Data Driven Vulnerability Exploration for Design Phase System Analysis

by   Georgios Bakirtzis, et al.

Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safety-critical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such system models. We propose the cybersecurity body of knowledge (CYBOK), which takes in sufficiently characteristic models of systems and acts as a search engine for potential attack vectors. CYBOK is fundamentally an algorithmic approach to vulnerability exploration, which is a significant extension to the body of knowledge it builds upon. By using CYBOK, security analysts and system designers can work together to assess the overall security posture of systems early in their lifecycle, during major design decisions and before final product designs. Consequently, assisting in applying security earlier and throughout the systems lifecycle.



There are no comments yet.


page 1

page 2

page 3

page 4


A Model-Based Approach to Security Analysis for Cyber-Physical Systems

Evaluating the security of cyber-physical systems throughout their life ...

A Security Architecture for Railway Signalling

We present the proposed security architecture Deutsche Bahn plans to dep...

Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis

Today, there is a plethora of software security tools employing visualiz...

Hold Tight and Never Let Go: Security of Deep Learning based Automated Lane Centering under Physical-World Attack

Automated Lane Centering (ALC) systems are convenient and widely deploye...

Applying the Isabelle Insider Framework to Airplane Security

Avionics is one of the fields in which verification methods have been pi...

Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems

A common problem in risk analysis is to characterize the overall securit...

Data-Driven Attack Detection for Linear Systems

This paper studies the attack detection problem in a data-driven and mod...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.