Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database
2019 (English)In: Critical Information Infrastructures Security: 14th International Conference, CRITIS 2019, Linköping, Sweden, September 23–25, 2019, Revised Selected Papers / [ed] Simin Nadjm-Tehrani, Springer, 2019, Vol. 11777, p. 71-82Chapter in book (Refereed)
Abstract [en]
Recent advances in data analytics prompt dynamic datadriven vulnerability assessments whereby data contained from vulnerabilityalert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, current vulnerability assessment processes are mostly conducted manually. However, the huge volume of scanned data requires substantial information processing and analytical reasoning, which could not be satisfied considering the imprecision of manual vulnerability analysis. In this paper, we propose to employ a cross-linked and correlated database to collect, extract, filter and visualise vulnerability data across multiple existing repositories, whereby CPS vulnerability information is inferred. Based on our locally-updated database, we provide an in-depth case study on gathered CPS vulnerability data, to explore the trends of CPS vulnerability. In doing so, we aim to support a higher level of automation in vulnerability awareness and back risk-analysis exercises in critical infrastructures (CIs) protection.
Place, publisher, year, edition, pages
Springer, 2019. Vol. 11777, p. 71-82
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 11777
Keywords [en]
Cyber-Physical System Security, Vulnerability Analysis, Correlated Database Management, SCADA
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
URN: urn:nbn:se:his:diva-17753DOI: 10.1007/978-3-030-37670-3_6ISI: 000612959400006Scopus ID: 2-s2.0-85077502760ISBN: 978-3-030-37669-7 (print)ISBN: 978-3-030-37670-3 (electronic)OAI: oai:DiVA.org:his-17753DiVA, id: diva2:1357235
Conference
the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019
Projects
EU ISF Project A431.678/2016 ELVIRA
Note
Also part of the Security and Cryptology book sub series (LNSC, volume 11777)
Funded by EU Internal Security Funds
2019-10-032019-10-032022-04-12Bibliographically approved