loading
Documents

Research.Publish.Connect.

Paper

Authors: Monika Maidl 1 ; Gerhard Münz 1 ; Stefan Seltzsam 1 ; Marvin Wagner 2 ; Roman Wirtz 2 and Maritta Heisel 2

Affiliations: 1 Siemens AG, Otto-Hahn-Ring 6, 81739 Munich, Germany ; 2 University of Duisburg-Essen, Duisburg, Germany

ISBN: 978-989-758-443-5

Keyword(s): Security Threats, Threat Modeling, Attack Actions, Taxonomy, Catalog.

Abstract: Cyber-physical systems (CPSs) include devices that interaction with the physical world. Hence, attacks against CPSs can lead to substantial damage and endanger life and limb. It is important to consider possible attacks already in the early stages of system development, i.e. during the design phase, by performing threat modeling. Threat modeling aims at identifying, analyzing and documenting potential attacks and threats against a given CPS in a structured way. However, the systematic identification of all relevant threats is not trivial. One challenge is that knowledge about threats or potential attack actions is not documented in a way that makes it easily accessible. To address this challenge, we propose a taxonomy approach for structuring attack actions. The distinguishing feature of the taxonomy approach is the use of two dimensions: attack action types and the attack surface. The attack surface consists of those points of a system at which interaction is possible. Attackers can perform attack actions instead of the intended interaction at these points. As a CPS consists of a range of heterogeneous, connected components that can be accessed in various ways, the attack surface of a CPS is typically large. The attack surface of a specific CPS is defined by its system architecture model. We developed the taxonomy approach to support threat modeling for CPSs. Starting from existing approaches in the context of threat modeling, we extended and modified those in several iterations to meet the challenges of threat modeling for CPSs in industrial projects. While the focus in this paper is on CPSs, the two-dimensional taxonomy approach can be easily applied to other domains. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.238.147.211

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Maidl, M.; Münz, G.; Seltzsam, S.; Wagner, M.; Wirtz, R. and Heisel, M. (2020). Threat Modeling for Cyber-Physical Systems: A Two-dimensional Taxonomy Approach for Structuring Attack Actions.In Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT, ISBN 978-989-758-443-5, pages 160-171. DOI: 10.5220/0009829901600171

@conference{icsoft20,
author={Monika Maidl. and Gerhard Münz. and Stefan Seltzsam. and Marvin Wagner. and Roman Wirtz. and Maritta Heisel.},
title={Threat Modeling for Cyber-Physical Systems: A Two-dimensional Taxonomy Approach for Structuring Attack Actions},
booktitle={Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,},
year={2020},
pages={160-171},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009829901600171},
isbn={978-989-758-443-5},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,
TI - Threat Modeling for Cyber-Physical Systems: A Two-dimensional Taxonomy Approach for Structuring Attack Actions
SN - 978-989-758-443-5
AU - Maidl, M.
AU - Münz, G.
AU - Seltzsam, S.
AU - Wagner, M.
AU - Wirtz, R.
AU - Heisel, M.
PY - 2020
SP - 160
EP - 171
DO - 10.5220/0009829901600171

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.