A Model-based Approach to Interdependency between Safety and Security in ICS

Li, Tingting; Hankin, Chris

doi:10.14236/ewic/ics2015.4

Cited by 4 publications

(8 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fifteen studies 23–37 out of those 51 were focusing exclusively on requirements modeling of such systems. Thirty‐one studies 38–68 were focusing on both requirements modeling and analysis. A few studies were either focusing solely on requirements analysis 69–72 or requirements traceability 73 …”

Section: Mapping Study Resultsmentioning

confidence: 99%

“…However, an interesting point to note is that all these publications stemmed from a single group applying a particular method: Abstract State Machines. Pipeline systems, on the other hand, were mainly dealing with the oil industry 46,49,88,95,96 . The use of power grid systems has been mentioned in previous studies 69,83,104,120,126 …”

Section: Mapping Study Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions.

show abstract

Section: Mapping Study Resultsmentioning

confidence: 99%

Section: Mapping Study Resultsmentioning

confidence: 99%

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…(ii) more advanced attacker models or attacking heuristics are needed to select the next weakness to exploit. (iii) as addressed in [13], security controls might have potential negative sideeffects to the other important criteria of ICS, such as safety, performance and availability. We will look for possible extensions to model those criteria into the simulation.…”

Section: Discussionmentioning

confidence: 99%

“…Requirement nodes capture safety-related objectives, which are used to evaluate the impact of cyber attacks on the system safety. Detailed modelling and reasoning about these requirements can be found in [13]. Definition 2.…”

Section: Modelling and Problem Representationmentioning

confidence: 99%

See 1 more Smart Citation

Effective Defence Against Zero-Day Exploits Using Bayesian Networks

Hankin

2017

Critical Information Infrastructures Security

Self Cite

View full text Add to dashboard Cite

Abstract. Industrial Control Systems (ICS) play a crucial role in controlling industrial processes. Unlike conventional IT systems or networks, cyber attacks against ICS can cause destructive physical damage. Zero-day exploits (i.e. unknown exploits) have demonstrated their essential contributions to causing such damage by Stuxnet. In this work, we investigate the possibility of improving the tolerance of a system against zero-day attacks by defending against known weaknesses of the system. We first propose a metric to measure the system tolerance against zero-day attacks, which is the minimum effort required by zero-day exploits to compromise a system. We then apply this metric to evaluate different defensive plans to decide the most effective one in maximising the system tolerance against zero-day attacks. A case study about ICS security management is demonstrated in this paper.

show abstract