Abstract
Based on considerations about the knowledge required to carry out different types of network attacks, this article discusses the logical demands posed to the attacker in order to circumvent the most classical checks for message trustworthiness. In view of the limitations of existing avoidance and detection techniques, the article stresses the need for targeted testing strategies aimed at the identification of exploitable code vulnerabilities. For this purpose, it proposes a paradigm for the generation of intelligent test cases meant to maximize the chances of anticipating challenging scenarios during early verification phases.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zetter, K.: Countdown to Zero Day. Stuxnet and the Launch of the World’s First Digital Weapon. Crown, New York (2014)
Krotofil, M.: Rocking the pocket book: hacking chemical plants for competition and extortion, white paper, Black Hat Conference (2015)
Bundesamt für Sicherheit in der Informationstechnik (BSI): IT-Grundschutz-Standards, BSI-Standards 100-1, 100-2, 100-3, 100-4 (2008)
Quirk, W., Wall, D.N.: Customer functional requirements for the protection systems to be used as the DARTS example. In: European Project “Demonstration of Advanced Reliability Techniques for Safety Related Computer Systems” (DARTS), Research Programme ESPRIT II, Project Final Deliverable (1990)
Cowan, C., Pu, C., Maier, D., et al.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: 7th Conference on USENIX Security Symposium, USENIX Association (1998)
Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: a static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications (ACSAC 2000). IEEE Xplore (2000)
Wagner, D., Foster, J.S., Brewer, E.A., et al.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium (NDSS 2000). The Internet Society (2000)
Oster, N., Saglietti, F.: Automatic test data generation by multi-objective optimisation. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 426–438. Springer, Heidelberg (2006)
Saglietti, F., Pinte, F.: Automated unit and integration testing for component-based software systems. In: Workshop on Dependability and Security for Resource Constrained Embedded Systems. ACM Digital Library (2010)
Meitner, M., Saglietti, F.: Target-specific adaptations of coupling-based software reliability testing. In: Fischbach, K., Krieger, U.R. (eds.) MMB & DFT 2014. LNCS, vol. 8376, pp. 192–206. Springer, Heidelberg (2014)
Saglietti, F., Winzinger, S., Lill, R.: Reconfiguration testing for cooperative autonomous agents. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 144–155. Springer, Heidelberg (2015)
Saglietti, F., Spengler, R., Meitner, M.: Quantitative reliability assessment for mobile cooperative systems. In: Skavhaug, A., Guiochet, J., Bitsch, F., Schoitsch, E. (eds.) SAFECOMP Workshops 2016. LNCS, vol. 9923, pp. 118–129. Springer, Heidelberg (2016)
Acknowledgment
The authors gratefully acknowledge that a major part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project SMARTEST. The project is carried out in cooperation with the partner institutions University of Magdeburg, University of Applied Sciences of Magdeburg-Stendal and AREVA GmbH. In particular, the authors thank Robert Fischer und Robert Clausing for inspiring discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Saglietti, F., Meitner, M., von Wardenburg, L., Richthammer, V. (2016). Analysis of Informed Attacks and Appropriate Countermeasures for Cyber-Physical Systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-45480-1_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45479-5
Online ISBN: 978-3-319-45480-1
eBook Packages: Computer ScienceComputer Science (R0)