extended-abstract

CPS-based Threat Modeling for Critical Infrastructure Protection

Authors:

Manfred JeusfeldAuthors Info & Claims

ACM SIGMETRICS Performance Evaluation Review, Volume 45, Issue 2

Pages 129 - 132

https://doi.org/10.1145/3152042.3152080

Published: 11 October 2017 Publication History

Get Access

Abstract

Cyber-Physical Systems (CPSs) are augmenting traditional Critical Infrastructures (CIs) with data-rich operations. This integration creates complex interdependencies that expose CIs and their components to new threats. A systematic approach to threat modeling is necessary to assess CIs' vulnerability to cyber, physical, or social attacks. We suggest a new threat modeling approach to systematically synthesize knowledge about the safety management of complex CIs and situational awareness that helps understanding the nature of a threat and its potential cascading-effects implications.

References

[1]

Alderson D, Brown G, Carlyle W, Wood RK. Solving defender-attacker-defender models for infrastructure defense. Pp. 28--49 in Wood K, Dell R (eds). Operations Research, Computing and Homeland Defense. Hanover, MD: Institute for Operations Research and the Management Sciences, 2011.

Google Scholar

[2]

Paul Ammann, Duminda Wijesekera, Saket Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002

Digital Library

Google Scholar

[3]

Stefano Bistarelli, Marco Dall'Aglio, Pamela Peretti, Strategic games on defense trees, Proceedings of the 4th international conference on Formal aspects in security and trust, p.1--15, August 26-27, 2006.

Digital Library

Google Scholar

[4]

Kordy, Barbara, Ludovic Piètre-Cambacédès, and Patrick Schweitzer. "DAG-based attack and defense modeling: Dont miss the forest for the attack trees." Computer science review 13 (2014): 1--38.

Digital Library

Google Scholar

[5]

Bau, J.; Mitchell, J.C., "Security Modeling and Analysis," Security & Privacy, IEEE, vol.9, no.3, pp.18--25, May-June 2011

Digital Library

Google Scholar

[6]

Schneier, Bruce (December 1999). "Attack Trees". Dr Dobb's Journal, v.24, n.12.

Google Scholar

[7]

Singer, D. (1990). A fuzzy set approach to fault tree and reliability analysis. Fuzzy sets and systems, 34(2), 145--155.

Digital Library

Google Scholar

Cited By

View all

Modesti PGolightly LHolmes LOpara CMoscini M(2024)Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking ToolsJournal of Cybersecurity and Privacy10.3390/jcp40300214:3(410-448)Online publication date: 16-Jul-2024
https://doi.org/10.3390/jcp4030021
Azim MAbdallah M(2024)A Quantal Response Analysis of Simultaneous Multi-Target Attacker-Defender Security GamesNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575252(1-6)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575252
Pop IFestila C(2024)Railway Safety, from a Set of Rules to Cyber Physical Systems2024 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)10.1109/AQTR61889.2024.10554189(1-4)Online publication date: 16-May-2024
https://doi.org/10.1109/AQTR61889.2024.10554189
Show More Cited By

CPS-based Threat Modeling for Critical Infrastructure Protection
1. Computing methodologies
  1. Modeling and simulation
    1. Model development and analysis

Recommendations

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both ...
Intelligent and secure framework for critical infrastructure (CPS): Current trends, challenges, and future scope
Abstract
Cyber–Physical Systems (CPS) are developed by the integration of computational algorithms and physical components and they exist as a result of technological advancement in embedded systems, distributed systems, and sophisticated ...
Quantum Computing Threat Modelling on a Generic CPS Setup
Applied Cryptography and Network Security Workshops
Abstract
The threat of quantum computers is real and will require significant resources and time for classical systems and applications to prepare for the remedies against the threat. At the algorithm-level, the two most popular public-key cryptosystems, ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGMETRICS Performance Evaluation Review

ACM SIGMETRICS Performance Evaluation Review Volume 45, Issue 2

Setember 2017

131 pages

ISSN:0163-5999

DOI:10.1145/3152042

Editor:
Nidhi Hegde
Bell Labs, Nokia, Nozay, France

Issue’s Table of Contents

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 October 2017

Published in SIGMETRICS Volume 45, Issue 2

Check for updates

Qualifiers

Extended-abstract

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
302
Total Downloads

Downloads (Last 12 months)31
Downloads (Last 6 weeks)2

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Modesti PGolightly LHolmes LOpara CMoscini M(2024)Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking ToolsJournal of Cybersecurity and Privacy10.3390/jcp40300214:3(410-448)Online publication date: 16-Jul-2024
https://doi.org/10.3390/jcp4030021
Azim MAbdallah M(2024)A Quantal Response Analysis of Simultaneous Multi-Target Attacker-Defender Security GamesNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575252(1-6)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575252
Pop IFestila C(2024)Railway Safety, from a Set of Rules to Cyber Physical Systems2024 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)10.1109/AQTR61889.2024.10554189(1-4)Online publication date: 16-May-2024
https://doi.org/10.1109/AQTR61889.2024.10554189
Fährmann DMartín LSánchez LDamer N(2024)Anomaly Detection in Smart Environments: A Comprehensive SurveyIEEE Access10.1109/ACCESS.2024.339505112(64006-64049)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3395051
Azim MCason TAbdallah M(2024)A Quantal Response Analysis of Human Decision-Making in Interdependent Security Games Modeled by Attack GraphsIEEE Access10.1109/ACCESS.2024.339130512(56159-56178)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3391305
Granata DRak M(2024)Systematic analysis of automated threat modelling techniques: Comparison of open-source toolsSoftware Quality Journal10.1007/s11219-023-09634-432:1(125-161)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s11219-023-09634-4
Panda BBurns J(2023)Assessing Damage and Recovery of Critical Data in Unsecure Cloud Systems2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00200(1191-1198)Online publication date: 24-Jul-2023
https://doi.org/10.1109/CSCE60160.2023.00200
Sharma DShandilya S(2023)Attack Detection Based on Machine Learning Techniques to Safe and Secure for CPS—A ReviewInternational Conference on IoT, Intelligent Computing and Security10.1007/978-981-19-8136-4_23(273-286)Online publication date: 2-Apr-2023
https://doi.org/10.1007/978-981-19-8136-4_23
Fährmann DDamer NKirchbuchner FKuijper A(2022)Lightweight Long Short-Term Memory Variational Auto-Encoder for Multivariate Time Series Anomaly Detection in Industrial Control SystemsSensors10.3390/s2208288622:8(2886)Online publication date: 9-Apr-2022
https://doi.org/10.3390/s22082886
Panda BRamakrishnan S(2022)Optimized Damage Assessment in Large Datasets in Cloud2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC)10.1109/UCC56403.2022.00067(384-390)Online publication date: Dec-2022
https://doi.org/10.1109/UCC56403.2022.00067
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Intelligent and secure framework for critical infrastructure (CPS): Current trends, challenges, and future scope

Quantum Computing Threat Modelling on a Generic CPS Setup

Comments

Published In

Publisher

Publication History

Check for updates

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Recommendations

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Intelligent and secure framework for critical infrastructure (CPS): Current trends, challenges, and future scope

Quantum Computing Threat Modelling on a Generic CPS Setup

Comments

Information

Published In

Publisher

Publication History

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations