+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Adaptive Modelling for Security Analysis of Networked Control Systems


      , , , , ,

      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Cyber Security Research

      23 - 25 August 2016

      decomposition, ontology, threat analysis, system modelling, network security, reasoning, vulnerability



            Incomplete information about connectivity and functionality of elements of networked control systems is a challenging issue in applying model-based security analysis in practice. This issue can be addressed by modelling techniques providing inherent mechanisms to describe incomplete information. We present and exemplary demonstrate a new, ontology-based method to adaptively model and analyse networked control systems froma security perspective.Ourmethod allowsmodelling different parts of the systemwith different levels of detail. We include a formalism to handle incomplete information by applying iterative extension and iterative refinement of the model where necessary. By usingmachine-based reasoning on an ontologymodel of the system, security-relevant information is deduced. During this process, non-obvious attack vectors are identified using a structural analysis of the model and by connecting the model to vulnerability information.


            Author and article information

            August 2016
            August 2016
            : 64-73
            [0001]Beckhoff Automation GmbH & Co. KG, Nuremberg, Germany
            [0002]Fraunhofer Institute AISEC, Garching, Germany
            © Wolf et al. Published by BCS Learning & Development Ltd. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. et al 2015 Imperfect forward secrecy: How Diffie–Hellman fails in practice 22nd ACM Conference on Computer and Communications Security 5 17

            2. 2009 Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security 183 194

            3. 2010 An ontology engineering approach to network access control configuration

            4. et al 2014 HermiT: An OWL 2 Reasoner Journal of Automated Reasoning 53 3 245 269

            5. 2008 Semantic Web: Grundlagen Berlin, Germany Springer-Verlag

            6. et al 2015 P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language IEEE Transactions on Dependable and Secure Computing 12 6 626 639

            7. et al 2011 Cauldron mission-centric cyber situational awareness with defense in depth Military Communications Conference 1339 1344

            8. et al 2009 Aug A logic-based approach to network security risk assessment Computing, Communication, Control, and Management 2009 CCCM 2009. ISECS International Colloquium on 3 9 14

            9. 2002 UMLsec: Extending UML for Secure Systems Development Berlin, Germany Springer

            10. et al 2005 Security Ontology for Annotating Resources Springer

            11. et al 2011 Automatisierung von Penetrationstest-Berichten mittels CWE DACH Security 2011

            12. et al 2006 Validating and Restoring Defense in Depth Using Attack Graphs IEEE Military Communications conference 1 10

            13. et al 2002 SecureUML: A UML-Based Modeling Language for Model-Driven Security Berlin, Germany Springer

            14. 2008 Nmap Network Scanning - Official Nmap Project Guide to Network Discovery and Security Scanning Insecure.Com, LLC

            15. et al 2005 The case for common flaw enumeration NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics

            16. et al 2009 Advances in topological vulnerability analysis. In: Conference For Homeland Security, 2009. CATCH ’09 Cybersecurity Applications & Technology 124 129

            17. et al 2005 MulVAL: A logic-based network security analyzer USENIX Security 8

            18. et al 2007 Pellet: A practical OWL-DL reasoner Web Semantics:Science,Services and Agents on the World Wide Web 5 2 51 53

            19. et al 2013 The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures IEEE Systems Journal 7 3 363 373

            20. et al 2006 Using description logics for network vulnerability analysis Fifth InternationalConference on Networking and the International Conference on Systems (ICN/ICONS/MCL,Mauritiu 78


            Comment on this article