Advertisement

Incorporating Attacks Modeling into Safety Process

  • Amer Šurković
  • Džana Hanić
  • Elena LisovaEmail author
  • Aida Čaušević
  • Kristina Lundqvist
  • David Wenslandt
  • Carl Falk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)

Abstract

Systems of systems (SoS) are built as a collection of systems capable of fulfilling their own function, as well as contributing to other functionalities. They are expected to increase production efficiency and possibly decrease human involvement in harmful environments, and in many cases such systems are safety-critical. For SoS it is a paramount to provide both safety and security assurance. It is not sufficient to analyze and provide assurance of these properties independently due to their mutual connection. Hence, a joint effort addressing safety and security that provides joint guarantees on both properties, is required. In this paper we provide a safety and security assurance argument by incorporating an adversary point of view, and identify potential failures coming from the security domain that might lead to an already identified set of hazards. In this way system assets, vulnerabilities and ways to exploit them can be assessed. As an outcome mitigation strategies coming from security considerations can be captured by the safety requirements. The approach is illustrated on an autonomous quarry.

Notes

Acknowledgments

This work is supported by the SAFSEC-CPS project funded by KKS, the SeCRA project funded by Vinnova and the Serendipity project funded by SSF.

References

  1. 1.
    Adepu, S., Mathur, A.: An investigation into the response of a water treatment system to cyber attacks. In: 17th IEEE International Symposium on High Assurance Systems Engineering (2016)Google Scholar
  2. 2.
    Adi, E., Baig, Z.A., Hingston, P., Lam, C.P.: Distributed denial-of-service attacks against http/2 services. Clust. Comput. 19(1), 79–86 (2016)CrossRefGoogle Scholar
  3. 3.
    AlJahdali, H., et al.: Multi-tenancy in cloud computing. In: 8th IEEE International Symposium on SOSE (2014)Google Scholar
  4. 4.
    Cárdenas, A.A., et al.: Attacks against process control systems: risk assessment, detection, and response. In: ACM Symposium on Information, Computer and Communications Security (2011)Google Scholar
  5. 5.
    Causevic, A.: A risk and threat assessment approaches overview in autonomous systems of systems. In: The 26th IEEE International Conference on Information, Communication and Automation Technologies (2017)Google Scholar
  6. 6.
    Ding, D., Wang, Z., Wei, G., Alsaadi, F.E.: Event-based security control for discrete-time stochastic systems. IET Control Theory Appl. 10(15), 1808–1815 (2016)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Ferreira, H.G.C., de Sousa Junior, R.T.: Security analysis of a proposed internet of things middleware. Clust. Comput. 20(1), 651–660 (2017)CrossRefGoogle Scholar
  8. 8.
    Grover, J., Laxmi, V., Gaur, M.S.: Attack models and infrastructure supported detection mechanisms for position forging attacks in vehicular ad hoc networks. CSI Trans. ICT 1(3), 261–279 (2013)CrossRefGoogle Scholar
  9. 9.
    Hanić, D., Šurković, A.: An Attack Model of Autonomous Systems of Systems. Master’s thesis, Mälardalen University, IDT, June 2018Google Scholar
  10. 10.
    Hänninen, K., Hansson, H., Thane, H., Saadatmand, M.: Inadequate risk analysis might jeopardize the functional safety of modern systems, March 2016Google Scholar
  11. 11.
    Huang, S., Shang, M., Cai, S.: A hybrid decision approach to detect profile injection attacks in collaborative recommender systems. In: Chen, L., Felfernig, A., Liu, J., Raś, Z.W. (eds.) ISMIS 2012. LNCS (LNAI), vol. 7661, pp. 377–386. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34624-8_43CrossRefGoogle Scholar
  12. 12.
    ISO 17757 - International Organization for Standardization: Earth-moving machinery and mining-, and semi-autonomous machine system safety (2017)Google Scholar
  13. 13.
    Jiang, F., Tian, R.: The influence of shilling attacks with different attack cycles. In: 6th IIAI International Congress on Advanced Applied Informatics (2017)Google Scholar
  14. 14.
    Katewa, V., Anguluri, R., Ganlath, A., Pasqualetti, F.: Secure reference-tracking with resource-constrained uavs. In: IEEE CCTA (2017)Google Scholar
  15. 15.
