Show simple item record

AuthorTantawy, Ashraf
AuthorAbdelwahed, Sherif
AuthorErradi, Abdelkarim
AuthorShaban, Khaled
Available date2022-12-21T10:01:47Z
Publication Date2020
Publication NameComputers and Security
ResourceScopus
URIhttp://dx.doi.org/10.1016/j.cose.2020.101864
URIhttp://hdl.handle.net/10576/37518
AbstractTraditional techniques for Cyber-Physical Systems (CPS) security design either treat the cyber and physical systems independently, or do not address the specific vulnerabilities of real time embedded controllers and networks used to monitor and control physical processes. In this work, we develop and test an integrated model-based approach for CPS security risk assessment utilizing a CPS testbed with real-world industrial controllers and communication protocols. The testbed monitors and controls an exothermic Continuous Stirred Tank Reactor (CSTR) simulated in real-time. CSTR is a fundamental process unit in many industries, including Oil & Gas, Petrochemicals, Water treatment, and nuclear industry. In addition, the process is rich in terms of hazardous scenarios that could be triggered by cyber attacks due to the lack of possible mechanical protection. The paper presents an integrated approach to analyze and design the cyber security system for a given CPS where the physical threats are identified first to guide the risk assessment process. A mathematical model is derived for the physical system using a hybrid automaton to enumerate potential hazardous states of the system. The cyber system is then analyzed using network and data flow models to develop the attack scenarios that may lead to the identified hazards. Finally, the attack scenarios are performed on the testbed and observations are obtained on the possible ways to prevent and mitigate the attacks. The insights gained from the experiments result in several key findings, including the expressive power of hybrid automaton in security risk assessment, the hazard development time and its impact on cyber security design, and the tight coupling between the physical and the cyber systems for CPS that requires an integrated design approach to achieve cost-effective and secure designs. 2020 Elsevier Ltd
SponsorThis research was made possible by NPRP 9-005-1-002 grant from the Qatar National Research Fund (a member of The Qatar Foundation). The statements made herein are solely the responsibility of the authors.
Languageen
PublisherElsevier
SubjectAttack tree
CPS
CSTR
Hybrid automaton
Hybrid system
Industrial automation
Modbus
Modeling
Penetration testing
Risk assessment
Safety
SCADA
Security
Testbed
TitleModel-based risk assessment for cyber physical systems security
TypeArticle
Volume Number96
dc.accessType Abstract Only


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record