Secure Links: Secure-by-Design Communications in IEC 61499 Industrial Control Applications

Tanveer, Awais; Sinha, Roopak; Kuo, Matthew M. Y.

doi:10.1109/tii.2020.3009133

Cited by 10 publications

(8 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The final stage of design tool integration uses secure links-a secure-by-design tool-for ICS [52] that briefly introduces the idea of integrating secure links and TORUS with a requirements repository. However, we consolidate the concept by demonstrating its practical use with the LPG repository proposed in this article.…”

Section: Irbmentioning

confidence: 99%

“…1 that extends the use of the repository by integrating it with design-time and traceability tools to create practical and maintainable ICS security applications. We use a secure-by-design approach called "secure links" presented in [52] to link the CSRS LPG graph requirements to the design and implementation of IEC 61499 applications. Secure links development methodology proposes the abstractions for security requirements repository along with TORUS [49] for tracing requirements in ICS applications.…”

Section: Design-time Tool Integrationmentioning

confidence: 99%

“…In the following subsections, we compare manual requirements extraction effort against the extraction based on security levels using LPGs from the IEC 62443-4-2 combined with CSRS of the systems such as wind turbine discussed in this article and an industrial mixer control system case study presented in [52].…”

Section: Requirements Extractionmentioning

confidence: 99%

“…A formal definition of the IEC 62443-4-2 extended requirement structure is proposed that guides the selection of standard cryptographic primitives required to implement a security requirement according to the desired security level. End-toend security requirements traceability is achieved when the repository is paired with design patterns to capture communication security constraints using secure links [52] and a requirement traceability engine like TORUS [49]. We also present a requirements change process aided by the repository.…”

Section: Conclusion and Futurementioning

confidence: 99%

See 3 more Smart Citations

Tracing security requirements in industrial control systems using graph databases

et al. 2022

Self Cite

View full text Add to dashboard Cite

We must explicitly capture relationships and hierarchies between the multitude of system and security standards requirements. Current security requirements specification methods do not capture such structure effectively, making requirements management and traceability harder, consequently increasing costs and time to market for developing certified ICS. We propose a novel requirements repository model for ICS that uses labelled property graphs to structure and store system-specific and standards-based requirements using well-defined relationship types. Furthermore, we integrate the proposed requirements repository with design-time ICS tools to establish requirements traceability. A wind turbine case study illustrates the overall workflow in our framework. We demonstrate that a robust requirements traceability matrix is a natural consequence of using labelled property graphs. We also introduce a compatible requirements change management procedure that aids in adapting to changes in development and certification schemes.

show abstract

Section: Irbmentioning

confidence: 99%

Section: Design-time Tool Integrationmentioning

confidence: 99%

Section: Requirements Extractionmentioning

confidence: 99%

Section: Conclusion and Futurementioning

confidence: 99%

See 2 more Smart Citations

Tracing security requirements in industrial control systems using graph databases

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…In particular, the integration of cipher suites, as used in the Transport Layer Security (TLS) protocol, is mandated by the IEC 62351 standard to secure end-to-end communication between two connection terminals through secure key exchange, encryption, and authentication [16]. However, traditional process networks usually consist of performancelimited devices, so the trade-off between security and performance can result in critical real-time requirements not being met [17]. An approach which does not actively interfere with the process network is an IDS, which typically monitors network traffic with passive sniffing and detects attack indicators over the monitored network [18].…”

Section: B Security Measures and Challengesmentioning

confidence: 99%

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Şen¹,

Velde²,

Linnartz³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middlebased attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.

show abstract

Approaches and Methodologies for Distributed Systems: Threats, Challenges, and Future Directions

Bhawna,

Parihar

2024

Meta Heuristic Algorithms for Advanced Distributed Systems

View full text Add to dashboard Cite

Secure Links: Secure-by-Design Communications in IEC 61499 Industrial Control Applications

Cited by 10 publications

References 23 publications

Tracing security requirements in industrial control systems using graph databases

Tracing security requirements in industrial control systems using graph databases

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Approaches and Methodologies for Distributed Systems: Threats, Challenges, and Future Directions

Contact Info

Product

Resources

About