Weighted attack trees for the cybersecurity analysis of SCADA systems

Andrea Bobbio; Lavinia Egidi; Roberta Terruggia; Ester Ciancamerla; Michele Minichino

Weighted attack trees for the cybersecurity analysis of SCADA systems

Andrea Bobbio
, Lavinia Egidi
, Roberta Terruggia
, Ester Ciancamerla
, Michele Minichino

Department of Science and Technological Innovation

Research output: Contribution to conference › Paper › peer-review

Abstract

In this paper we address the issue of security of SCADA systems; a topic of paramount importance because of the impact on physical security and very challenging because of the peculiarities that set SCADA systems aside from usual ICT networks. We apply the modeling technique based on structures called weighted Attack and Defense Trees (ADT) to a complex case study based on a typical SCADA architecture, in which the attack tree is enriched with the cost and the impact of the attack. We introduce a new analysis technique for weighted ADT based on the representation of the attack scenario by means of Multi- Terminal Binary Decision Diagrams (MTBDD) that allow the modeler to identify the most probable attack scenarios, in term of probability cost and impact, and gives an indication on how to mitigate the located breaches by means of suitable countermeasures. Copyright

Original language	English
Pages	33-40
Number of pages	8
Publication status	Published - 2013
Event	3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013 - Athens, Greece Duration: 25 Sept 2013 → 27 Sept 2013

Conference

Conference	3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013
Country/Territory	Greece
City	Athens
Period	25/09/13 → 27/09/13

Cite this

@conference{eedd51e308d44983a9cb6b57cc55ea10,

title = "Weighted attack trees for the cybersecurity analysis of SCADA systems",

abstract = "In this paper we address the issue of security of SCADA systems; a topic of paramount importance because of the impact on physical security and very challenging because of the peculiarities that set SCADA systems aside from usual ICT networks. We apply the modeling technique based on structures called weighted Attack and Defense Trees (ADT) to a complex case study based on a typical SCADA architecture, in which the attack tree is enriched with the cost and the impact of the attack. We introduce a new analysis technique for weighted ADT based on the representation of the attack scenario by means of Multi- Terminal Binary Decision Diagrams (MTBDD) that allow the modeler to identify the most probable attack scenarios, in term of probability cost and impact, and gives an indication on how to mitigate the located breaches by means of suitable countermeasures. Copyright",

author = "Andrea Bobbio and Lavinia Egidi and Roberta Terruggia and Ester Ciancamerla and Michele Minichino",

year = "2013",

language = "English",

pages = "33--40",

note = "3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013 ; Conference date: 25-09-2013 Through 27-09-2013",

}

Bobbio, A, Egidi, L, Terruggia, R, Ciancamerla, E & Minichino, M 2013, 'Weighted attack trees for the cybersecurity analysis of SCADA systems', Paper presented at 3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013, Athens, Greece, 25/09/13 - 27/09/13 pp. 33-40.

Weighted attack trees for the cybersecurity analysis of SCADA systems. / Bobbio, Andrea; Egidi, Lavinia; Terruggia, Roberta et al.
2013. 33-40 Paper presented at 3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013, Athens, Greece.

Research output: Contribution to conference › Paper › peer-review

TY - CONF

T1 - Weighted attack trees for the cybersecurity analysis of SCADA systems

AU - Bobbio, Andrea

AU - Egidi, Lavinia

AU - Terruggia, Roberta

AU - Ciancamerla, Ester

AU - Minichino, Michele

PY - 2013

Y1 - 2013

N2 - In this paper we address the issue of security of SCADA systems; a topic of paramount importance because of the impact on physical security and very challenging because of the peculiarities that set SCADA systems aside from usual ICT networks. We apply the modeling technique based on structures called weighted Attack and Defense Trees (ADT) to a complex case study based on a typical SCADA architecture, in which the attack tree is enriched with the cost and the impact of the attack. We introduce a new analysis technique for weighted ADT based on the representation of the attack scenario by means of Multi- Terminal Binary Decision Diagrams (MTBDD) that allow the modeler to identify the most probable attack scenarios, in term of probability cost and impact, and gives an indication on how to mitigate the located breaches by means of suitable countermeasures. Copyright

AB - In this paper we address the issue of security of SCADA systems; a topic of paramount importance because of the impact on physical security and very challenging because of the peculiarities that set SCADA systems aside from usual ICT networks. We apply the modeling technique based on structures called weighted Attack and Defense Trees (ADT) to a complex case study based on a typical SCADA architecture, in which the attack tree is enriched with the cost and the impact of the attack. We introduce a new analysis technique for weighted ADT based on the representation of the attack scenario by means of Multi- Terminal Binary Decision Diagrams (MTBDD) that allow the modeler to identify the most probable attack scenarios, in term of probability cost and impact, and gives an indication on how to mitigate the located breaches by means of suitable countermeasures. Copyright

UR - https://www.scopus.com/pages/publications/84898874295

M3 - Paper

SP - 33

EP - 40

T2 - 3rd International Defense and Homeland Security Simulation Workshop, DHSS 2013, Held at the International Multidisciplinary Modeling and Simulation Multiconference, I3M 2013

Y2 - 25 September 2013 through 27 September 2013

ER -

Weighted attack trees for the cybersecurity analysis of SCADA systems

Abstract

Conference

Other files and links

Fingerprint

Cite this