Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems

Alanen, Jarmo; Linnosmaa, Joonas; Malm, Timo; Papakonstantinou, Nikolaos; Ahonen, Toni; Heikkilä, Eetu; Tiusanen, Risto

doi:10.1016/j.ress.2021.108270

Cited by 34 publications

(14 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A malfunction threat or attack may cause substantive damages with economic and even life losses in the real world [4]. PLC is the main target in almost all security events against the ICS [17], relating to most potential attacks and threats [18]. Although different PLC manufacturers have significant differences, such as protocols, programming languages, and firmware [19], the firmware tampering attack is a general attack method.…”

Section: Preliminaries: Plc Structure and Securitymentioning

confidence: 99%

Aye: A Trusted Forensic Method for Firmware Tampering Attacks

Zhang

2023

Symmetry

View full text Add to dashboard Cite

The Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC operating system as the primary attack target. The firmware provides the bridge between PLC’s hardware and software, which means tampering against the firmware can be more destructive and harmful than other attacks. However, existing defense and forensics methods against firmware tampering attacks are asymmetrical, which directly leads to the proliferation of such attacks and the difficulty of forensic tracing. How to accurately, quickly, and efficiently conduct forensics for such attacks is an urgent problem. In this paper, we designed and implemented a reliable detection method based on Joint Test Action Group (JTAG) and memory comparison—Aye, which can detect mainstream firmware tampering attacks reliably. To determine the effectiveness and reliability of Aye, we selected a widely used PLC to observe Aye’s performance in defense and forensics by simulating the two latest PLC firmware tampering attack methods. The experimental results show that Aye can effectively defend against firmware tampering attacks, helping improve the efficiency and accuracy of such attack detection and forensics.

show abstract

Section: Preliminaries: Plc Structure and Securitymentioning

confidence: 99%

Aye: A Trusted Forensic Method for Firmware Tampering Attacks

Zhang

2023

Symmetry

View full text Add to dashboard Cite

show abstract

“…Alanen et al, 2022 [11] developed a Hybrid Reliability, Availability, Maintainability, Safety, and Security (HRAMSS) risk assessment management ontology and an associated Security Threat Analysis Methodlogy (STAM) with an ICS use case. To develop the ontology, a comparison of security risk assessment in ICS and OT was investigated.…”

Section: Related Workmentioning

confidence: 99%

“…The Imperfection contains Fault and Vulnerability concepts; Hazard, Loss scenario and Threat concepts are classified into HRAMSS hazard category; Risk control category is further sub-categorized into ProtectiveMeasure, ImprovementMeasure, and CounterMeasure concepts; the Negative impact category is unbundled with Harm, Loss, and Impact concepts. The HRAMSS ontology can be extended for cybersecurity risk assessment in IIoT environments, as it provides sufficient metadata and related classes [11]. The HRAMSS ontology contains similar concepts and properties to other ontologies.…”

Section: Related Workmentioning

confidence: 99%

Industrial Internet of Things Security Modelling using Ontological Methods

Jarwar

FREng

Ani

et al. 2022

Proceedings of the 12th International Conference on the Internet of Things

View full text Add to dashboard Cite

The Industrial Internet of Things (IIoT) trend presents many significant benefits for improving industrial operations. However, its emergence from the convergence of legacy Industrial Control Systems (ICS) and Information and Communication Technologies (ICT) has introduced newer security issues such as weak or lack of end-toend security. These challenges have weakened the interest of many critical infrastructure industries in adopting IIoT-enabled systems. Implementing security in IIoT is challenging because this involves many heterogeneous Information Technology (IT) and Operational Technology (OT) devices and complex interactions with humans, and the environments in which these are operated and monitored. This article presents the initial results of the PETRAS Secure Ontologies for Internet of Things Systems (SOfIoTS) project, which consists of key security concepts and a modular design of a base security ontology, which supports security knowledge representation and analysis of IIoT security.

show abstract

“…This thesis allows us to mention several methodologies related to our object of investigation. These are the following methodologies 15 – 19 : the integration of information; the security analysis; the analysis of security policies; the decisions support in the field of protection; the automated control of the protection subsystem (including the based of Security Content Automation Protocol ones); the correlation analysis of events; the definition of security metrics. …”

Section: Introductionmentioning

confidence: 99%

“…Interestingly, apologists for expert methods of functional safety assessment 20 , 21 focus their efforts on developing methodologies to support decision-making and metrics in the field of investigation and summarize the results in the form of profile standards, such as ISO/IEC 61508, for example. Apologists of the methodology of automated control of the protection subsystem 15 – 17 , 19 , 22 – 24 define the core of such systems in the mathematical apparatus of probability theory and mathematical statistics, graph theory, and Petri nets, fuzzy logic, Markov chains, artificial intelligence and more. At the same time, the results obtained in this direction are of research interest because applying the obtained models and methods requires large amounts of empirical data and computing power.…”

Section: Introductionmentioning

confidence: 99%

The functional safety assessment of cyber-physical system operation process described by Markov chain

Kovtun

Izonin

Greguš

2022

Sci Rep

View full text Add to dashboard Cite

The functional safety assessment is one of the primary tasks both at the design stage and at the stage of operation of critical infrastructure at all levels. The article's main contribution is the information technology of calculating the author's metrics of functional safety for estimating the instance of the model of the cyber-physical system operation. The calculation of metric criteria analytically summarizes the results of expert evaluation of the system in VPR-metrics and the results of statistical processing of information on the system's operation presented in the parametric space Markov model of this process. The advantages of the proposed approach are the following: the need to process orders of magnitude less empirical data to obtain objective estimates of the investigated system; taking into account the configuration scheme and architecture of the security subsystem of the investigated system when calculating the metric; completeness, compactness, and simplicity of interpretation of evaluation results; the ability to assess the achievability of the limit values of the metric criteria based on the model of operation of the investigated system. The paper demonstrates the application of the proposed technology to assess the functional safety of the model of a real cyber-physical system.

show abstract

Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems

Cited by 34 publications

References 33 publications

Aye: A Trusted Forensic Method for Firmware Tampering Attacks

Aye: A Trusted Forensic Method for Firmware Tampering Attacks

Industrial Internet of Things Security Modelling using Ontological Methods

The functional safety assessment of cyber-physical system operation process described by Markov chain

Contact Info

Product

Resources

About