powerLang: a probabilistic attack simulation language for the power domain

Cyber-attacks these threats, the cyber security assessment of IT and OT infrastructures can foster a higher degree of safety and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain.Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, powerLang as a MAL-based DSL for modeling IT and OT infrastructures in the power domain is proposed. Further, it allows analyzing weaknesses related to known attacks. To comprise powerLang, two existing MAL-based DSL are combined with a new language focusing on industrial control systems (ICS). Finally, this first version of the language was validated against a known cyber-attack.

[1]  Khurram Shahzad,et al.  P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language , 2015, IEEE Trans. Dependable Secur. Comput..

[2]  Yuji Yamaoka,et al.  Threat Tree Templates to Ease Difficulties in Threat Modeling , 2011, 2011 14th International Conference on Network-Based Information Systems.

[3]  Riadh W. Y. Habash,et al.  Risk Management Framework for the Power Grid Cyber-Physical Security , 2013 .

[4]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[5]  Khurram Shahzad,et al.  Securi CAD by Foreseeti: A CAD Tool for Enterprise Cyber Security Management , 2015, 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop.

[6]  Jian-Wei Wang,et al.  Cascade-based attack vulnerability on the US power grid. , 2009 .

[7]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[8]  Ulrich Riehm,et al.  Was bei einem Blackout geschieht , 2011 .

[9]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[10]  Hilde van der Togt,et al.  Publisher's Note , 2003, J. Netw. Comput. Appl..

[11]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[12]  Mathias Ekstedt,et al.  A Meta Language for Threat Modeling and Attack Simulations , 2018, ARES.

[13]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[14]  Richard Lippmann,et al.  GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool , 2008, VizSEC.

[15]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[16]  Bruce Schneier,et al.  DIGITAL SECURITY IN A NETWORKED WORLD , 2013 .

[17]  Ruth Breu,et al.  Model-Driven Security Engineering for Trust Management in SECTET , 2007, J. Softw..

[18]  Sushil Jajodia,et al.  Advances in Topological Vulnerability Analysis , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[19]  Ricard V. Solé,et al.  Topological Vulnerability of the European Power Grid under Errors and Attacks , 2007, Int. J. Bifurc. Chaos.

[20]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[21]  Ulrich Riehm,et al.  Was bei einem Blackout geschieht : Folgen eines langandauernden und großräumigen Stromausfalls , 2011 .

[22]  David A. Basin,et al.  A decade of model-driven security , 2011, SACMAT '11.

[23]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[24]  Teodor Sommestad,et al.  Intrusion detection and the role of the system administrator , 2012, Inf. Manag. Comput. Secur..

[25]  Yuning Jiang,et al.  A Language and Repository for Cyber Security of Smart Grids , 2018, 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC).

[26]  Paolo Giorgini,et al.  Modelling and reasoning about security requirements in socio-technical systems , 2015, Data Knowl. Eng..

[27]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[28]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[29]  Rahat Masood Assessment of Cyber Security Challenges in Nuclear Power Plants Security Incidents , Threats , and Initiatives , 2016 .

[30]  Naima Kaabouch,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[31]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[32]  Yoshiki Yamagata,et al.  Principles and criteria for assessing urban energy resilience: A literature review , 2016 .

[33]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[34]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[35]  Takeo Kanade,et al.  Formal Aspects in Security and Trust , 2008, Lecture Notes in Computer Science.

[36]  Mark Adamiak,et al.  IEC 61850 Communication Networks and Systems In Substations: An Overview for Users , 1988 .

[37]  John Grundy,et al.  SecDSVL: A Domain-Specific Visual Language to Support Enterprise Security Modelling , 2014, 2014 23rd Australian Software Engineering Conference.

[38]  Robin Berthier,et al.  Profiling Attacker Behavior Following SSH Compromises , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[39]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[40]  Simon Hacks,et al.  An Attack Simulation Language for the IT Domain , 2020, GraMSec@CSF.

[41]  Mark Baggett,et al.  Effectiveness of Antivirus in Detecting Metasploit Payloads , 2008 .

[42]  Hannes Holm,et al.  Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[43]  Simon Hacks,et al.  Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language , 2019, ICISSP.

[44]  Simon Hacks,et al.  Creating Meta Attack Language Instances using ArchiMate: Applied to Electric Power and Energy System Cases , 2019, 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC).

[45]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.