Skip to main content
SpringerLink
Log in

Incorporating Attacks Modeling into Safety Process

  • Conference paper
  • First Online:
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11094))

Included in the following conference series:

Abstract

Systems of systems (SoS) are built as a collection of systems capable of fulfilling their own function, as well as contributing to other functionalities. They are expected to increase production efficiency and possibly decrease human involvement in harmful environments, and in many cases such systems are safety-critical. For SoS it is a paramount to provide both safety and security assurance. It is not sufficient to analyze and provide assurance of these properties independently due to their mutual connection. Hence, a joint effort addressing safety and security that provides joint guarantees on both properties, is required. In this paper we provide a safety and security assurance argument by incorporating an adversary point of view, and identify potential failures coming from the security domain that might lead to an already identified set of hazards. In this way system assets, vulnerabilities and ways to exploit them can be assessed. As an outcome mitigation strategies coming from security considerations can be captured by the safety requirements. The approach is illustrated on an autonomous quarry.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adepu, S., Mathur, A.: An investigation into the response of a water treatment system to cyber attacks. In: 17th IEEE International Symposium on High Assurance Systems Engineering (2016)

    Google Scholar 

  2. Adi, E., Baig, Z.A., Hingston, P., Lam, C.P.: Distributed denial-of-service attacks against http/2 services. Clust. Comput. 19(1), 79–86 (2016)

    Article  Google Scholar 

  3. AlJahdali, H., et al.: Multi-tenancy in cloud computing. In: 8th IEEE International Symposium on SOSE (2014)

    Google Scholar 

  4. Cárdenas, A.A., et al.: Attacks against process control systems: risk assessment, detection, and response. In: ACM Symposium on Information, Computer and Communications Security (2011)

    Google Scholar 

  5. Causevic, A.: A risk and threat assessment approaches overview in autonomous systems of systems. In: The 26th IEEE International Conference on Information, Communication and Automation Technologies (2017)

    Google Scholar 

  6. Ding, D., Wang, Z., Wei, G., Alsaadi, F.E.: Event-based security control for discrete-time stochastic systems. IET Control Theory Appl. 10(15), 1808–1815 (2016)

    Article  MathSciNet  Google Scholar 

  7. Ferreira, H.G.C., de Sousa Junior, R.T.: Security analysis of a proposed internet of things middleware. Clust. Comput. 20(1), 651–660 (2017)

    Article  Google Scholar 

  8. Grover, J., Laxmi, V., Gaur, M.S.: Attack models and infrastructure supported detection mechanisms for position forging attacks in vehicular ad hoc networks. CSI Trans. ICT 1(3), 261–279 (2013)

    Article  Google Scholar 

  9. Hanić, D., Šurković, A.: An Attack Model of Autonomous Systems of Systems. Master’s thesis, Mälardalen University, IDT, June 2018

    Google Scholar 

  10. Hänninen, K., Hansson, H., Thane, H., Saadatmand, M.: Inadequate risk analysis might jeopardize the functional safety of modern systems, March 2016

    Google Scholar 

  11. Huang, S., Shang, M., Cai, S.: A hybrid decision approach to detect profile injection attacks in collaborative recommender systems. In: Chen, L., Felfernig, A., Liu, J., Raś, Z.W. (eds.) ISMIS 2012. LNCS (LNAI), vol. 7661, pp. 377–386. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34624-8_43

    Chapter  Google Scholar 

  12. ISO 17757 - International Organization for Standardization: Earth-moving machinery and mining-, and semi-autonomous machine system safety (2017)

    Google Scholar 

  13. Jiang, F., Tian, R.: The influence of shilling attacks with different attack cycles. In: 6th IIAI International Congress on Advanced Applied Informatics (2017)

    Google Scholar 

  14. Katewa, V., Anguluri, R., Ganlath, A., Pasqualetti, F.: Secure reference-tracking with resource-constrained uavs. In: IEEE CCTA (2017)

    Google Scholar 

  15. Khan, G.N., Yu, J., Yuan, F.: XTEA based secure authentication protocol for RFID systems. In: ICCN (2011)

    Google Scholar 

  16. Kissel, R.: Glossary of key information security terms. U.S. Dept. of Commerce, National Institute of Standards and Technology (2006)

    Google Scholar 

  17. Kwon, C., Liu, W., Hwang, I.: Security analysis for cyber-physical systems against stealthy deception attacks. In: American Control Conference, June 2013

    Google Scholar 

  18. Li, X., Gao, M., Rong, W., Xiong, Q., Wen, J.: Shilling attacks analysis in collaborative filtering based web service recommendation systems. In: IEEE International Conference on Web Services (2016)

    Google Scholar 

  19. Lisova, E.: Monitoring for Securing Clock Synchronization. Ph.D. thesis, Mälardalen University, April 2018

    Google Scholar 

  20. Liu, H., Ning, H.: Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sens. J. 11(12), 3235–3245 (2011)

    Article  Google Scholar 

  21. Lu, Z., Wang, W., Wang, C.: Camouflage traffic: minimizing message delay for smart grid applications under jamming. IEEE Trans. Dependable Secure Comput. 12(1), 31–44 (2015)

    Article  Google Scholar 

  22. Miede, A., et al.: A generic metamodel for IT security attack modeling for distributed systems. In: International Conference on Availability, Reliability and Security (2010)

    Google Scholar 

  23. Mohammadi, A., Plataniotis, K.N.: Secure estimation against complex-valued attacks. In: IEEE Statistical Signal Processing Workshop (2016)

    Google Scholar 

  24. Mousavian, S., Erol-Kantarci, M., Wu, L., Ortmeyer, T.: A risk-based optimization model for electric vehicle infrastructure response to cyber attacks. IEEE Trans. Smart Grid (2017)

    Google Scholar 

  25. Huansheng, N., Hong, L.I.U., Chen, Y.A.N.G.: Ultralightweight RFID authentication protocol based on random partitions of pseudorandom identifier and pre-shared secret value. Chin. J. Electron. 20(4), 701–707 (2011)

    Google Scholar 

  26. Ozay, M., Esnaola, I., Vural, F.T.Y., Kulkarni, S.R., Poor, H.V.: Distributed models for sparse attack construction and state vector estimation in the smart grid. In: 3rd IEEE International Conference on Smart Grid Communications (2012)

    Google Scholar 

  27. Paudel, S., Smith, P., Zseby, T.: Attack models for advanced persistent threats in smart grid wide area monitoring. In: 2nd CPSR-SG. ACM (2017)

    Google Scholar 

  28. Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_22

    Chapter  Google Scholar 

  29. Sunghyuck, H., Sunho, L., Jaeki, S.: Unified modeling language based analysis of security attacks in wireless sensor networks: a survey. KSII Trans. Internet Inf. Syst. 5(4), 805–821 (2011)

    Google Scholar 

  30. Surkovic, A., et al.: Towards attack models in autonomous SoS. In: IEEE SoS Engineering (2018)

    Google Scholar 

  31. Wang, L., Liu, X.: NOTSA: novel OBU with three-level security architecture for internet of vehicles. IEEE Internet Things J. (2018)

    Google Scholar 

  32. Wang, Y., Wu, Z., Cao, J., Fang, C.: Towards a tricksy group shilling attack model against recommender systems. In: Zhou, S., Zhang, S., Karypis, G. (eds.) ADMA 2012. LNCS (LNAI), vol. 7713, pp. 675–688. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35527-1_56

    Chapter  Google Scholar 

  33. Wasicek, A., Derler, P., Lee, E.A.: Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: 51st ACM/EDAC/IEEE DAC (2014)

    Google Scholar 

  34. Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (2005)

    Google Scholar 

  35. Xun, P., Zhu, P.D., Hu, Y.F., Cui, P.S., Zhang, Y.: Command disaggregation attack and mitigation in industrial Internet of Things. Sensors 17(10), 2408 (2017)

    Article  Google Scholar 

  36. Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P.: Enabling search services on outsourced private spatial data. The VLDB J. 19(3), 363–384 (2010)

    Article  Google Scholar 

  37. Zhang, F.: Analysis of bandwagon and average hybrid attack model against trust-based recommender systems. In: 5th ICMeCG (2011)

    Google Scholar 

Download references

Acknowledgments

This work is supported by the SAFSEC-CPS project funded by KKS, the SeCRA project funded by Vinnova and the Serendipity project funded by SSF.

Author information

Authors and Affiliations

  1. Mälardalen University, Västerås, Sweden

    Amer Šurković, Džana Hanić, Elena Lisova, Aida Čaušević & Kristina Lundqvist

  2. Knightec AB, Västerås, Sweden

    David Wenslandt & Carl Falk

Authors
  1. Amer Šurković
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Džana Hanić
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elena Lisova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aida Čaušević
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kristina Lundqvist
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. David Wenslandt
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Carl Falk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Lisova .

Editor information

Editors and Affiliations

  1. Mälardalen University, Västerås, Sweden

    Barbara Gallina

  2. Norwegian University of Science and Technology, Trondheim, Norway

    Amund Skavhaug

  3. AIT Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  4. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Šurković, A. et al. (2018). Incorporating Attacks Modeling into Safety Process. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11094. Springer, Cham. https://doi.org/10.1007/978-3-319-99229-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99229-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99228-0

  • Online ISBN: 978-3-319-99229-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation