Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Multi-Level Vulnerability Modeling of Cyber-Physical Systems
Högskolan i Skövde, Institutionen för informationsteknologi.ORCID iD: 0000-0003-4791-8452
Högskolan i Skövde, Institutionen för informationsteknologi.ORCID iD: 0000-0002-7312-9089
Högskolan i Skövde, Institutionen för informationsteknologi.ORCID iD: 0000-0002-8927-0968
2018 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Vulnerability is defined as ”weakness of an asset or control that can be exploited by a threat” according to ISO/IEC 27000:2009, and it is a vital cyber-security issue to protect cyber-physical systems (CPSs) employed in a range of critical infrastructures (CIs). However, how to quantify both individual and system vulnerability are still not clear. In our proposed poster, we suggest a new procedure to evaluate CPS vulnerability. We reveal a vulnerability-tree model to support the evaluation of CPS-wide vulnerability index, driven by a hierarchy of vulnerability-scenarios resulting synchronously or propagated by tandem vulnerabilities throughout CPS architecture, and that could be exploited by threat agents. Multiple vulnerabilities are linked by boolean operations at each level of the tree. Lower-level vulnerabilities in the tree structure can be exploited by threat agents in order to reach parent vulnerabilities with increasing CPS criticality impacts. At the asset-level, we suggest a novel fuzzy-logic based valuation of vulnerability along standard metrics. Both the procedure and fuzzy-based approach are discussed and illustrated through SCADA-based smart power-grid system as a case study in the poster, with our goal to streamline the process of vulnerability computation at both asset and CPS levels.

Place, publisher, year, edition, pages
2018.
Keywords [en]
Vulnerability Modelling, Cyber-Physical System
National Category
Embedded Systems Other Electrical Engineering, Electronic Engineering, Information Engineering Control Engineering
Identifiers
URN: urn:nbn:se:bth-22659OAI: oai:DiVA.org:bth-22659DiVA, id: diva2:1640508
Conference
The 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, November 28-30, 2018
Available from: 2022-02-24 Created: 2022-02-24 Last updated: 2022-02-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Ding, Jianguo

Search in DiVA

By author/editor
Jiang, YuningAtif, YacineDing, Jianguo
Embedded SystemsOther Electrical Engineering, Electronic Engineering, Information EngineeringControl Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 62 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf