Detection of attacks based on known vulnerabilities in industrial networked systems

Abstract Vulnerabilities in software and hardware components can be exploited by attackers to cause damages through the cyberspace. Nowadays, this problem also affects a large number of industrial networked systems (INS) and experts are well aware that suitable prevention/detection techniques and countermeasures have to be developed, taking into account INS characteristics and peculiarities. The exposure of a large and complex system to attacks carried out by exploiting well-selected sequences of vulnerabilities can be hard to evaluate, but this is a fundamental step to prevent potential menaces in both the system design and operation phases. This paper deals with an innovative technique, which is able to compute all attack patterns leveraging known vulnerabilities present in an industrial system. The proposed approach is based on the extension of a twofold model, which was successfully developed for verifying the implementation of access control policies in INS. Our solution enables the development of an automated software analyser that can help with the design and maintenance of INS when their security is considered.

[1]  Tarek R. Sheltami,et al.  EAACK—A Secure Intrusion-Detection System for MANETs , 2013, IEEE Transactions on Industrial Electronics.

[2]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Helge Janicke,et al.  Verification and enforcement of access control policies , 2013, Formal Methods Syst. Des..

[4]  William H. Sanders,et al.  Automatic Generation of Security Argument Graphs , 2014, 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing.

[5]  Adriano Valenzano,et al.  A twofold model for the analysis of access control policies in industrial networked systems , 2015, Comput. Stand. Interfaces.

[6]  David M. Nicol,et al.  PolicyGlobe: a framework for integrating network and operating system security policies , 2009, SafeConfig '09.

[7]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[8]  David Hutchison,et al.  A survey of cyber security management in industrial control systems , 2015, Int. J. Crit. Infrastructure Prot..

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[11]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[12]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[13]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[14]  William H. Sanders,et al.  Go with the flow: toward workflow-oriented security assessment , 2013, NSPW '13.

[15]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[16]  Adriano Valenzano,et al.  Analysis of access control policies in networked embedded systems: A case study , 2015, 10th IEEE International Symposium on Industrial Embedded Systems (SIES).

[17]  Riccardo Sisto,et al.  Vulnerability Modelling for the Analysis of Network Attacks , 2008, 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX.

[18]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[19]  Adriano Valenzano,et al.  On the description of access control policies in networked industrial systems , 2014, 2014 10th IEEE Workshop on Factory Communication Systems (WFCS 2014).

[20]  Meikang Qiu,et al.  Static Security Optimization for Real-Time Systems , 2009, IEEE Transactions on Industrial Informatics.

[21]  Adriano Valenzano,et al.  Semiautomated Verification of Access Control Implementation in Industrial Networked Systems , 2015, IEEE Transactions on Industrial Informatics.

[22]  Adriano Valenzano,et al.  Analysis of Exploitable Vulnerability Sequences in Industrial Networked Systems: A Proof of Concepts , 2015, ICS-CSR.

[23]  Elisa Bertino,et al.  On the Complexity of Authorization in RBAC under Qualification and Security Constraints , 2011, IEEE Transactions on Dependable and Secure Computing.

[24]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[25]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[26]  William H. Sanders,et al.  Usable Global Network Access Policy for Process Control Systems , 2008, IEEE Security & Privacy Magazine.

[27]  Alex X. Liu,et al.  Quantifying and Verifying Reachability for Access Controlled Networks , 2013, IEEE/ACM Transactions on Networking.

[28]  Alessandro Panebianco,et al.  Application-Sensitive Access Control Evaluation Using Parameterized Expressiveness , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[29]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[30]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[31]  Igor V. Kotenko,et al.  A Cyber Attack Modeling and Impact Assessment framework , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[32]  Adriano Valenzano,et al.  Detecting Chains of Vulnerabilities in Industrial Networks , 2009, IEEE Transactions on Industrial Informatics.

[33]  Lionel C. Briand,et al.  Automated Inference of Access Control Policies for Web Applications , 2015, SACMAT.

[34]  Roland H. C. Yap,et al.  A Machine-Oriented Integrated Vulnerability Database for Automated Vulnerability Detection and Processing , 2004 .

[35]  William H. Sanders,et al.  Experiences Validating the Access Policy Tool in Industrial Settings , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[36]  Martin C. Rinard,et al.  Automatic error finding in access-control policies , 2011, CCS '11.