Software and attack centric integrated threat modeling for quantitative risk assessment

Potteiger, Bradley; Martins, Gonçalo; Koutsoukos, Xenofon

doi:10.1145/2898375.2898390

Cited by 40 publications

(20 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, the methods of the threat modeling are needed to be evolved. A hybrid method made of three types of threat modeling methods is proposed in [62]. The attack trees are built according to the threat categories of STRIDE.…”

Section: Quantitative Security Methodsmentioning

confidence: 99%

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Hao

Han

2020

Future Internet

View full text Add to dashboard Cite

As the intelligent car-networking represents the new direction of the future vehicular development, automotive security plays an increasingly important role in the whole car industry chain. On condition that the accompanying problems of security are proofed, vehicles will provide more convenience while ensuring safety. Security models can be utilized as tools to rationalize the security of the automotive system and represent it in a structured manner. It is essential to improve the knowledge about security models by comparing them besides proposing new methods. This paper aims to give a comprehensive introduction to the topic of security models for the Intelligent Transport System (ITS). A survey of the current methodologies for security modeling is conducted and a classification scheme is subsequently proposed. Furthermore, the existing framework and methods to build automotive security models are broadly examined according to the features of automotive electronic system. A number of fundamental aspects are defined to compare the presented methods in order to comprehend the automotive security modeling in depth.

show abstract

Section: Quantitative Security Methodsmentioning

confidence: 99%

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Hao

Han

2020

Future Internet

View full text Add to dashboard Cite

show abstract

“…The method utilized prediction graph theory and percolation theory to analyze the risk propagation within cyber physical systems in the power domain. The risk propagation between CPSs is examined in [16] based on logical equations and using attack trees; the examined relationships are between parent and children nodes. The risk propagation within a transport network under various types of attacks was analyzed in [17], using the percolation theory.…”

Section: Related Workmentioning

confidence: 99%

Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems

Σπαθούλας

Kavallieratos

Katsikas

et al. 2022

Computer Security. ESORICS 2021 International Workshops

View full text Add to dashboard Cite

The increasing integration of information technology with operational technology leads to the formation of Cyber-Physical Systems (CPSs) that intertwine physical and cyber components and connect to each other. This interconnection enables the offering of functionality beyond the combined offering of each individual component, but at the same time increases the cyber risk of the overall system, as such risk propagates between and aggregates at component systems. The complexity of the resulting systems in many cases leads to difficulty in analyzing cyber risk. Additionally, the selection of cybersecurity controls that will effectively and efficiently treat the cyber risk is commonly performed manually, or at best with limited automated decision support. In this paper, we extend our previous work in [1] to analyze attack paths between CPSs on one hand, and we improve the method proposed therein for selecting a set of security controls that minimizes both the residual risk and the cost of implementation. We use the DELTA demand-response management platform for the energy market stakeholders such as Aggregators and Retailers [2] as a use case to illustrate the workings of the proposed approaches. The results are sets of cybersecurity controls applied to those components of the overall system that have been identified to lie in those attack paths that have been identified as most critical among all the identified attack paths.

show abstract

“…The attack tree threat model employs attack trees methodology on cyber-physical systems and networks [74]. The attack trees threat model was first proposed by Bruce Schneider [75] in 1999.…”

Section: ) Attack Tree Threat Modelmentioning

confidence: 99%

Internet of Drones Security and Privacy Issues: Taxonomy and Open Challenges

et al. 2021

View full text Add to dashboard Cite

Internet of Drones (IoD) is a decentralized network and management framework that links drones' access to the controlled airspace and provides inter-location navigation services. The interconnection of drones in the IoD network is through the Internet of Things (IoT). Hence the IoD network is vulnerable to all the security and privacy threats that affect IoT networks. It is highly required to safeguard a good atmosphere free from security and privacy threats to get the desired performance from IoD applications. Security and privacy issues have significantly restricted the overall influence of the IoD paradigm. There are existing survey studies that helped lay a vital foundation for understanding the IoD security and privacy issues. However, not all have thoroughly investigated the level of security and privacy threats associated with the various drone categories. Besides, most existing review studies do not examine secured IoD architecture. This paper aims to assess the recent trends in the security and privacy issues that affect the IoD network. We investigate the level of security and privacy threats of the various drone categories. We then highlight the need for secured IoD architecture and propose one. We also give a comprehensive taxonomy of the attacks on the IoD network. Moreover, we review the recent IoD attack mitigating techniques. We also provide the performance evaluation methods and the performance metrics employed by the techniques. Finally, we give research future direction to help researchers identify the latest opportunities in IoD research.

show abstract

Software and attack centric integrated threat modeling for quantitative risk assessment

Cited by 40 publications

References 5 publications

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems

Internet of Drones Security and Privacy Issues: Taxonomy and Open Challenges

Contact Info

Product

Resources

About