Abstract
Critical infrastructures and industrial control systems are complex Cyber-Physical Systems (CPS). To ensure reliable operations of such systems, comprehensive threat modeling during system design and validation is of paramount significance. Previous works in literature mostly focus on safety, risks and hazards in CPS but lack effective threat modeling necessary to eliminate cyber vulnerabilities. Further, impact of cyber attacks on physical processes is not fully understood. This paper presents a comprehensive threat modeling framework for CPS using STRIDE, a systematic approach for ensuring system security at the component level. This paper first devises a feasible and effective methodology for applying STRIDE and then demonstrates it against a real synchrophasor-based synchronous islanding testbed in the laboratory. It investigates (i) what threat types could emerge in each system component based on the security properties lacking, and (ii) how a vulnerability in a system component risks the entire system security. The paper identifies that STRIDE is a light-weight and effective threat modeling methodology for CPS that simplifies the task for security analysts to identify vulnerabilities and plan appropriate component level security measures at the system design stage.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
