Visible to the public A Study of The Risk Quantification Method focusing on Direct-Access Attacks in Cyber-Physical Systems

TitleA Study of The Risk Quantification Method focusing on Direct-Access Attacks in Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2021
AuthorsKawanishi, Yasuyuki, Nishihara, Hideaki, Yoshida, Hirotaka, Hata, Yoichi
Conference Name2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
Date Publishedoct
Keywordsattack method, automotive system, Big Data, big data security metrics, Brakes, cyber-physical system, Cyber-physical systems, direct-access, Focusing, Measurement, Pervasive Computing Security, pubcrawl, resilience, Resiliency, risk analysis, Scalability, security design, Software systems
Abstract

Direct-access attacks were initially considered as un-realistic threats in cyber security because the attacker can more easily mount other non-computerized attacks like cutting a brake line. In recent years, some research into direct-access attacks have been conducted especially in the automotive field, for example, research on an attack method that makes the ECU stop functioning via the CAN bus. The problem with existing risk quantification methods is that direct-access attacks seem not to be recognized as serious threats. To solve this problem, we propose a new risk quantification method by applying vulnerability evaluation criteria and by setting metrics. We also confirm that direct-access attacks not recognized by conventional methods can be evaluated appropriately, using the case study of an automotive system as an example of a cyber-physical system.

DOI10.1109/DASC-PICom-CBDCom-CyberSciTech52372.2021.00059
Citation Keykawanishi_study_2021