基于状态事件故障树的信息物理融合系统风险建模
|
摘要
信息物理融合系统(Cyber-physical Systems)中嵌入式系统网络的应用使其容易遭受网络攻击,攻击者可能会利用软件和通信组件中的漏洞获取系统的控制权,从而导致系统失效。现有的信息物理融合系统安全风险建模方法主要基于静态故障树进行,不考虑软件控制系统特有的动态性和时序依赖性,无法推导出网络攻击所导致的最终影响。因此,文中基于状态事件故障树提出一种信息物理融合系统风险建模方法。首先,针对状态事件故障树(Stata/Event Fault Trees,SEFTs)模型进行攻击步骤集成,提出Attack-SEFTs模型;在此基础上,给出信息物理融合系统的常见漏洞模式,并基于Attack-SEFTs对各种漏洞模式进行建模;接着,给出Attack-SEFTs模型的失效路径分析方法;最后通过一个案例说明了所提方法的可行性。
The cyber-physical system is prone to be attacked by the network attacker because of the application of embedded system network in it,and the attacker may utilize the vulnerabilities in the software and communication components to control the system,resulting in a system failure.The existing modeling methods of integrating safety and securi-ty are built on traditional static fault trees,and don't consider the characteristics of dynamic and temporal dependencies of the software control system,so they can't infer the final impacts caused by network attracts.In light of this,this paper presented a modeling method of integrating safety and security of cyber-physical systems.Firstly,the Attack-SEFTs model is proposed based on SEFTs model.On this basis,common vulnerabilities in the cyber physical system are proposed,and various vulnerability patterns are modeled based on Attack-SEFTs.Secondly,the unified representation of the Attack-SEFTs model is presented to support its analysis.Finally,a case study is described specially to show the feasibi-lity of the proposed method.
The cyber-physical system is prone to be attacked by the network attacker because of the application of embedded system network in it,and the attacker may utilize the vulnerabilities in the software and communication components to control the system,resulting in a system failure.The existing modeling methods of integrating safety and securi-ty are built on traditional static fault trees,and don't consider the characteristics of dynamic and temporal dependencies of the software control system,so they can't infer the final impacts caused by network attracts.In light of this,this paper presented a modeling method of integrating safety and security of cyber-physical systems.Firstly,the Attack-SEFTs model is proposed based on SEFTs model.On this basis,common vulnerabilities in the cyber physical system are proposed,and various vulnerability patterns are modeled based on Attack-SEFTs.Secondly,the unified representation of the Attack-SEFTs model is presented to support its analysis.Finally,a case study is described specially to show the feasibi-lity of the proposed method.
引文
[1] BAHETI R,GILL H.Cyber-physical systems[J].The impact of control technology,2011,12(1):161-166.
[2] ROTH M,LIGGESMEYER P.Modeling and analysis of safety-critical cyber physical systems using state/event fault trees[C]//SAFECOMP 2013-Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety,Reliabi-lity and Security.Toulouse,France:Springer International Publishing,2013:1-11.
[3] GUO Q L,XIN S J,WANG J H,et al.Comprehensive Security Assessment for a cyber physical energy system:a lesson from Ukraine’s Blackout [J].Automation of Electric Power Systems,2016,40(5):145-147.(in Chinese)郭庆来,辛蜀骏,王剑辉,等.由乌克兰停电事件看信息能源系统综合安全评估[J].电力系统自动化,2016,40(5):145-147.
[4] TANG Y,CHEN Q,LI M Y,et al.Overview on Cyber-attacks Against Cyber Physical Power System [J].Automation of Electric Power Systems,2016,40(17):59-69.(in Chinese)汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.
[5] BRUNNER M,HUBER M,SAUERWEIN C,et al.Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems[C]//2017 IEEE International Conference on Software Quality,Reliability and Security Companion (QRSC).Prague:IEEE Press,2017:334-340.
[6] WOSKOWSKI C.A pragmatic approach towards safe and secure medical device integration[C]//International Conference on Computer Safety,Reliability,and Security.Florence:Springer,2014:342-353.
[7] NAGARAJU V,FIONDELLA L,WANDJI T.A survey of fault and attack tree modeling and analysis for cyber risk management[C]//2017 IEEE International Symposium on Technologies for Homeland Security (HST).Waltham,MA,USA:IEEE Press,2017:1-6.
[8] MACHER G,MESSNARZ R,ARMENGAUD E,et al.Integrated Safety and Security Development in the Automotive Domain:2017-01-1661 [R].USA:SAE Technical Paper,2017.
[9] KAISER B,GRAMLICH C,F?RSTER M.State/event fault trees-A safety analysis model for software-controlled systems[J].Reliability Engineering & System Safety,2007,92(11):1521-1537.
[10] KRIAA S,PIETRE-CAMBACEDES L,BOUISSOU M,et al.A survey of approaches combining safety and security for industrialcontrol systems[J].Reliability Engineering & System Safety,2015,139(3):156-178.