    Khan, G.N., Yu, J., Yuan, F.: XTEA based secure authentication protocol for RFID systems. In: ICCN (2011)Google Scholar
  16. 16.
    Kissel, R.: Glossary of key information security terms. U.S. Dept. of Commerce, National Institute of Standards and Technology (2006)Google Scholar
  17. 17.
    Kwon, C., Liu, W., Hwang, I.: Security analysis for cyber-physical systems against stealthy deception attacks. In: American Control Conference, June 2013Google Scholar
  18. 18.
    Li, X., Gao, M., Rong, W., Xiong, Q., Wen, J.: Shilling attacks analysis in collaborative filtering based web service recommendation systems. In: IEEE International Conference on Web Services (2016)Google Scholar
  19. 19.
    Lisova, E.: Monitoring for Securing Clock Synchronization. Ph.D. thesis, Mälardalen University, April 2018Google Scholar
  20. 20.
    Liu, H., Ning, H.: Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sens. J. 11(12), 3235–3245 (2011)CrossRefGoogle Scholar
  21. 21.
    Lu, Z., Wang, W., Wang, C.: Camouflage traffic: minimizing message delay for smart grid applications under jamming. IEEE Trans. Dependable Secure Comput. 12(1), 31–44 (2015)CrossRefGoogle Scholar
  22. 22.
    Miede, A., et al.: A generic metamodel for IT security attack modeling for distributed systems. In: International Conference on Availability, Reliability and Security (2010)Google Scholar
  23. 23.
    Mohammadi, A., Plataniotis, K.N.: Secure estimation against complex-valued attacks. In: IEEE Statistical Signal Processing Workshop (2016)Google Scholar
  24. 24.
    Mousavian, S., Erol-Kantarci, M., Wu, L., Ortmeyer, T.: A risk-based optimization model for electric vehicle infrastructure response to cyber attacks. IEEE Trans. Smart Grid (2017)Google Scholar
  25. 25.
    Huansheng, N., Hong, L.I.U., Chen, Y.A.N.G.: Ultralightweight RFID authentication protocol based on random partitions of pseudorandom identifier and pre-shared secret value. Chin. J. Electron. 20(4), 701–707 (2011)Google Scholar
  26. 26.
    Ozay, M., Esnaola, I., Vural, F.T.Y., Kulkarni, S.R., Poor, H.V.: Distributed models for sparse attack construction and state vector estimation in the smart grid. In: 3rd IEEE International Conference on Smart Grid Communications (2012)Google Scholar
  27. 27.
    Paudel, S., Smith, P., Zseby, T.: Attack models for advanced persistent threats in smart grid wide area monitoring. In: 2nd CPSR-SG. ACM (2017)Google Scholar
  28. 28.
    Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45741-3_22CrossRefGoogle Scholar
  29. 29.
    Sunghyuck, H., Sunho, L., Jaeki, S.: Unified modeling language based analysis of security attacks in wireless sensor networks: a survey. KSII Trans. Internet Inf. Syst. 5(4), 805–821 (2011)Google Scholar
  30. 30.
    Surkovic, A., et al.: Towards attack models in autonomous SoS. In: IEEE SoS Engineering (2018)Google Scholar
  31. 31.
    Wang, L., Liu, X.: NOTSA: novel OBU with three-level security architecture for internet of vehicles. IEEE Internet Things J. (2018)Google Scholar
  32. 32.
    Wang, Y., Wu, Z., Cao, J., Fang, C.: Towards a tricksy group shilling attack model against recommender systems. In: Zhou, S., Zhang, S., Karypis, G. (eds.) ADMA 2012. LNCS (LNAI), vol. 7713, pp. 675–688. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35527-1_56CrossRefGoogle Scholar
  33. 33.
    Wasicek, A., Derler, P., Lee, E.A.: Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: 51st ACM/EDAC/IEEE DAC (2014)Google Scholar
  34. 34.
    Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (2005)Google Scholar
  35. 35.
    Xun, P., Zhu, P.D., Hu, Y.F., Cui, P.S., Zhang, Y.: Command disaggregation attack and mitigation in industrial Internet of Things. Sensors 17(10), 2408 (2017)CrossRefGoogle Scholar
  36. 36.
    Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P.: Enabling search services on outsourced private spatial data. The VLDB J. 19(3), 363–384 (2010)CrossRefGoogle Scholar
  37. 37.
    Zhang, F.: Analysis of bandwagon and average hybrid attack model against trust-based recommender systems. In: 5th ICMeCG (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Amer Šurković
    • 1
  • Džana Hanić
    • 1
  • Elena Lisova
    • 1
    Email author
  • Aida Čaušević
    • 1
  • Kristina Lundqvist
    • 1
  • David Wenslandt
    • 2
  • Carl Falk
    • 2
  1. 1.Mälardalen UniversityVästeråsSweden
  2. 2.Knightec ABVästeråsSweden

Personalised recommendations