The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

A hybrid threat model for smart systems

A hybrid threat model for smart systems
A hybrid threat model for smart systems
Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors.
1545-5971
4403-4417
Valenza, Fulvio
902d4a08-509e-49d6-9001-bae2b69b9bf0
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Vieira Steiner, Rodrigo
85bb7442-7717-46cc-a7a0-516ada13fed2
Lupu, Emil C.
86da837c-861b-4062-ad16-cf16e4984f3d
Valenza, Fulvio
902d4a08-509e-49d6-9001-bae2b69b9bf0
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Vieira Steiner, Rodrigo
85bb7442-7717-46cc-a7a0-516ada13fed2
Lupu, Emil C.
86da837c-861b-4062-ad16-cf16e4984f3d

Valenza, Fulvio, Karafili, Erisa, Vieira Steiner, Rodrigo and Lupu, Emil C. (2022) A hybrid threat model for smart systems. IEEE Transactions on Dependable and Secure Computing, 20 (5), 4403-4417. (doi:10.1109/TDSC.2022.3213577).

Record type: Article

Abstract

Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors.

Text
A hybrid threat model for smart systems - Accepted Manuscript
Available under License University of Southampton Accepted Manuscript Licence.
Download (2MB)

More information

Published date: 10 November 2022
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 491862
URI: http://eprints.soton.ac.uk/id/eprint/491862
DOI: doi:10.1109/TDSC.2022.3213577
ISSN: 1545-5971
PURE UUID: e854db6b-ab16-4184-93c0-d79bce206ce3
ORCID for Erisa Karafili: ORCID iD orcid.org/0000-0002-8250-4389

Catalogue record

Date deposited: 04 Jul 2024 17:25
Last modified: 12 Jul 2024 02:05

Export record

Altmetrics

Contributors

Author: Fulvio Valenza
Author: Erisa Karafili ORCID iD
Author: Rodrigo Vieira Steiner
Author: Emil C. Lupu

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×