his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 11) Show all publications
Jiang, Y., Atif, Y., Ding, J. & Wang, W. (2019). A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems. In: : . Paper presented at The 14th International Conference on Risks and Security of Internet and Systems, Hammamet, Tunisia, October 29-31, 2019.
Open this publication in new window or tab >>A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Criticalmanufacturingprocessesinsmartnetworkedsystems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber- security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between di↵erent working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the col- laboration between di↵erent actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with dif- ferent expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more prac- tical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulner- abilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.

Keywords
Cyber-Physical Production System Security, Human-in-the-Loop, Vulnerability Assessment, Semantic Model, Reference Model
National Category
Embedded Systems Other Electrical Engineering, Electronic Engineering, Information Engineering Information Systems Human Computer Interaction
Research subject
Distributed Real-Time Systems; Production and Automation Engineering
Identifiers
urn:nbn:se:his:diva-17754 (URN)
Conference
The 14th International Conference on Risks and Security of Internet and Systems, Hammamet, Tunisia, October 29-31, 2019
Projects
ELVIRA
Note

EU ISF Project A431.678/2016 ELVIRA

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2019-11-07
Jiang, Y., Atif, Y. & Ding, J. (2019). Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database. In: : . Paper presented at the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019.
Open this publication in new window or tab >>Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Recent advances in data analytics prompt dynamic datadriven vulnerability assessments whereby data contained from vulnerabilityalert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, current vulnerability assessment processes are mostly conducted manually. However, the huge volume of scanned data requires substantial information processing and analytical reasoning, which could not be satisfied considering the imprecision of manual vulnerability analysis. In this paper, we propose to employ a cross-linked and correlated database to collect, extract, filter and visualise vulnerability data across multiple existing repositories, whereby CPS vulnerability information is inferred. Based on our locally-updated database, we provide an in-depth case study on gathered CPS vulnerability data, to explore the trends of CPS vulnerability. In doing so, we aim to support a higher level of automation in vulnerability awareness and back risk-analysis exercises in critical infrastructures (CIs) protection.

Keywords
Cyber-Physical System Security, Vulnerability Analysis, Correlated Database Management, SCADA
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-17753 (URN)
Conference
the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019
Projects
EU ISF Project A431.678/2016 ELVIRA
Note

Funded by EU Internal Security Funds

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2019-11-07
Jiang, Y. (2019). Dynamic and Automatic Vulnerability Assessment for Cyber-Physical System. In: : . Paper presented at 19th Seminar within the Framework of a Swedish IT Security Network for PhD students, Karlstad, Sweden, June 3-4, 2019.
Open this publication in new window or tab >>Dynamic and Automatic Vulnerability Assessment for Cyber-Physical System
2019 (English)Conference paper, Poster (with or without abstract) (Other academic)
Abstract [en]

Assessing vulnerabilities supports analytics-based decision-making processes to protect Critical Infrastructures (CIs), in order to focus on specific risks rising from threat-exploitability with varying degrees of impact-severity. The notion of risk remains elusive, as evidenced by the increasing investigations on CIs security operations centres (SOCs) where analysts employ various detection, assessment, and defence mechanisms to monitor security events. Normally, SOCs involve advances of multiple automated security tools such as network vulnerability scanners and Common Vulnerability Scoring System (CVSS), combined with analysis of data contained and produced by cyber-physical system (CPS) as well as alarms retrieved from vulnerability repositories such as Common Vulnerability Exposure (CVE). The security operators need further to forecast the match between these vulnerabilities and the state of intricate CIs layer networks, while prioritising patching investments using vulnerability-scoring mechanisms. This process shows the central role of security operators in SOCs and their need for support to keep pace with dynamically evolving vulnerability-alert repositories. Recent advances in data analytics also prompt dynamic data-driven vulnerability assessments whereby data contained and produced by CPS include hidden traces of vulnerability fingerprints. However, the huge volume of scanned data requires high capability of information processing and analytical reasoning, which could not be satisfied considering the imprecise nature of manual vulnerability assessment.

A knowledge-base system that consolidates both sides into empirical rules appears to be missing, yet it promises to offer a suitable level of decision-support. In our research, we propose a dynamic and automated vulnerability-assessment approach. The proposed streamlined approach employs computational intelligence techniques to analyse data retrieved from vulnerability-alert repositories and CPS layer networks within an innovative accurate and automatic scoring system, away from traditional manual and highly subjective mechanisms. Our approach suggests to substitute offline, costly, error-prone and pure subjective vulnerability assessment processes with an automatic, accurate and data-evidenced approach, to improve situation awareness and to support security decision making. In doing so, we investigate judicious computational-intelligence techniques such as fuzzy-logic, machine learning and data mining, applied to vulnerability assessment problems.

Keywords
Cyber-Physical System Security, Vulnerability Assessment
National Category
Embedded Systems Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-17752 (URN)
Conference
19th Seminar within the Framework of a Swedish IT Security Network for PhD students, Karlstad, Sweden, June 3-4, 2019
Projects
ELVIRA
Note

A short presentation was given during SWITS'2019 workshop for the poster.

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2019-10-04Bibliographically approved
Jiang, Y. (2019). Dynamic Vulnerability Analysis in Cyberphysical Systems. Skövde: University of Skövde
Open this publication in new window or tab >>Dynamic Vulnerability Analysis in Cyberphysical Systems
2019 (English)Report (Other academic)
Abstract [en]

The growth and the complexity scale of Cyber-Physical Systems (CPSs) are ever-evolving due to the fast expansion of networked applications in smart-x systems, which are overseeing critical infrastructures such as the smart-grid. These smart networked systems use a network of embedded sensors, platforms and actuators to perceive and affect a physical process that typically requires guaranteed quality-of-service performances provided by safety-critical applications. The confluence of sensors, platforms and networks is also nourishing the expansion of the emerging Internet of Things (IoT) area. However, these developments lead to increased surfaces that are vulnerable to cyberattacks.Since the capability of attackers and the trust in networked-components are subject to substantial variability, a dynamic-vulnerability assessment is advocated in this study, in contrast to traditional static-approaches. 

Recent advances in data analytics prompt dynamic data-driven vulnerability assessments, whereby data contained and produced by CPS cyber-components include hidden traces of vulnerability fingerprints. However, the imprecise nature of vulnerability assessment and the huge volume of scanned data call for computational intelligence techniques to analyse such data. We first investigate computational models to capture semantic properties related to vulnerability concepts revolving around CPS components. This study reveals salient metrics and related measurements used to quantify CPS component vulnerabilities. We show the potential of applying fuzzy-logic techniques to diagnose vulnerability, and infer objective vulnerability scores. Then, we examine computational methods to extract meaning from text by mining online public-repositories of published vulnerabilities and discovering potential vulnerability-matches in a given CPS infrastructure. Graph-mining techniques are also explored to identify critical-assets of CPS infrastructure to weigh vulnerabilities, considering topological structures and functional features. 

In this proposal, we explore the state of the art and highlight the drawbacks of current research approaches in CPS vulnerability assessment area, based on which, we build our research questions with the purpose to piece together solution elements for the stated problem. In doing so, computational intelligence techniques such as fuzzy-logic and machine-learning, are investigated in order (a) to reduce existing security management gaps induced by ad-hoc and subjective vulnerability auditing processes, (b) to narrow further the risk window induced by discoverable vulnerabilities, and (c) to increase the level of automation in vulnerability analysis, at various levels of the CPS architecture.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2019. p. 56
Keywords
Cyber-Physical System Security, Vulnerability Assessment, Vulnerability Quantification, Cybersecurity Analysis Automation, Computational Intelligence in Security
National Category
Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-16802 (URN)
Projects
ELVIRA project
Note

Research proposal, PhD programme, University of Skövde

Available from: 2019-04-23 Created: 2019-04-23 Last updated: 2019-04-23Bibliographically approved
Jiang, Y., Jeusfeld, M. A., Atif, Y., Ding, J., Brax, C. & Nero, E. (2018). A Language and Repository for Cyber Security of Smart Grids. In: Selmin Nurcan, Pontus Johnson (Ed.), 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC 2018): . Paper presented at 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), Stockholm, Sweden, October 16-19, 2018 (pp. 164-170). Los Alamitos, CA: IEEE
Open this publication in new window or tab >>A Language and Repository for Cyber Security of Smart Grids
Show others...
2018 (English)In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC 2018) / [ed] Selmin Nurcan, Pontus Johnson, Los Alamitos, CA: IEEE, 2018, p. 164-170Conference paper, Published paper (Refereed)
Abstract [en]

Power grids form the central critical infrastructure in all developed economies. Disruptions of power supply can cause major effects on the economy and the livelihood of citizens. At the same time, power grids are being targeted by sophisticated cyber attacks. To counter these threats, we propose a domain-specific language and a repository to represent power grids and related IT components that control the power grid. We apply our tool to a standard example used in the literature to assess its expressiveness.

Place, publisher, year, edition, pages
Los Alamitos, CA: IEEE, 2018
Series
Proceedings (IEEE International Enterprise Distributed Object Computing Conference), ISSN 2325-6354, E-ISSN 2325-6362
Keywords
cyber security, enterprise architecture, domain-specific language, taxonomy
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-16403 (URN)10.1109/EDOC.2018.00029 (DOI)2-s2.0-85059076918 (Scopus ID)978-1-5386-4139-2 (ISBN)
Conference
2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), Stockholm, Sweden, October 16-19, 2018
Projects
EU ISF Project A431.678/2016 ELVIRA
Note

Funded by EU Internal Security Funds

Available from: 2018-11-16 Created: 2018-11-16 Last updated: 2019-02-08Bibliographically approved
Jiang, Y., Atif, Y. & Ding, J. (2018). Agent Based Testbed Design for Cyber Vulnerability Assessment in Smart-Grids. In: : . Paper presented at CySeP summer school 2018/SWITIS, CySeP, 2018.
Open this publication in new window or tab >>Agent Based Testbed Design for Cyber Vulnerability Assessment in Smart-Grids
2018 (English)Conference paper, Poster (with or without abstract) (Other academic)
Abstract [en]

Smart grid employs Information and Communication Technology (ICT) infrastructure and network connectivity to optimize efficiency and deliver new functionalities. This evolution is associated with an increased risk for cybersecurity threats that may hamper smart grid operations. Power utility providers need tools for assessing risk of prevailing cyberthreats over ICT infrastructures. The need for frameworks to guide the development of these tools is essential to define and reveal vulnerability analysis indicators. We propose a data-driven approach for designing testbeds to allow the simulation of cyberattacks in order to evaluate the vulnerability and the impact of cyber threat attacks. The proposed framework uses data reported from multiple smart grid components at different smart grid architecture layers, including physical, control, and cyber layers. The multi-agent based framework proposed in this paper would analyze the conglomeration of these data reports to assert malicious attacks.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
INF303 Information Security; Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-16069 (URN)
Conference
CySeP summer school 2018/SWITIS, CySeP, 2018
Projects
ELVIRA (http://www.his.se/en/Research/informatics/Distributed-Real-Time-Systems/Infrastructure-resilience/)
Available from: 2018-08-22 Created: 2018-08-22 Last updated: 2018-11-21Bibliographically approved
Jiang, Y., Ding, J., Atif, Y., Jeusfeld, M., Andler, S., Lindström, B., . . . Haglund, D. (2018). Complex Dependencies Analysis: Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project. Skövde: University of Skövde
Open this publication in new window or tab >>Complex Dependencies Analysis: Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

This document reports a technical description of ELVIRA project results obtained as part of Work-package 2.1 entitled “Complex Dependencies Analysis”. In this technical report, we review attempts in recent researches where connections are regarded as influencing factors to  IT systems monitoring critical infrastructure, based on which potential dependencies and resulting disturbances are identified and categorized. Each kind of dependence has been discussed based on our own entity based model. Among those dependencies, logical and functional connections have been analysed with more details on modelling and simulation techniques.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 22
Series
IIT Technical Reports ; HS-IIT-TR-18-003
Keywords
Dependencies, Interdependencies, Modelling and Simulation, Influence Factors
National Category
Computer and Information Sciences Embedded Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-15114 (URN)
Projects
ELVIRA
Note

HS-IIT-TR-18-003 This is a technical report related to the ELVIRA project www.his.se/elvira

Available from: 2018-05-02 Created: 2018-05-02 Last updated: 2019-03-05Bibliographically approved
Atif, Y., Jiang, Y., Jeusfeld, M. A., Ding, J., Lindström, B., Andler, S. F., . . . Lindström, B. (2018). Cyber-threat analysis for Cyber-Physical Systems: Technical report for Package 4, Activity 3 of ELVIRA project. Skövde: University of Skövde
Open this publication in new window or tab >>Cyber-threat analysis for Cyber-Physical Systems: Technical report for Package 4, Activity 3 of ELVIRA project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

Smart grid employs ICT infrastructure and network connectivity to optimize efficiency and deliver new functionalities. This evolu- tion is associated with an increased risk for cybersecurity threats that may hamper smart grid operations. Power utility providers need tools for assessing risk of prevailing cyberthreats over ICT infrastructures. The need for frameworks to guide the develop- ment of these tools is essential to define and reveal vulnerability analysis indicators. We propose a data-driven approach for design- ing testbeds to evaluate the vulnerability of cyberphysical systems against cyberthreats. The proposed framework uses data reported from multiple components of cyberphysical system architecture layers, including physical, control, and cyber layers. At the phys- ical layer, we consider component inventory and related physi- cal flows. At the control level, we consider control data, such as SCADA data flows in industrial and critical infrastructure control systems. Finally, at the cyber layer level, we consider existing secu- rity and monitoring data from cyber-incident event management tools, which are increasingly embedded into the control fabrics of cyberphysical systems.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 18
Series
IIT Technical Reports ; HS-IIT-TR-18-004
Keywords
vulnerability analysis, cyber-threats, cyberphysical systems, clustering, multiagent systems
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-16092 (URN)
Projects
This research has been supported in part by the EU ISF Project A431.678/2016 ELVIRA (Threat modeling and resilience of critical infrastructures), coordinated by Polismyndigheten/Sweden
Note

I publikationen: HS-IIT-18-004

Available from: 2018-08-29 Created: 2018-08-29 Last updated: 2019-02-18Bibliographically approved
Jiang, Y., Atif, Y. & Ding, J. (2018). Data Fusion Framework for Cyber Vulnerability Assessment in Smart Grid.
Open this publication in new window or tab >>Data Fusion Framework for Cyber Vulnerability Assessment in Smart Grid
2018 (English)Other (Other academic)
Abstract [en]

Smart grid adopts ICT to enhance power-delivery management. However, these advanced technologies also introduce an increasing amount of cyber threats. Cyber threats occur because of vulnerabilities throughout smart-grid layers. Each layer is distinguished by typical data flows. For example, power-data stream flows along the physical layer; command data are pushed to and pulled from sensor-control devices, such as RTUs and PLCs. Vulnerabilities expose these data flows to cyber threat via communication networks, such as local control network, vendor network, corporate network and the wider internet. Thus, these data could be used to analyse vulnerabilities against cyber threats. After data collection, data analysis and modelling techniques would be used for vulnerability assessment.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Distributed Real-Time Systems; INF303 Information Security
Identifiers
urn:nbn:se:his:diva-16070 (URN)
Available from: 2018-08-22 Created: 2018-08-22 Last updated: 2018-09-10Bibliographically approved
Atif, Y., Jiang, Y., Lindström, B., Ding, J., Jeusfeld, M., Andler, S., . . . Haglund, D. (2018). Multi-agent Systems for Power Grid Monitoring: Technical report for Package 4.1 of ELVIRA project. Skövde: University of Skövde
Open this publication in new window or tab >>Multi-agent Systems for Power Grid Monitoring: Technical report for Package 4.1 of ELVIRA project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

This document reports a technical description of ELVIRA project results obtained as part of Work- package 4.1 entitled “Multi-agent systems for power Grid monitoring”. ELVIRA project is a collaboration between researchers in School of IT at University of Skövde and Combitech Technical Consulting Company in Sweden, with the aim to design, develop and test a testbed simulator for critical infrastructures cybersecurity. This report outlines intelligent approaches that continuously analyze data flows generated by Supervisory Control And Data Acquisition (SCADA) systems, which monitor contemporary power grid infrastructures. However, cybersecurity threats and security mechanisms cannot be analyzed and tested on actual systems, and thus testbed simulators are necessary to assess vulnerabilities and evaluate the infrastructure resilience against cyberattacks. This report suggests an agent-based model to simulate SCADA- like cyber-components behaviour when facing cyber-infection in order to experiment and test intelligent mitigation mechanisms. 

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 16
Series
IIT Technical Reports ; HS-IIT-TR-18-002
Keywords
Smart grid security, Agent model, Multi-agent system
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-15111 (URN)
Projects
Elvira project funded by EU Internal Security Fund (ISF) A431.678-2016
Note

HS-IIT-TR-18-002

Available from: 2018-05-02 Created: 2018-05-02 Last updated: 2019-03-05Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-4791-8452

Search in DiVA

Show all publications