Abstract
Detecting cybersecurity vulnerabilities in Unmanned Aerial Systems (UAS) is essential to ensure the safe operation of drones. This supports the determination of cybersecurity objectives and the description of security requirements needed to achieve these objectives. However, it is challenging to automate this process to identify potential cyber threats and ensure the correctness of the applied security requirements, especially in a complex system such as a UAS network. In this work, we use ThreatGet as a threat modelling tool to identify potential cyber threats in UAS and highlight existing security vulnerabilities. This assists in determining the appropriate security requirements that could be implemented to achieve our security goal. We then develop a novel ontology-based threat modelling approach to infer a set of security threats based on the applied security requirements and then check the effectiveness of these requirements against threats to ensure these requirements are fulfilled.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Genc, H., Zu, Y., Chin, T.-W., Halpern, M., Reddi, V.J.: Flying IoT: toward low-power vision in the sky. IEEE Micro 37(6), 40–51 (2017)
Shaaban, A.M., Jung, O., Fas Millan, M.A.: Toward applying the IEC 62443 in the UAS for secure civil applications. In: Haber, P., Lampoltshammer, T.J., Leopold, H., Mayr, M. (eds.) Data Science - Analytics and Applications. Springer, Wiesbaden (2022). https://doi.org/10.1007/978-3-658-36295-9_7
Shaaban, A.M., Jung, O., Schmittner, C.: A proposed X.800-based security architecture framework for unmanned aircraft system, pp. 389–397. Trauner Verlag (2022). Artwork Size: 479 pages Medium: PDF
IEC. Security for industrial automation and control systems - part 4-2: Technical security requirements for IACS components. Technical report, International Standard (2019)
Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590 (2012)
Lattimore, G.L.: Unmanned aerial system cybersecurity risk management decision matrix for tactical operators. Technical report, Naval Postgraduate School, Monterey, CA, USA (2019)
Walters, S.: How to set up a drone vulnerability testing lab (2016). https://medium.com/@swalters/how-to-set-up-a-drone-vulnerability-testing-lab-db8f7c762663. Accessed 12 June 2023
Manesh, M.R., Kaabouch, N.: Cyber-attacks on unmanned aerial system networks: detection, countermeasure, and future research directions. Comput. Secur. 85, 386–401 (2019)
Kristen, E., et al.: D2.3 Architecture Requirements and Definition (v2). Technical report, AFarCloud deliverable (2020)
Macaulay, T.: The 7 deadly threats to 4G: 4G LTE security roadmap and reference design, vol. 25, p. 2017 (2013)
United Nations Economic Commission for Europe UNECE. CSOTA ad hoc “Threats 2” (2017). https://wiki.unece.org/pages/viewpage.action?pageId=45383725. Accessed 11 June 2023
Kotapati, K., Liu, P., Sun, Y., LaPorta, T.F.: A taxonomy of cyber attacks on 3G networks. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 631–633. Springer, Heidelberg (2005). https://doi.org/10.1007/11427995_82
Schmittner, C., Chlup, S., Fellner, A., Macher, G., Brenner, E.: ThreatGet: threat modeling based approach for automated and connected vehicle systems. In: AmE 2020-Automotive meets Electronics; 11th GMM-Symposium, pp. 1–3. VDE (2020)
Schmittner, C., Schrammel, B., König, S.: Asset driven ISO/SAE 21434 compliant automotive cybersecurity analysis with ThreatGet. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 548–563. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_36
Shaaban, A.M., Schmittner, C.: Threatget: new approach towards automotive security-by-design (2020)
Schmittner, C., Shaaban, A.M., Macher, G.: ThreatGet: ensuring the implementation of defense-in-depth strategy for IIoT based on IEC 62443. In: 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS), pp. 1–6. IEEE (2022)
Chlup, S., Christl, K., Schmittner, C., Shaaban, A.M., Schauer, S., Latzenhofer, M.: THREATGET: towards automated attack tree analysis for automotive cybersecurity. Information 14(1), 14 (2023)
Ma, Z., Schmittner, C.: Threat modeling for automotive security analysis. Adv. Sci. Technol. Lett. 139, 333–339 (2016)
Protégé. Protégé Framework. https://protege.stanford.edu. Accessed 10 June 2023
Johardi. Cellfie (2018). https://github.com/protegeproject/cellfie-plugin. Accessed 10 June 2023
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014). OCLC: ocn855043351
Acknowledgements
This work is accomplished as a part of the AIMS5.0 project. The project is selected for funding from the HORIZON-KDT-JU-2022-1-IA, project no. 101112089 and national funding authorities of the partners.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shaaban, A.M., Jung, O., Schmittner, C. (2023). The Need for Threat Modelling in Unmanned Aerial Systems. In: Guiochet, J., Tonetta, S., Schoitsch, E., Roy, M., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops. SAFECOMP 2023. Lecture Notes in Computer Science, vol 14182. Springer, Cham. https://doi.org/10.1007/978-3-031-40953-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-40953-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40952-3
Online ISBN: 978-3-031-40953-0
eBook Packages: Computer ScienceComputer Science (R0)