Biblio

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

This paper describes a novel aerospace electronic component risk assessment methodology and supporting virtual laboratory structure designed to augment existing supply chain management practices and aid in Microelectronics Trust Assurance. This toolkit and methodology applies structure to the unclear and evolving risk assessment problem, allowing quantification of key risks affecting both advanced and obsolete systems that rely on semiconductor technologies. The impacts of logistics & supply chain risk, technology & counterfeit risk, and faulty component risk on trusted and non-trusted procurement options are quantified. The benefits of component testing on part reliability are assessed and incorporated into counterfeit mitigation calculations. This toolkit and methodology seek to assist acquisition staff by providing actionable decision data regarding the increasing threat of counterfeit components by assessing the risks faced by systems, identifying mitigation strategies to reduce this risk, and resolving these risks through the optimal test and procurement path based on the component criticality risk tolerance of the program.

Reliable operation of electrical power systems in the presence of multiple critical N - k contingencies is an important challenge for the system operators. Identifying all the possible N - k critical contingencies to design effective mitigation strategies is computationally infeasible due to the combinatorial explosion of the search space. This paper describes two heuristic algorithms based on the iterative pruning of the candidate contingency set to effectively and efficiently identify all the critical N - k contingencies resulting in system failure. These algorithms are applied to the standard IEEE-14 bus system, IEEE-39 bus system, and IEEE-57 bus system to identify multiple critical N - k contingencies. The algorithms are able to capture all the possible critical N - k contingencies (where 1 ≤ k ≤ 9) without missing any dangerous contingency.

To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.