Abstract
Systems of systems (SoS) are built as a collection of systems capable of fulfilling their own function, as well as contributing to other functionalities. They are expected to increase production efficiency and possibly decrease human involvement in harmful environments, and in many cases such systems are safety-critical. For SoS it is a paramount to provide both safety and security assurance. It is not sufficient to analyze and provide assurance of these properties independently due to their mutual connection. Hence, a joint effort addressing safety and security that provides joint guarantees on both properties, is required. In this paper we provide a safety and security assurance argument by incorporating an adversary point of view, and identify potential failures coming from the security domain that might lead to an already identified set of hazards. In this way system assets, vulnerabilities and ways to exploit them can be assessed. As an outcome mitigation strategies coming from security considerations can be captured by the safety requirements. The approach is illustrated on an autonomous quarry.
Keywords
- Attack Model
- Process Safety
- System Assets
- Adversary Point
- Supervisory Control And Data Acquisition (SCADA)
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adepu, S., Mathur, A.: An investigation into the response of a water treatment system to cyber attacks. In: 17th IEEE International Symposium on High Assurance Systems Engineering (2016)
Adi, E., Baig, Z.A., Hingston, P., Lam, C.P.: Distributed denial-of-service attacks against http/2 services. Clust. Comput. 19(1), 79–86 (2016)
AlJahdali, H., et al.: Multi-tenancy in cloud computing. In: 8th IEEE International Symposium on SOSE (2014)
Cárdenas, A.A., et al.: Attacks against process control systems: risk assessment, detection, and response. In: ACM Symposium on Information, Computer and Communications Security (2011)
Causevic, A.: A risk and threat assessment approaches overview in autonomous systems of systems. In: The 26th IEEE International Conference on Information, Communication and Automation Technologies (2017)
Ding, D., Wang, Z., Wei, G., Alsaadi, F.E.: Event-based security control for discrete-time stochastic systems. IET Control Theory Appl. 10(15), 1808–1815 (2016)
Ferreira, H.G.C., de Sousa Junior, R.T.: Security analysis of a proposed internet of things middleware. Clust. Comput. 20(1), 651–660 (2017)
Grover, J., Laxmi, V., Gaur, M.S.: Attack models and infrastructure supported detection mechanisms for position forging attacks in vehicular ad hoc networks. CSI Trans. ICT 1(3), 261–279 (2013)
Hanić, D., Šurković, A.: An Attack Model of Autonomous Systems of Systems. Master’s thesis, Mälardalen University, IDT, June 2018
Hänninen, K., Hansson, H., Thane, H., Saadatmand, M.: Inadequate risk analysis might jeopardize the functional safety of modern systems, March 2016
Huang, S., Shang, M., Cai, S.: A hybrid decision approach to detect profile injection attacks in collaborative recommender systems. In: Chen, L., Felfernig, A., Liu, J., Raś, Z.W. (eds.) ISMIS 2012. LNCS (LNAI), vol. 7661, pp. 377–386. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34624-8_43
ISO 17757 - International Organization for Standardization: Earth-moving machinery and mining-, and semi-autonomous machine system safety (2017)
Jiang, F., Tian, R.: The influence of shilling attacks with different attack cycles. In: 6th IIAI International Congress on Advanced Applied Informatics (2017)
Katewa, V., Anguluri, R., Ganlath, A., Pasqualetti, F.: Secure reference-tracking with resource-constrained uavs. In: IEEE CCTA (2017)
Khan, G.N., Yu, J., Yuan, F.: XTEA based secure authentication protocol for RFID systems. In: ICCN (2011)
Kissel, R.: Glossary of key information security terms. U.S. Dept. of Commerce, National Institute of Standards and Technology (2006)
Kwon, C., Liu, W., Hwang, I.: Security analysis for cyber-physical systems against stealthy deception attacks. In: American Control Conference, June 2013
Li, X., Gao, M., Rong, W., Xiong, Q., Wen, J.: Shilling attacks analysis in collaborative filtering based web service recommendation systems. In: IEEE International Conference on Web Services (2016)
Lisova, E.: Monitoring for Securing Clock Synchronization. Ph.D. thesis, Mälardalen University, April 2018
Liu, H., Ning, H.: Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sens. J. 11(12), 3235–3245 (2011)
Lu, Z., Wang, W., Wang, C.: Camouflage traffic: minimizing message delay for smart grid applications under jamming. IEEE Trans. Dependable Secure Comput. 12(1), 31–44 (2015)
Miede, A., et al.: A generic metamodel for IT security attack modeling for distributed systems. In: International Conference on Availability, Reliability and Security (2010)
Mohammadi, A., Plataniotis, K.N.: Secure estimation against complex-valued attacks. In: IEEE Statistical Signal Processing Workshop (2016)
Mousavian, S., Erol-Kantarci, M., Wu, L., Ortmeyer, T.: A risk-based optimization model for electric vehicle infrastructure response to cyber attacks. IEEE Trans. Smart Grid (2017)
Huansheng, N., Hong, L.I.U., Chen, Y.A.N.G.: Ultralightweight RFID authentication protocol based on random partitions of pseudorandom identifier and pre-shared secret value. Chin. J. Electron. 20(4), 701–707 (2011)
Ozay, M., Esnaola, I., Vural, F.T.Y., Kulkarni, S.R., Poor, H.V.: Distributed models for sparse attack construction and state vector estimation in the smart grid. In: 3rd IEEE International Conference on Smart Grid Communications (2012)
Paudel, S., Smith, P., Zseby, T.: Attack models for advanced persistent threats in smart grid wide area monitoring. In: 2nd CPSR-SG. ACM (2017)
Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_22
Sunghyuck, H., Sunho, L., Jaeki, S.: Unified modeling language based analysis of security attacks in wireless sensor networks: a survey. KSII Trans. Internet Inf. Syst. 5(4), 805–821 (2011)
Surkovic, A., et al.: Towards attack models in autonomous SoS. In: IEEE SoS Engineering (2018)
Wang, L., Liu, X.: NOTSA: novel OBU with three-level security architecture for internet of vehicles. IEEE Internet Things J. (2018)
Wang, Y., Wu, Z., Cao, J., Fang, C.: Towards a tricksy group shilling attack model against recommender systems. In: Zhou, S., Zhang, S., Karypis, G. (eds.) ADMA 2012. LNCS (LNAI), vol. 7713, pp. 675–688. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35527-1_56
Wasicek, A., Derler, P., Lee, E.A.: Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: 51st ACM/EDAC/IEEE DAC (2014)
Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (2005)
Xun, P., Zhu, P.D., Hu, Y.F., Cui, P.S., Zhang, Y.: Command disaggregation attack and mitigation in industrial Internet of Things. Sensors 17(10), 2408 (2017)
Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P.: Enabling search services on outsourced private spatial data. The VLDB J. 19(3), 363–384 (2010)
Zhang, F.: Analysis of bandwagon and average hybrid attack model against trust-based recommender systems. In: 5th ICMeCG (2011)
Acknowledgments
This work is supported by the SAFSEC-CPS project funded by KKS, the SeCRA project funded by Vinnova and the Serendipity project funded by SSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Šurković, A. et al. (2018). Incorporating Attacks Modeling into Safety Process. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11094. Springer, Cham. https://doi.org/10.1007/978-3-319-99229-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-99229-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99228-0
Online ISBN: 978-3-319-99229-7
eBook Packages: Computer ScienceComputer Science (R0)