[11] KORDY B,PIéTRE-CAMBACéDéS L,SCHWEITZER P.DAG-based attack and defense modeling:Don’t miss the forest for the attack trees[J].Computer Science Review,2014,13:1-38.
[12] FOVINO I N,MASERA M,DE CIAN A.Integrating cyber attacks within fault trees[J].Reliability Engineering & System Safety,2009,94(9):1394-1402.
[13] MAX S.Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees [D].Kaiserslautern:Technische Universit?t Kaiserslautern,2016.
[14] CHOCKALINGAM S,HAD?IOSMANOVI,PIETERS W,et al.Integrated safety and security risk assessment methods:a survey of key characteristics and applications[C]//International Conference on Critical Information Infrastructures Security.Pa-ris:Springer,2016:50-62.
[15] XU B,HUANG Z,HU J,et al.Minimal cut sequence generation for state/event fault trees[C]//Proceedings of the 2013 Middleware Doctoral Symposium.Beijing:ACM,2013:3-10.
[16] ISHTIAQ ROUFA R M,MUSTAFAA H,TRAVIS TAYLORA S O,et al.Security and privacy vulnerabilities of in-car wireless networks:A tire pressure monitoring system case study[C]//19th USENIX Security Symposium.Washington DC:USENIX Association,2010:11-13.
[2] ROTH M,LIGGESMEYER P.Modeling and analysis of safety-critical cyber physical systems using state/event fault trees[C]//SAFECOMP 2013-Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety,Reliabi-lity and Security.Toulouse,France:Springer International Publishing,2013:1-11.
[3] GUO Q L,XIN S J,WANG J H,et al.Comprehensive Security Assessment for a cyber physical energy system:a lesson from Ukraine’s Blackout [J].Automation of Electric Power Systems,2016,40(5):145-147.(in Chinese)郭庆来,辛蜀骏,王剑辉,等.由乌克兰停电事件看信息能源系统综合安全评估[J].电力系统自动化,2016,40(5):145-147.
[4] TANG Y,CHEN Q,LI M Y,et al.Overview on Cyber-attacks Against Cyber Physical Power System [J].Automation of Electric Power Systems,2016,40(17):59-69.(in Chinese)汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.
[5] BRUNNER M,HUBER M,SAUERWEIN C,et al.Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems[C]//2017 IEEE International Conference on Software Quality,Reliability and Security Companion (QRSC).Prague:IEEE Press,2017:334-340.
[6] WOSKOWSKI C.A pragmatic approach towards safe and secure medical device integration[C]//International Conference on Computer Safety,Reliability,and Security.Florence:Springer,2014:342-353.
[7] NAGARAJU V,FIONDELLA L,WANDJI T.A survey of fault and attack tree modeling and analysis for cyber risk management[C]//2017 IEEE International Symposium on Technologies for Homeland Security (HST).Waltham,MA,USA:IEEE Press,2017:1-6.
[8] MACHER G,MESSNARZ R,ARMENGAUD E,et al.Integrated Safety and Security Development in the Automotive Domain:2017-01-1661 [R].USA:SAE Technical Paper,2017.
[9] KAISER B,GRAMLICH C,F?RSTER M.State/event fault trees-A safety analysis model for software-controlled systems[J].Reliability Engineering & System Safety,2007,92(11):1521-1537.
[10] KRIAA S,PIETRE-CAMBACEDES L,BOUISSOU M,et al.A survey of approaches combining safety and security for industrialcontrol systems[J].Reliability Engineering & System Safety,2015,139(3):156-178.
[11] KORDY B,PIéTRE-CAMBACéDéS L,SCHWEITZER P.DAG-based attack and defense modeling:Don’t miss the forest for the attack trees[J].Computer Science Review,2014,13:1-38.
[12] FOVINO I N,MASERA M,DE CIAN A.Integrating cyber attacks within fault trees[J].Reliability Engineering & System Safety,2009,94(9):1394-1402.
[13] MAX S.Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees [D].Kaiserslautern:Technische Universit?t Kaiserslautern,2016.
[14] CHOCKALINGAM S,HAD?IOSMANOVI,PIETERS W,et al.Integrated safety and security risk assessment methods:a survey of key characteristics and applications[C]//International Conference on Critical Information Infrastructures Security.Pa-ris:Springer,2016:50-62.
[15] XU B,HUANG Z,HU J,et al.Minimal cut sequence generation for state/event fault trees[C]//Proceedings of the 2013 Middleware Doctoral Symposium.Beijing:ACM,2013:3-10.
[16] ISHTIAQ ROUFA R M,MUSTAFAA H,TRAVIS TAYLORA S O,et al.Security and privacy vulnerabilities of in-car wireless networks:A tire pressure monitoring system case study[C]//19th USENIX Security Symposium.Washington DC:USENIX Association,2010:11-13.