CPS Security Assessment using Automatically Generated Attack Trees

Depamelaere, Wouter; Lemaire, Laurens; Vossaert, Jan; Naessens, Vincent

doi:10.14236/ewic/ics2018.1

Cited by 11 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Automatically synthesizing defenses is a wellresearched idea. Depamelaere et al [20] present an approach that takes SysML models as inputs and generates ADTrees that are evaluated using a tree evaluation algorithm. Vigo et al [21] use SMT solvers on process algebraic specifications to automatically generate attack trees.…”

Section: Related Workmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

View full text Add to dashboard Cite

Attack-Defense Trees (ADTrees) are widely used in the security analysis of software systems. In this work, we introduce a novel approach to analyze system architecture models via ADTrees and to synthesize an optimal cost defense solution using MaxSMT. We generate an ADTree from the Architecture Analysis and Design Language (AADL) model with its possible attacks, and implemented defenses. We analyze these ADTrees to see if they satisfy their cyber-requirements. We then translate the ADTree into a set of logical formulas, that encapsulate both the logical structure of the tree, and the constraints on the cost of implementing the corresponding defenses, such that a minimization query to the MaxSMT solver returns a set of defenses that mitigate all possible attacks with minimal cost. We provide an initial evaluation of our tool on a delivery drone system model which shows promising results.

show abstract

Section: Related Workmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…FTA focuses mostly on safety and reliability, and is used in a wide variety of industries such as aerospace, power plants, nuclear plants, and other high-hazard engineering fields [17,22,64]. Attack trees also constitute a major security research area [24,26,66,75]. Structurally speaking, attack trees are similar to fault trees where nodes representing attack steps are logically combined to achieve the attacker's goal (root of the attack tree).…”

Section: Related Workmentioning

confidence: 99%

Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSAT

Barrère

Hankin

2021

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission; for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this article, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.

show abstract

“…Reference 24 proposed a method to transform a graphical system model into the form of an ATree. References 25 and 26 proposed a method of automatically generating ATrees based on the given system architecture and provided a method to feed the evaluation results back to the system architecture. Reference 27 proposed a method for security model analysis and ADTree generation.…”

Section: Related Workmentioning

confidence: 99%

“…The SysML modeling approach in this paper is based on the free and open source tool TTool, 35 and the structure of the CPS is modeled by creating block diagrams. After the modeling of the CPS is completed, the FAST‐CPS framework 25 is used to convert the model into an inductive definition programming (IDP) framework. The framework not only allows users to use SysML to model a system but also automatically links the known vulnerabilities extracted from the vulnerability database on the Internet to the elements in the system project.…”

Section: Automatic Generation Of An Adtree Based On Sysmlmentioning

confidence: 99%

Architecture‐oriented security strategy determination for cyber‐physical systems

Zhao

et al. 2021

Concurrency and Computation

View full text Add to dashboard Cite

Cyber‐physical systems (CPSs) usually have a huge number of nodes, and it is very expensive to deploy security defenses at all nodes. Therefore, selecting the most appropriate nodes for protection to ensure system security is an essential issue in CPS. However, how to achieve this in the system design phase remains to be an open challenge. In this paper, we propose a security strategy determination method for CPS design models. In particular, we utilize SysML to model a CPS. To choose the best nodes for security protection, we realize an automatic construction of an attack‐defense tree (ADTree) model from the SysML model by considering the known attacks and defenses. Further, we transform the ADTree model into an atom attack‐defense tree (A2DTree) model and infer the optimal security strategy under a given cost constraint. We implement our method as an open‐source tool and test it with a pump station attack. The experimental results show that the proposed method is reasonable and feasible and can provide theoretical guidance for the formulation of CPS security policies.

show abstract

CPS Security Assessment using Automatically Generated Attack Trees

Cited by 11 publications

References 17 publications

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSAT

Architecture‐oriented security strategy determination for cyber‐physical systems

Contact Info

Product

Resources

About