Visible to the public A Scoring System to Efficiently Measure Security in Cyber-Physical Systems

TitleA Scoring System to Efficiently Measure Security in Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsAigner, Andreas, Khelil, Abdelmajid
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date PublishedJan. 2021
PublisherIEEE
ISBN Number978-1-6654-0392-4
KeywordsComplexity theory, Computing Theory, Cyber-physical systems, Internet of Things, Measurement, Metrics, privacy, pubcrawl, Refining, Scalability, security, security analysis, security engineering, security metric, security metrics, Security Scoring, threat analysis
AbstractThe importance of Cyber-Physical Systems (CPS) gains more and more weight in our daily business and private life. Although CPS build the backbone for major trends, like Industry 4.0 and connected vehicles, they also propose many new challenges. One major challenge can be found in achieving a high level of security within such highly connected environments, in which an unpredictable number of heterogeneous systems with often-distinctive characteristics interact with each other. In order to develop high-level security solutions, system designers must eventually know the current level of security of their specification. To this end, security metrics and scoring frameworks are essential, as they quantitatively express security of a given design or system. However, existing solutions may not be able to handle the proposed challenges of CPS, as they mainly focus on one particular system and one specific attack. Therefore, we aim to elaborate a security scoring mechanism, which can efficiently be used in CPS, while considering all essential information. We break down each system within the CPS into its core functional blocks and analyze a variety of attacks in terms of exploitability, scalability of attacks, as well as potential harm to targeted assets. With this approach, we get an overall assessment of security for the whole CPS, as it integrates the security-state of all interacting systems. This allows handling the presented complexity in CPS in a more efficient way, than existing solutions.
URLhttps://ieeexplore.ieee.org/document/9343243
DOI10.1109/TrustCom50675.2020.00151
Citation Keyaigner_scoring_2020