research-article

Taxonomy for description of cross-domain attacks on CPS

Authors:

Mark Yampolskiy,

Xenofon D. Koutsoukos,

Janos SztipanovitsAuthors Info & Claims

HiCoNS '13: Proceedings of the 2nd ACM international conference on High confidence networked systems

Pages 135 - 142

https://doi.org/10.1145/2461446.2461465

Published: 09 April 2013 Publication History

Abstract

The pervasiveness of Cyber-Physical Systems (CPS) in various aspects of the modern society grows rapidly. This makes CPS to increasingly attractive targets for various kinds of attacks. We consider cyber-security as an integral part of CPS security. Additionally, the necessity exists to investigate the CPS-specific aspects which are out of scope of cyber-security. Most importantly, attacks capable to cross the cyber-physical domain boundary should be analyzed. The vulnerability of CPS to such cross-domain attacks has been practically proven by numerous examples, e.g., by the currently most famous Stuxnet attack. In this paper, we propose taxonomy for description of attacks on CPS. The proposed taxonomy is capable of representing both conventional cyber-attacks as well as cross-domain attacks on CPS. Furthermore, based on the proposed taxonomy, we define the attack categorization. Several possible application areas of the proposed taxonomy are extensively discussed. Among others, it can be used to establish a knowledge base about attacks on CPS known in the literature. Furthermore, the proposed description structure will foster the quantitative and qualitative analysis of these attacks, both of which are necessarily to improve CPS security.

References

[1]

Albright, D., Brannan, P., Walrond, C. 2010. Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Institute for Science and International Security. Online: http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec2010.pdf

[2]

Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., Savage, S. 2010. Experimental security analysis of a modern automobile. In Proceedings of Security and Privacy (SP), 2010 IEEE Symposium on (pp. 447--462). IEEE.

Digital Library

[3]

Shepard, D. P., Bhatti, J. A., Humphreys, T. E., & Fansler, A. A. 2012. Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks.

[4]

Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2012, August). Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach. In Proceedings of Resilient Control Systems (ISRCS), 2012 5th International Symposium on (pp. 55--62). IEEE.

[5]

Falliere, N., Murchu, L. O., & Chien, E. (2011). W32. stuxnet dossier. White paper, Symantec Corp., Security Response.

[6]

Byres, E., & Lowe, J. (2004, October). The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Kongress (Vol. 116).

[7]

Levy, E. (2003). Crossover: online pests plaguing the off line world. Security & Privacy, IEEE, 1(6), 71--73.

Digital Library

[8]

Shachtman, N. (2011). Computer Virus Hits US Drone Fleet. CNN. com, October, 10.

[9]

Ravi, S., Raghunathan, A., Kocher, P., & Hattangady, S. (2004). Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems (TECS), 3(3), 461--491.

Digital Library

[10]

Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp. 11--18). ACM.

Digital Library

[11]

Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. Control Systems, IEEE, 21(6), 11--25.

[12]

Sztipanovits, J. 2012. Towards Science of System Integration for CPS. Keynotes at The 1st ACM International Conference on High Confidence Networked Systems (HiCoNS)

[13]

Cárdenas, A. A., Amin, S., & Sastry, S. (2008, July). Research challenges for the security of control systems. In Proceedings of the 3rd conference on Hot topics in security (pp. 1--6). USENIX Association.

Digital Library

[14]

Slay, J., & Miller, M. (2007). Lessons learned from the maroochy water breach. Critical Infrastructure Protection, 73--82.

[15]

Charette, R. N. (2009). This car runs on code. IEEE Spectrum, 46(3), 3.

[16]

Wang, J., & Yu, X. (2007). Security strategies for SCADA systems. Recent advances in security technology, 378.

[17]

Hansman, S., & Hunt, R. (2005). A taxonomy of network and computer attacks. Computers & Security, 24(1), 31--43.

Digital Library

[18]

Welch, D., & Lathrop, S. (2003, June). Wireless security threat taxonomy. In Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society (pp. 76--83). IEEE.

[19]

Rad, R. M., Wang, X., Tehranipoor, M., & Plusquellic, J. (2008, November). Power supply signal calibration techniques for improving detection resolution to hardware Trojans. In Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design (pp. 632--639). IEEE Press.

Digital Library

[20]

Lippmann, R. P., Ingols, K. W., Scott, C., Piwowarski, K., Kratkiewicz, K. J., Artz, M., & Cunningham, R. K. 2005. Evaluating and strengthening enterprise network security using attack graphs. Defense Technical Information Center.

[21]

Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., & Sunar, B. (2007, May). Trojan detection using IC fingerprinting. In Security and Privacy, 2007. SP'07. IEEE Symposium on (pp. 296--310). IEEE.

Digital Library

Cited By

Chiaradonna SJevtić PLanchier N(2025)Cyber risk loss distribution for various scale drone delivery systemsRisk Sciences10.1016/j.risk.2024.1000091(100009)Online publication date: 2025
https://doi.org/10.1016/j.risk.2024.100009
Bonagura VPisani JFerrato AFoglietta CCavone GPascucci F(2025)Machine Learning Techniques for Anomaly Detection in the Hydra Testbed: A Data-Driven Defense StrategyCritical Information Infrastructures Security10.1007/978-3-031-84260-3_20(343-361)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-3-031-84260-3_20
Alanezi MAL-Azzawi R(2024)AI-Powered Cyber Threats: A Systematic ReviewMesopotamian Journal of CyberSecurity10.58496/MJCS/2024/0214:3(166-188)Online publication date: 6-Dec-2024
https://doi.org/10.58496/MJCS/2024/021
Show More Cited By

Recommendations

A language for describing attacks on cyber-physical systems

The security of cyber-physical systems is of paramount importance because of their pervasiveness in the critical infrastructure. Protecting cyber-physical systems greatly depends on a deep understanding of the possible attacks and their properties. The ...
Taxonomy of Cross-Domain Attacks on CyberManufacturing System

CyberManufacturing system (CMS) is a concept for next generation manufacturing system where manufacturing components are seamlessly integrated through technologies such as the internet of things, cloud computing, sensors network, machine learning, and ...
Intelligent and secure framework for critical infrastructure (CPS): Current trends, challenges, and future scope
Abstract
Cyber–Physical Systems (CPS) are developed by the integration of computational algorithms and physical components and they exist as a result of technological advancement in embedded systems, distributed systems, and sophisticated ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HiCoNS '13: Proceedings of the 2nd ACM international conference on High confidence networked systems

April 2013

152 pages

ISBN:9781450319614

DOI:10.1145/2461446

General Chairs:
S. Shankar Sastry
University of California, Berkeley, USA
,
Tamer Başar
University of Illinois at Urbana-Champaign, USA
,
Program Chairs:
Linda Bushnell
University of Washington, USA
,
Larry Rohrbough
University of California, Berkeley, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HiCoNS '13

Sponsor:

SIGBED

HiCoNS '13: 2nd ACM International Conference on High Confidence Networked Systems

April 9 - 11, 2013

Pennsylvania, Philadelphia, USA

Acceptance Rates

HiCoNS '13 Paper Acceptance Rate 18 of 37 submissions, 49%;

Overall Acceptance Rate 30 of 55 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

80
Total Citations
View Citations
977
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chiaradonna SJevtić PLanchier N(2025)Cyber risk loss distribution for various scale drone delivery systemsRisk Sciences10.1016/j.risk.2024.1000091(100009)Online publication date: 2025
https://doi.org/10.1016/j.risk.2024.100009
Bonagura VPisani JFerrato AFoglietta CCavone GPascucci F(2025)Machine Learning Techniques for Anomaly Detection in the Hydra Testbed: A Data-Driven Defense StrategyCritical Information Infrastructures Security10.1007/978-3-031-84260-3_20(343-361)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-3-031-84260-3_20
Alanezi MAL-Azzawi R(2024)AI-Powered Cyber Threats: A Systematic ReviewMesopotamian Journal of CyberSecurity10.58496/MJCS/2024/0214:3(166-188)Online publication date: 6-Dec-2024
https://doi.org/10.58496/MJCS/2024/021
Chiaradonna SJevtic PLanchier N(2024)Cyber Risk Loss Distribution for Various Scale Drone Delivery SystemsSSRN Electronic Journal10.2139/ssrn.4827932Online publication date: 2024
https://doi.org/10.2139/ssrn.4827932
Tiwari RMishra DSinha NAcharya B(2024)Securing IoT: Emphasizing Requirements for Enhanced Device Security2024 International Conference on Artificial Intelligence and Quantum Computation-Based Sensor Application (ICAIQSA)10.1109/ICAIQSA64000.2024.10882398(1-8)Online publication date: 20-Dec-2024
https://doi.org/10.1109/ICAIQSA64000.2024.10882398
Sundaravarathan VAlqalaf HSiddiqui AKim KLee SReisslein MThyagaturu ARoss NHoward JTayal S(2024)Cross-Domain Solutions (CDS): A Comprehensive SurveyIEEE Access10.1109/ACCESS.2024.348365912(163551-163620)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3483659
Fitzgerald JMorisset C(2024)Can we develop holistic approaches to delivering cyber-physical systems security?Research Directions: Cyber-Physical Systems10.1017/cbp.2024.12Online publication date: 3-May-2024
https://doi.org/10.1017/cbp.2024.1
Zhang JYuan YZhang JYang YXie W(2024)Anomaly detection method based on penalty least squares algorithm and time window entropy for Cyber–Physical SystemsJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10186035:10Online publication date: 4-Mar-2024
https://dl.acm.org/doi/10.1016/j.jksuci.2023.101860
Al-lQubaydhi NAlenezi AAlanazi TSenyor AAlanezi NAlotaibi BAlotaibi MRazaque AHariri S(2024)Deep learning for unmanned aerial vehicles detection: A reviewComputer Science Review10.1016/j.cosrev.2023.10061451(100614)Online publication date: Feb-2024
https://doi.org/10.1016/j.cosrev.2023.100614
Yuan SYang MReniers G(2024)Integrated process safety and process security risk assessment of industrial cyber-physical systems in chemical plantsComputers in Industry10.1016/j.compind.2023.104056155(104056)Online publication date: Feb-2024
https://doi.org/10.1016/j.compind.2023.104056
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten