Cyber-physical systems are increasing in complexity and interconnectivity. Performing cybersecurity risk analysis and identifying all possible attack scenarios manually have become challenging and time consuming. This is similar to the problem being tackled for the studies of Reliability, Availability, Maintainability and Safety (RAMS) of complex systems where Model-Based Safety Analysis (MBSA) is proposed as a solution. As a continuation of the research conducted in this PhD thesis [1] we introduce, in this paper, the methodology Model-Based Cybersecurity Analysis (MBCA). This novel methodology is inspired by MBSA and provides a practical and interactive approach to representing and automatically computing cyber Threat paths (attack sequences) via a model. To illustrate this technique, we model the cybersecurity attributes of a drone and part of its ground control infrastructure using the software SimfiaNeo, which supports the MBSA methodology. The cybersecurity attributes selected for our modeling approach correspond to security measures, vulnerabilities, attacker’s actions, and safety feared situations. We apply MBCA using SimfiaNeo to compute the different Threat paths of the considered system architecture. Each sequence consists of the attack source, the target, and the attack path that leads to the feared situation; these elements constitute a threat scenario. We also illustrate the integration of the MBCA approach in Security Risk Assessment (SRA) methodologies and throughout a product development cycle.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MBCA: A Model-Based Approach for Cybersecurity Analysis of Cyber-Physical Systems

  • Antoine Sfeir,
  • Macaire Medenou,
  • Raoul Guiazon

摘要

Cyber-physical systems are increasing in complexity and interconnectivity. Performing cybersecurity risk analysis and identifying all possible attack scenarios manually have become challenging and time consuming. This is similar to the problem being tackled for the studies of Reliability, Availability, Maintainability and Safety (RAMS) of complex systems where Model-Based Safety Analysis (MBSA) is proposed as a solution. As a continuation of the research conducted in this PhD thesis [1] we introduce, in this paper, the methodology Model-Based Cybersecurity Analysis (MBCA). This novel methodology is inspired by MBSA and provides a practical and interactive approach to representing and automatically computing cyber Threat paths (attack sequences) via a model. To illustrate this technique, we model the cybersecurity attributes of a drone and part of its ground control infrastructure using the software SimfiaNeo, which supports the MBSA methodology. The cybersecurity attributes selected for our modeling approach correspond to security measures, vulnerabilities, attacker’s actions, and safety feared situations. We apply MBCA using SimfiaNeo to compute the different Threat paths of the considered system architecture. Each sequence consists of the attack source, the target, and the attack path that leads to the feared situation; these elements constitute a threat scenario. We also illustrate the integration of the MBCA approach in Security Risk Assessment (SRA) methodologies and throughout a product development cycle.