IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v11y2015icp39-50.html
   My bibliography  Save this article

A multi-layered and kill-chain based security analysis framework for cyber-physical systems

Author

Listed:
  • Hahn, Adam
  • Thomas, Roshan K.
  • Lozano, Ivan
  • Cardenas, Alvaro

Abstract

This paper introduces a novel framework for understanding cyber attacks and the related risks to cyber-physical systems. The framework consists of two elements, a three-layered logical model and reference architecture for cyber-physical systems, and a meta-model of cyber-physical system attacks that is referred to as the cyber-physical system kill-chain. The layered reference architecture provides a systematic basis for studying how the causal chain associated with cyber perturbations can be traced all the way to physical perturbations. The cyber-physical system kill-chain describes the progressive stages of attacks to illuminate the steps required for an attacker to launch a successful attack against a cyber-physical system. The proposed framework offers a novel approach for comprehensively studying the elements of cyber-physical system attacks, including the attacker objectives, cyber exploitation, control-theoretic properties and physical system properties. The framework is evaluated using a simulated unmanned aerial system and the results of the evaluation are discussed. The longer-term goal is to use the framework as a means to deduce cyber-physical system security properties and to enumerate the principles for designing systems that are resilient to cyber attacks.

Suggested Citation

  • Hahn, Adam & Thomas, Roshan K. & Lozano, Ivan & Cardenas, Alvaro, 2015. "A multi-layered and kill-chain based security analysis framework for cyber-physical systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 11(C), pages 39-50.
    • Handle: RePEc:eee:ijocip:v:11:y:2015:i:c:p:39-50
    DOI: 10.1016/j.ijcip.2015.08.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S187454821500061X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2015.08.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Romuald Hoffmann, 2019. "The Markov models of cyber-attack life cycles," Collegium of Economic Analysis Annals, Warsaw School of Economics, Collegium of Economic Analysis, issue 54, pages 303-318.
    2. Ramaki, Ali Ahmadian & Ghaemi-Bafghi, Abbas & Rasoolzadegan, Abbas, 2023. "CAPTAIN: Community-based Advanced Persistent Threat Analysis in IT Networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:11:y:2015:i:c:p:39-50. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.