38,883 research outputs found
Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems
In recent years, Industrial Control Systems (ICS) have become an appealing
target for cyber attacks, having massive destructive consequences. Security
metrics are therefore essential to assess their security posture. In this
paper, we present a novel ICS security metric based on AND/OR graphs that
represent cyber-physical dependencies among network components. Our metric is
able to efficiently identify sets of critical cyber-physical components, with
minimal cost for an attacker, such that if compromised, the system would enter
into a non-operational state. We address this problem by efficiently
transforming the input AND/OR graph-based model into a weighted logical formula
that is then used to build and solve a Weighted Partial MAX-SAT problem. Our
tool, META4ICS, leverages state-of-the-art techniques from the field of logical
satisfiability optimisation in order to achieve efficient computation times.
Our experimental results indicate that the proposed security metric can
efficiently scale to networks with thousands of nodes and be computed in
seconds. In addition, we present a case study where we have used our system to
analyse the security posture of a realistic water transport network. We discuss
our findings on the plant as well as further security applications of our
metric.Comment: Keywords: Security metrics, industrial control systems,
cyber-physical systems, AND-OR graphs, MAX-SAT resolutio
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Direct Acyclic Graph based Ledger for Internet of Things: Performance and Security Analysis
Direct Acyclic Graph (DAG)-based ledger and the corresponding consensus
algorithm has been identified as a promising technology for Internet of Things
(IoT). Compared with Proof-of-Work (PoW) and Proof-of-Stake (PoS) that have
been widely used in blockchain, the consensus mechanism designed on DAG
structure (simply called as DAG consensus) can overcome some shortcomings such
as high resource consumption, high transaction fee, low transaction throughput
and long confirmation delay. However, the theoretic analysis on the DAG
consensus is an untapped venue to be explored. To this end, based on one of the
most typical DAG consensuses, Tangle, we investigate the impact of network load
on the performance and security of the DAG-based ledger. Considering unsteady
network load, we first propose a Markov chain model to capture the behavior of
DAG consensus process under dynamic load conditions. The key performance
metrics, i.e., cumulative weight and confirmation delay are analysed based on
the proposed model. Then, we leverage a stochastic model to analyse the
probability of a successful double-spending attack in different network load
regimes. The results can provide an insightful understanding of DAG consensus
process, e.g., how the network load affects the confirmation delay and the
probability of a successful attack. Meanwhile, we also demonstrate the
trade-off between security level and confirmation delay, which can act as a
guidance for practical deployment of DAG-based ledgers.Comment: accepted by IEEE Transactions on Networkin
- …