For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
1,707
views
10
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      98
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Analysis of Exploitable Vulnerability Sequences in Industrial Networked Systems: A Proof of Concepts

      proceedings-article
      Author(s): , , ,
      Publication date (Print):
      Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) (ICS-CSR)
      Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
      Conference date: 17 - 18 September 2015
      Keywords: industrial distributed systems, software vulnerabilities, automated analysis
      Bookmark

            Abstract

            Software vulnerabilities can affect the security of any computer and industrial networked systems are no exception. Information about known vulnerabilities and possible countermeasures is being collected and published since several years, however the methodical introduction of changes and/or software patches in many industrial networks is not always possible, so that some known flaws can be left untreated as they are not considered harmful in principle. Unfortunately, a suitable combination (sequence) of vulnerabilitieswhich are not dangerouswhen considered as insulated, can provide undesired attack paths tomalicious users. This paper deals with the automated discovery of such sequences of known vulnerabilities in industrial scenarios by leveraging an analysis framework already developed for the verification of access control policies in realworld systems.

            Content

            Author and article information

            Contributors
            Manuel Cheminod
            Luca Durante
            Lucia Seno
            Adriano Valenzano: URI : www.ieiit.cnr.it
            Conference
            Publication date: September 2015
            Publication date (Print): September 2015
            Pages: 63-72
            Affiliations
            [0001]National Research Council of Italy – IEIIT

            c.so Duca degli Abruzzi 24

            I-10129 Torino

            Italy
            Article
            DOI: 10.14236/ewic/ICS2015.7
            SO-VID: effbbabe-1133-43aa-9baa-36a997eb6760
            Copyright © © Cheminod et al. Published by BCS Learning & Development Ltd. Proceedings of the 3 rd International Symposium for ICS & SCADA Cyber Security Research 2015
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015)
            Conference acronym: ICS-CSR
            Conference number: 3
            Conference location: Germany
            Conference date: 17 - 18 September 2015
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2015.7
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: software vulnerabilities,industrial distributed systems,automated analysis

            References

            1. 2009 Detecting chains of vulnerabilities in industrial networks IEEE Trans. Ind. Inform 5 2 181 193

            2. 2013 Review of security issues in industrial networks IEEE Trans. Ind. Inform 9 1 277 293

            3. 2015 A twofold model for the analysis of access control policies in industrial networked systems Comput. Stand. Interfaces To appear

            4. 2010 Security in building automation systems IEEE Trans. Ind. Electron 57 11 3622 3630

            5. 2009 Static security optimization for real-time systems IEEE Trans. Ind. Inform 5 1 22 37

            6. 2013 Quantifying and verifying reachability for access controlled networks IEEE/ACM Trans. Netw 21 2 551 565

            7. 2013 Determining risks from advanced multi-step attacks to critical information infrastructures In: Proc. 8th International Workshop on Critical Information Infrastructures Security (CRITIS) 142 154

            8. 2008 Vulnerability modelling for the analysis of network attacks Proc. 3rd International Conference on Dependability of Computer Systems (DepCoSRELCOMEX) 15 22

            9. MITRE Common vulnerabilities and exposures (CVE) Bedford, MA The MITRE Corporation Available from http://cve.mitre.org/

            10. MITRE Open vulnerability and assessment language (OVAL) Bedford, MA The MITRE Corporation Available from http://oval.mitre.org/index.html

            11. National Institute of Standards and Technology National vulnerability database (NVD) Available from http://nvd.nist.gov/

            12. OSVDB Open source vulnerability database (OSVDB) Available from http://osvdb.org/

            13. 2013 EAACK - A secure intrusion-detection system for MANETs IEEE Trans. Ind. Electron 60 3 1089 1098

            14. 2004 A machine-oriented integrated vulnerability database for automated vulnerability detection and processing Proc. 18th USENIX Systems Administration Conference (LISA) Symantec. SecurityFocus Vulnerability Database 47 58 Available from http://www.securityfocus.com/vulnerabilities/

            Comments

            Comment on this article