Model-based risk assessment for cyber physical systems security

dc.cclicenceN/Aen
dc.contributor.authorTantawy, Ashraf
dc.contributor.authorAbdelwahed, Sherif
dc.contributor.authorErradi, Abdelkarim
dc.contributor.authorShaban, Khaled
dc.date.acceptance2020-04-30
dc.date.accessioned2023-05-05T09:31:22Z
dc.date.available2023-05-05T09:31:22Z
dc.date.issued2020-05-27
dc.description.abstractTraditional techniques for Cyber-Physical Systems (CPS) security design either treat the cyber and physical systems independently, or do not address the specific vulnerabilities of real time embedded controllers and networks used to monitor and control physical processes. In this work, we develop and test an integrated model-based approach for CPS security risk assessment utilizing a CPS testbed with real-world industrial controllers and communication protocols. The testbed monitors and controls an exothermic Continuous Stirred Tank Reactor (CSTR) simulated in real-time. CSTR is a fundamental process unit in many industries, including Oil & Gas, Petrochemicals, Water treatment, and nuclear industry. In addition, the process is rich in terms of hazardous scenarios that could be triggered by cyber attacks due to the lack of possible mechanical protection. The paper presents an integrated approach to analyze and design the cyber security system for a given CPS where the physical threats are identified first to guide the risk assessment process. A mathematical model is derived for the physical system using a hybrid automaton to enumerate potential hazardous states of the system. The cyber system is then analyzed using network and data flow models to develop the attack scenarios that may lead to the identified hazards. Finally, the attack scenarios are performed on the testbed and observations are obtained on the possible ways to prevent and mitigate the attacks. The insights gained from the experiments result in several key findings, including the expressive power of hybrid automaton in security risk assessment, the hazard development time and its impact on cyber security design, and the tight coupling between the physical and the cyber systems for CPS that requires an integrated design approach to achieve cost-effective and secure designs.en
dc.exception.ref2021codes252cen
dc.funderOther external funder (please detail below)en
dc.funder.otherQatar National Research Funden
dc.identifier.citationTantawy, A., Abdelwahed, S., Erradi, A. and Shaban, K. (2020) Model-based risk assessment for cyber physical systems security. Computers & Security, 96, 101864en
dc.identifier.doihttps://doi.org/10.1016/j.cose.2020.101864
dc.identifier.urihttps://hdl.handle.net/2086/22837
dc.language.isoen_USen
dc.peerreviewedYesen
dc.publisherElsevieren
dc.subjectCyber Physical Systemen
dc.subjectCyber Securityen
dc.subjectSafetyen
dc.subjectAttack Treeen
dc.subjectHybrid Automatonen
dc.subjectPenetration Testingen
dc.subjectRisk Assessmenten
dc.subjectSCADAen
dc.subjectIndustrial Automationen
dc.subjectModbusen
dc.titleModel-based risk assessment for cyber physical systems securityen
dc.typeArticleen

Files

Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
1-s2.0-S016740482030136X-main.pdf
Size:
2.75 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.2 KB
Format:
Item-specific license agreed upon to submission
Description: