Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12026))

Included in the following conference series:

Abstract

Critical manufacturing processes in smart networked systems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber-security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between different working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the collaboration between different actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with different expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more practical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulnerabilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.

This research has been supported in part by the EU ISF Project A431.678/2016 ELVIRA (Threat modeling and resilience of critical infrastructures), coordinated by Polismyndigheten/Sweden.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://cwe.mitre.org/documents/glossary.

  2. 2.

    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator.

  3. 3.

    https://www.first.org/cvss/v2/guide.

  4. 4.

    https://www.foreseeti.com/securicad/.

References

  1. Wu, D., et al.: Cybersecurity for digital manufacturing. J. Manuf. Syst. 48, 3–12 (2018)

    Article  Google Scholar 

  2. Mohurle, S., Patil, M.: A brief study of Wannacry Threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)

    Google Scholar 

  3. Välja, M., Lagerström, R., Franke, U., Ericsson, G.: A framework for automatic it architecture modeling: applying truth discovery (2018)

    Google Scholar 

  4. Rahm, E., Bernstein, P.A.: A survey of approaches to automatic schema matching. VLDB J. 10(4), 334–350 (2001)

    Article  Google Scholar 

  5. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)

    Article  Google Scholar 

  6. Kure, H., Islam, S., Razzaque, M.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018)

    Article  Google Scholar 

  7. Jiang, Y., Jeusfeld, M., Atif, Y., Ding, J., Brax, C., Nero, E.: A language and repository for cyber security of smart grids. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), pp. 164–170. IEEE (2018)

    Google Scholar 

  8. Hafner, M., Breu, R., Agreiter, B., Nowak, A.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Res. 16(5), 491–506 (2006)

    Article  Google Scholar 

  9. Johnson, P., Vernotte, A., Gorton, D., Ekstedt, M., Lagerström, R.: Quantitative information security risk estimation using probabilistic attack graphs. In: Großmann, J., Felderer, M., Seehusen, F. (eds.) RISK 2016. LNCS, vol. 10224, pp. 37–52. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57858-3_4

    Chapter  Google Scholar 

  10. Elhabashy, A.E., Wells, L.J., Camelio, J.A., Woodall, W.H.: A cyber-physical attack taxonomy for production systems: a quality control perspective. J. Intell. Manuf. 30(6), 1–16 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Informatics, University of Skövde, Skövde, Sweden

    Yuning Jiang, Yacine Atif & Jianguo Ding

  2. School of Engineering Science, University of Skövde, Skövde, Sweden

    Wei Wang

Authors
  1. Yuning Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yacine Atif
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianguo Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuning Jiang .

Editor information

Editors and Affiliations

  1. ReDCAD, University of Sfax, Sfax, Tunisia

    Slim Kallel

  2. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Frédéric Cuppens

  3. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Nora Cuppens-Boulahia

  4. ReDCAD, University of Sfax, Sfax, Tunisia

    Ahmed Hadj Kacem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, Y., Atif, Y., Ding, J., Wang, W. (2020). A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41568-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41567-9

  • Online ISBN: 978-3-030-41568-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation