| Title | A Security Scoring Framework to Quantify Security in Cyber-Physical Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Aigner, Andreas, Khelil, Abdelmajid |
| Conference Name | 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS) |
| Keywords | Adaptation models, Automation, Conferences, connected vehicles, critical infrastructure, Cyber-physical systems, Data models, industrial cyber-physical systems, Metrics, pubcrawl, security metric, security metrics, Security Rating, security scalability, Security Scoring, security weaknesses, threat analysis |
| Abstract | The need to achieve a suitable level of security in Cyber-Physical Systems (CPS) presents a major challenge for engineers. The unpredictable communication of highly constrained, but safety-relevant systems in a heterogeneous environment, significantly impacts the number and severity of vulnerabilities. Consequently, if security-related weaknesses can successfully be exploited by attackers, the functionality of critical infrastructure could be denied or malfunction. This might consequently threaten life or leak sensitive information. A toolkit to quantitatively express security is essential for security engineers in order to define security-enhancing measurements. For this purpose, security scoring frameworks, like the established Common Vulnerability Scoring System can be used. However, existing security scoring frameworks may not be able to handle the proposed challenges and characteristics of CPS. Therefore, in this work, we aim to elaborate a security scoring system that is tailored to the needs of CPS. In detail, we analyze security on a System-of-Systems level, while considering multiple attacks, as well as potential side effects to other security-related objects. The positive effects of integrated mitigation concepts should also be abbreviated by our proposed security score. Additionally, we generate the security score for interacting AUTOSAR platforms in a highly-connected Vehicle-to-everything (V2x) environment. We refer to this highly relevant use case scenario to underline the benefits of our proposed scoring framework and to prove its effectiveness in CPS. |
| DOI | 10.1109/ICPS49255.2021.9468168 |
| Citation Key | aigner_security_2021 |
A Security Scoring Framework to Quantify Security in Cyber-Physical Systems