Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0003-4791-8452
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-7312-9089
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0002-8927-0968
University of Skövde, School of Engineering Science. University of Skövde, Virtual Engineering Research Environment. (Production and automation engineering, Produktion och automatiseringsteknik)ORCID iD: 0000-0003-1781-2753
2020 (English)In: Risks and Security of Internet and Systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, Proceedings / [ed] Slim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem, Springer, 2020, Vol. 12026, p. 128-143Conference paper, Published paper (Refereed)
Abstract [en]

Criticalmanufacturingprocessesinsmartnetworkedsystems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber- security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between di↵erent working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the col- laboration between di↵erent actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with dif- ferent expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more prac- tical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulner- abilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.

Place, publisher, year, edition, pages
Springer, 2020. Vol. 12026, p. 128-143
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 12026
Keywords [en]
Cyber-Physical Production System Security, Human-in-the-Loop, Vulnerability Assessment, Semantic Model, Reference Model
National Category
Embedded Systems Other Electrical Engineering, Electronic Engineering, Information Engineering Information Systems Human Computer Interaction
Research subject
Distributed Real-Time Systems; Production and Automation Engineering
Identifiers
URN: urn:nbn:se:his:diva-17754DOI: 10.1007/978-3-030-41568-6_9ISI: 000886253000009Scopus ID: 2-s2.0-85082136847ISBN: 978-3-030-41567-9 (print)ISBN: 978-3-030-41568-6 (electronic)OAI: oai:DiVA.org:his-17754DiVA, id: diva2:1357270
Conference
The 14th International Conference on Risks and Security of Internet and Systems, Hammamet, Tunisia, October 29-31, 2019
Projects
ELVIRA
Note

Also part of the Information Systems and Applications, incl. Internet/Web, and HCI book sub series (LNISA, volume 12026)

EU ISF Project A431.678/2016 ELVIRA

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2024-05-16Bibliographically approved

Open Access in DiVA

fulltext(3321 kB)279 downloads
File information
File name FULLTEXT02.pdfFile size 3321 kBChecksum SHA-512
0b21b3ada39318ed9637ec5fa8014c3bef763cb9cd98ea9b70b9ab62db0328835d440be02166d0daf2b058d5316776ebf89d550f009cd84a716ce64651998c42
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Jiang, YuningAtif, YacineDing, JianguoWang, Wei

Search in DiVA

By author/editor
Jiang, YuningAtif, YacineDing, JianguoWang, Wei
By organisation
School of InformaticsInformatics Research EnvironmentSchool of Engineering ScienceVirtual Engineering Research Environment
Embedded SystemsOther Electrical Engineering, Electronic Engineering, Information EngineeringInformation SystemsHuman Computer Interaction

Search outside of DiVA

GoogleGoogle Scholar
Total: 279 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 904 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf