his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Multi-Level Vulnerability Modeling of Cyber-Physical Systems
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0003-4791-8452
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-7312-9089
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-8927-0968
2018 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Vulnerability is defined as ”weakness of an asset or control that can be exploited by a threat” according to ISO/IEC 27000:2009, and it is a vital cyber-security issue to protect cyber-physical systems (CPSs) employed in a range of critical infrastructures (CIs). However, how to quantify both individual and system vulnerability are still not clear. In our proposed poster, we suggest a new procedure to evaluate CPS vulnerability. We reveal a vulnerability-tree model to support the evaluation of CPS-wide vulnerability index, driven by a hierarchy of vulnerability-scenarios resulting synchronously or propagated by tandem vulnerabilities throughout CPS architecture, and that could be exploited by threat agents. Multiple vulnerabilities are linked by boolean operations at each level of the tree. Lower-level vulnerabilities in the tree structure can be exploited by threat agents in order to reach parent vulnerabilities with increasing CPS criticality impacts. At the asset-level, we suggest a novel fuzzy-logic based valuation of vulnerability along standard metrics. Both the procedure and fuzzy-based approach are discussed and illustrated through SCADA-based smart power-grid system as a case study in the poster, with our goal to streamline the process of vulnerability computation at both asset and CPS levels.

Place, publisher, year, edition, pages
2018.
Keywords [en]
Vulnerability Modelling, Cyber-Physical System
National Category
Embedded Systems Other Electrical Engineering, Electronic Engineering, Information Engineering Control Engineering
Research subject
Distributed Real-Time Systems
Identifiers
URN: urn:nbn:se:his:diva-16423OAI: oai:DiVA.org:his-16423DiVA, id: diva2:1265280
Conference
The 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, November 28-30, 2018
Projects
ELVIRAAvailable from: 2018-11-22 Created: 2018-11-22 Last updated: 2018-12-20Bibliographically approved

Open Access in DiVA

fulltext(871 kB)15 downloads
File information
File name FULLTEXT01.pdfFile size 871 kBChecksum SHA-512
8c88e7a0fd5c9b140c624b4725b5b2ec3a9348adcd4c6964e895e5aaa9c4b6aed7277308cf2342d3768e5d269b3bc0370fa2cc9c1952bcb1440ec32f7cdbc868
Type fulltextMimetype application/pdf

Authority records BETA

Jiang, YuningAtif, YacineDing, Jianguo

Search in DiVA

By author/editor
Jiang, YuningAtif, YacineDing, Jianguo
By organisation
School of InformaticsThe Informatics Research Centre
Embedded SystemsOther Electrical Engineering, Electronic Engineering, Information EngineeringControl Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 15 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 306 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf