnerabilities reported on by the cybersecurity news site Threatpost between January 2020 and June 2021, we provide a cross-section of the current security issues found in today's IoT devices. Our detailed analysis of this dataset yields a many-faceted understanding of the threat landscape during this period, including CWEs (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System) scores, timelines, vulnerability locations, programming languages, and other attack story attributes, delivering a solid foundation for future IoT security efforts. Our findings are that while the majority of recent IoT device vulnerabilities occur in the software layer and arise from common IT weaknesses, there is a great need for a shared database of IoT vulnerabilities for continuous evaluation of the state of IoT security.

show abstract

Learning from Vulnerabilities - Categorising, Understanding and Detecting Weaknesses in Industrial Control Systems

Cited by 12 publications

References 7 publications

Provable Adversarial Safety in Cyber-Physical Systems

Provable Adversarial Safety in Cyber-Physical Systems

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

A Survey and Analysis of Recent IoT Device Vulnerabilities

Contact Info

Product

Resources

About