Ítem
Solo Metadatos

Finding dependencies between cyber-physical domains for security testing of industrial control systems

Mostrar el registro sencillo de la publicación
dc.creatorCastellanos J.H.spa
dc.creatorOchoa M.spa
dc.creatorZhou J.spa
dc.date.accessioned2020-05-25T23:58:38Z
dc.date.available2020-05-25T23:58:38Z
dc.date.created2018spa
dc.description.abstractIn modern societies, critical services such as transportation, power supply, water treatment and distribution are strongly dependent on Industrial Control Systems (ICS). As technology moves along, new features improve services provided by such ICS. On the other hand, this progress also introduces new risks of cyber attacks due to the multiple direct and indirect dependencies between cyber and physical components of such systems. Performing rigorous security tests and risk analysis in these critical systems is thus a challenging task, because of the non-trivial interactions between digital and physical assets and the domain-specific knowledge necessary to analyse a particular system. In this work, we propose a methodology to model and analyse a System Under Test (SUT) as a data flow graph that highlights interactions among internal entities throughout the SUT. This model is automatically extracted from production code available in Programmable Logic Controllers (PLCs). We also propose a reachability algorithm and an attack diagram that will emphasize the dependencies between cyber and physical domains, thus enabling a human analyst to gauge various attack vectors that arise from subtle dependencies in data and information propagation. We test our methodology in a functional water treatment testbed and demonstrate how an analyst could make use of our designed attack diagrams to reason on possible threats to various targets of the SUT. © 2018 Association for Computing Machinery.eng
dc.format.mimetypeapplication/pdf
dc.identifier.doihttps://doi.org/10.1145/3274694.3274745
dc.identifier.issn2016
dc.identifier.urihttps://repository.urosario.edu.co/handle/10336/22899
dc.language.isoengspa
dc.publisherAssociation for Computing Machineryspa
dc.relation.citationEndPage594
dc.relation.citationStartPage582
dc.relation.citationTitleACM International Conference Proceeding Series
dc.relation.ispartofACM International Conference Proceeding Series, ISSN:2016,(2018); pp. 582-594spa
dc.relation.urihttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85060062319&doi=10.1145%2f3274694.3274745&partnerID=40&md5=d33076a591738ac6b1663bace7173639spa
dc.rights.accesRightsinfo:eu-repo/semantics/openAccess
dc.rights.accesoAbierto (Texto Completo)spa
dc.source.instnameinstname:Universidad del Rosariospa
dc.source.reponamereponame:Repositorio Institucional EdocURspa
dc.subject.keywordControl systemsspa
dc.subject.keywordCyber Physical Systemspa
dc.subject.keywordData flow analysisspa
dc.subject.keywordData flow graphsspa
dc.subject.keywordEmbedded systemsspa
dc.subject.keywordGraphic methodsspa
dc.subject.keywordIndustrial water treatmentspa
dc.subject.keywordInformation disseminationspa
dc.subject.keywordNetwork securityspa
dc.subject.keywordProgrammable logic controllersspa
dc.subject.keywordRisk analysisspa
dc.subject.keywordRisk assessmentspa
dc.subject.keywordCritical servicespa
dc.subject.keywordData and informationspa
dc.subject.keywordDomain-specific knowledgespa
dc.subject.keywordIndustrial control systemsspa
dc.subject.keywordInformation owspa
dc.subject.keywordPhysical componentsspa
dc.subject.keywordSecurity testingspa
dc.subject.keywordSystem under testspa
dc.subject.keywordIntelligent controlspa
dc.subject.keywordCyber-Physical Systemsspa
dc.subject.keywordICS Securityspa
dc.subject.keywordInformation owspa
dc.titleFinding dependencies between cyber-physical domains for security testing of industrial control systemsspa
dc.typeconferenceObjecteng
dc.type.hasVersioninfo:eu-repo/semantics/publishedVersion
dc.type.spaDocumento de conferenciaspa
Archivos
Colecciones
Artículos