© The Institution of Engineering and Technology
When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. The authors propose a framework for integrated system-level analyses for functional safety and cyber security. They present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft's six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service and Elevation Privilege. TIRCPS introduces three benefits of developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available. Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events (HEs) to threats. Third, TIRCPS formalises the definition of threats such that intelligent tools can be built to automatically detect most of a system's vulnerable components requiring protection. They present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber-threats traceable to high-level HEs are used to design mitigation solutions.
References
-
-
1)
-
21. Leveson, N.: ‘Engineering a safer world: systems thinking applied to safety’ (MIT press, Cambridge, MA, USA, 2011).
-
2)
-
24. : ‘Road vehicles – functional safety’, 2011.
-
3)
-
1. Schoitsch, E., Schmittner, C., Ma, Z., et al: ‘The need for safety and cyber-security co-engineering and standardization for highly automated automotive vehicles’. Advanced Microsystems for Automotive Applications, 2016 pp. 251–261.
-
4)
-
6. Sun, M., Mohan, S., Sha, L., et al: ‘Addressing safety and security contradictions in cyber-physical systems’. Proc. of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW'09), Newark, NJ, USA, 2009.
-
5)
-
22. Siegel, J.: ‘Data proxies, the cognitive layer, and application locality: enablers of cloud-connected vehicles and next-generation Internet of Things’. , MIT, 2016.
-
6)
-
4. : ‘Cybersecurity guidebook for cyber-physical systems’, 2016.
-
7)
-
27. Shin, H., Kim, D., Kwon, Y., et al: ‘Illusion and dazzle: adversarial optical channel exploits against LIDARs for automotive applications’. Int. Conf. on Cryptographic Hardware and Embedded Systems, Taipei, September 2017, pp. 445–467.
-
8)
-
35. Raya, M., Hubaux, J.P.: ‘Securing vehicular ad hoc networks’, J. Comput. Secur., 2007, 15, (1), pp. 39–68.
-
9)
-
9. Caralli, R., Stevens, J., Young, L., et al: ‘Introducing OCTAVE allegro: improving the information security risk assessment process’. , Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 2007. .
-
10)
-
28. Papernot, N., McDaniel, P., Goodfellow, I., et al: ‘Practical black-box attacks against machine learning’. Proc. of the 2017 ACM on Asia Conf. on Computer and Communications Security, Abu Dhabi, United Arab Emirates, April 2017, pp. 506–519.
-
11)
-
7. Petit, J., Shladover, S.E.: ‘Potential cyberattacks on automated vehicles’, IEEE Trans. Intell. Transp. Syst., 2015, 16, (2), pp. 546–556.
-
12)
-
12. Fovino, I.N., Masera, M., De Cian, A.: ‘Integrating cyber-attacks within fault trees’, Reliab. Eng. Syst. Saf., 2009, 94, (9), pp. 1394–1402.
-
13)
-
15. Delgrossi, L., Zhang, T.: ‘Vehicle safety communications: protocols, security, and privacy’ (John Wiley & Sons, Inc, Hoboken, NJ, USA, 2012), pp. 152–153.
-
14)
-
16. Yan, C., Xu, W., Liu, J.: ‘Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicle’. DEF CON, 24, Las Vegas, NV, USA, 2016.
-
15)
-
17. Petit, J., Stottelaar, B., Feiri, M., et al: ‘Remote attacks on automated vehicles sensors: experiments on camera and LiDAR’. Black Hat Europe, Amsterdam, Netherlands, November 2015, p. 2015.
-
16)
-
5. Parkinson, S., Ward, P., Wilson, K., et al: ‘Cyber threats facing autonomous and connected vehicles: future challenges’, IEEE Trans. Intell. Transp. Syst., 2017, 18, (11).
-
17)
-
32. Shoukry, Y., Martin, P., Tabuada, P., et al: ‘Non-invasive spoofing attacks for anti-lock braking systems’. Int. Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, August 2013, pp. 55–72.
-
18)
-
23. Rasmussen, J.: ‘Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models’, IEEE Trans. Syst. Man Cybern., 1983, SMC-13, (3), pp. 257–266.
-
19)
-
30. : ‘Taxonomy and definitions for terms related to on-road motor vehicle automated driving systems’, 2014.
-
20)
-
2. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., et al: ‘A survey of approaches combining safety and security for industrial control systems’, Reliab. Eng. Syst. Saf., 2015, 139, pp. 156–178.
-
21)
-
19. Humayed, A., Lin, J., Li, F., et al: ‘Cyber-physical systems security--a survey’, IEEE Internet Things J., 2017, 4, (6).
-
22)
-
14. Douceur, J.R.: ‘The sybil attack’. Int. Workshop on Peer-to-Peer Systems, Cambridge, MA, USA, March 2002, pp. 251–260.
-
23)
-
24)
-
11. Steiner, M., Liggesmeyer, P.: ‘Combination of safety and security analysis-finding security problems that threaten the safety of a system’, SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security, Toulouse, France, Sep 2013.
-
25)
-
13. Sabaliauskaite, G., Mathur, A.P.: ‘Aligning cyber-physical system safety and security’. Complex Systems Design & Management Asia, Singapore, 2015, pp. 41–53.
-
26)
-
31. Ali, A.A.: ‘CPS security: vehicle platooning system identifying & modelling cyber-attacks’. , Newcastle University, 2016.
-
27)
-
20. Young, W., Leveson, N.G.: ‘An integrated approach to safety and security based on systems theory’, Commun. ACM, 2014, 57, (2), pp. 31–35.
-
28)
-
3. Suo, D., Yako, S., Boesch, M., et al: ‘’. , 2017, .
-
29)
-
10. Schneier, B.: ‘Attack trees’, Dr. Dobb's J., 1999, 24, (12), pp. 21–29.
-
30)
-
25. Lee, E.A.: ‘Cyber-physical systems-are computing foundations adequate’. Position Paper for NSF Workshop on Cyber-Physical Systems: Research Motivation, Techniques and Roadmap, Austin, TX, USA, October 2006, .
-
31)
-
26. Myagmar, S., Lee, A.J., Yurcik, W.: ‘Threat modeling as a basis for security requirements’. Symp. on Requirements Engineering for Information Security (SREIS), Paris, France, August 2005, , pp. 1–8.
-
32)
-
33. Savic, V., Schiller, E.M., Papatriantafilou, M.: ‘Distributed algorithm for collision avoidance at road intersections in the presence of communication failures’, , 2017.
-
33)
-
34)
-
18. Miller, C., Valasek, C.: ‘Adventures in automotive networks and control units’. DEF CON, 21, Las Vegas, Nevada, USA, 2013, pp. 260–264.
-
35)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-its.2018.5323
Related content
content/journals/10.1049/iet-its.2018.5323
pub_keyword,iet_inspecKeyword,pub_concept
6
6