Abstract
In this article, we present an experiment we conducted with discrete event simulations to analyze the effects of multi-step cyberattacks on the safety of cyber-physical systems. We show how to represent systems, their components (either software and/or hardware), communication links, security measures, and attacks from a malicious intruder. The latter are typically taken from the MITRE ATT&CK knowledge base. The discrete event simulation method makes it possible to represent any event affecting the system. We illustrate our approach by means of an illustrative example involving cyberattacks against the navigation system of an autonomous ship. We show how the formal modeling language AltaRica, primarily dedicated to safety analyses, can assess this illustrative example by representing the system and automatically extracting sequences of attacks, leading to a safety-critical situation, namely the deviation of the ship by the attacker. This article aims to discuss this approach and to outline the lessons learned from our experience.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference71 articles.
1. A Systematic Literature Review of Model-Driven Security Engineering for Cyber–Physical Systems;Geismann;J. Syst. Softw.,2020
2. Model-Based Security Engineering for Cyber-Physical Systems: A Systematic Mapping Study;Nguyen;Inf. Softw. Technol.,2016
3. MITRE (2021, May 12). MITRE ATT&CK®. Available online: https://attack.mitre.org/.
4. Cyber-Attacks Against the Autonomous Ship;Kavallieratos;Computer Security,2019
5. Kavallieratos, G., Spathoulas, G., and Katsikas, S. (2021). Cyber Risk Propagation and Optimal Selection of Cybersecurity Controls for Complex Cyberphysical Systems. Sensors, 21.
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献