Incidents are Meant for Learning, Not Repeating: Sharing Knowledge about Security Incidents in Cyber-Physical Systems

Faeq Alrimawi*, Liliana Pasquale, Deepak Mehta, Nobukazu Yoshioka, Bashar Nuseibeh

*この研究の対応する著者

研究成果: Article査読

2 被引用数 (Scopus)

抄録

Cyber-physical systems (CPSs) are part of many critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different from the one in which the incident originally occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.

本文言語English
ページ(範囲)120-134
ページ数15
ジャーナルIEEE Transactions on Software Engineering
48
1
DOI
出版ステータスPublished - 2022 1月 1
外部発表はい

ASJC Scopus subject areas

  • ソフトウェア

フィンガープリント

「Incidents are Meant for Learning, Not Repeating: Sharing Knowledge about Security Incidents in Cyber-Physical Systems」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル