I've Seen This Before: Sharing Cyber-Physical Incident Knowledge

An increasing number of security incidents in cyber-physical systems (CPSs) arise from the exploitation of cyber and physical components of such systems. Knowledge about how such incidents arose is rarely captured and used systematically to enhance security and support future incident investigations. In this paper, we propose an approach to represent and share incidents knowledge. Our approach captures incident patterns – common aspects of incidents occurring in different CPSs. Our approach then allows incident patterns to be instantiated for different systems to assess if and how such patterns can manifest again. To support our approach, we provide two meta-models that represent, respectively, incident patterns and the cyber-physical systems themselves. The incident meta-model captures the characteristics of incidents, such as assets and activities. The system meta-model captures cyber and physical components and their interactions, which may be exploited during an incident. We demonstrate the feasibility of our approach in the application domain of smart buildings, by tailoring the system meta-model to represent components and interactions in this domain.

[1]  Carlo Ghezzi,et al.  On the Interplay Between Cyber and Physical Spaces for Adaptive Security , 2018, IEEE Transactions on Dependable and Secure Computing.

[2]  Kurt Debattista,et al.  An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception , 2017, IEEE Transactions on Information Forensics and Security.

[3]  Bashar Nuseibeh,et al.  Software Engineering Challenges for Investigating Cyber-Physical Incidents , 2017, 2017 IEEE/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[4]  Jaime A. Camelio,et al.  An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems , 2017 .

[5]  Jana Dittmann,et al.  Your Industrial Facility and Its IP Address: A First Approach for Cyber-Physical Attack Modeling , 2016, SAFECOMP.

[6]  Thomas Mundt,et al.  Security in building automation systems - a first analysis , 2016, 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security).

[7]  Harald Haelterman,et al.  Crimes as Scripts , 2016 .

[8]  George Loukas,et al.  Cyber-Physical Attacks: A Growing Invisible Threat , 2015 .

[9]  George Loukas,et al.  Physical-Cyber Attacks , 2015 .

[10]  Yuan Xue,et al.  A language for describing attacks on cyber-physical systems , 2015, Int. J. Crit. Infrastructure Prot..

[11]  Frank Vahid,et al.  A Survey on Concepts, Applications, and Challenges in Cyber-Physical Systems , 2014, KSII Trans. Internet Inf. Syst..

[12]  Deepa Kundur,et al.  A Framework for Modeling Cyber-Physical Switching Attacks in Smart Grid , 2013, IEEE Transactions on Emerging Topics in Computing.

[13]  J. Hale,et al.  Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid , 2012, 2012 5th International Symposium on Resilient Control Systems.

[14]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[15]  G. Laycock,et al.  The Value of Crime Scripting: Deconstructing Internal Child Sex Trafficking , 2011 .

[16]  Edward A. Lee CPS foundations , 2010, Design Automation Conference.

[17]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[18]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[19]  R. Milner,et al.  Bigraphical Reactive Systems , 2001, CONCUR.

[20]  D. Cornish THE PROCEDURAL ANALYSIS OF OFFENDING AND ITS RELEVANCE FOR SITUATIONAL PREVENTION , 1994 .