计算机科学

计算机科学 ›› 2019, Vol. 46 ›› Issue (5): 105-110.doi: 10.11896/j.issn.1002-137X.2019.05.016

• 信息安全 • 上一篇    下一篇

基于状态事件故障树的信息物理融合系统风险建模

徐丙凤1, 何高峰2, 张黎宁1   

  1. (南京林业大学信息科学技术学院 南京210037)1
    (南京邮电大学物联网学院 南京 210003)2
  • 收稿日期:2018-03-30 修回日期:2018-06-03 发布日期:2019-05-15
  • 作者简介:徐丙凤(1986-),女,博士,讲师,CCF会员,主要研究方向为CPS安全、软件安全;何高峰(1984-),男,博士,讲师,CCF会员,主要研究方向为CPS安全、匿名通信,E-mail:hegaofeng@njupt.edu.cn(通信作者);张黎宁(1974-),女,硕士,副教授,主要研究方向为软件工程。
  • 基金资助:
    国家自然科学基金青年科学基金项目(61802192,61702282),江苏省高等学校自然科学研究项目(18KJB520024,17KJB520023),南京林业大学校青年创新基金(CX2016026),南京邮电大学引进人才科研启动基金(NY217143),省教改项目(164070911)资助。

Risk Modeling for Cyber-physical Systems Based on State/Event Fault Trees

XU Bing-feng1, HE Gao-feng2, ZHANG Li-ning1   

  1. (College of Information Science and Technology,Nanjing Forestry University,Nanjing 210037,China)1
    (School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)2
  • Received:2018-03-30 Revised:2018-06-03 Published:2019-05-15

PDF (PC)

884

摘要: 信息物理融合系统(Cyber-physical Systems)中嵌入式系统网络的应用使其容易遭受网络攻击,攻击者可能会利用软件和通信组件中的漏洞获取系统的控制权,从而导致系统失效。现有的信息物理融合系统安全风险建模方法主要基于静态故障树进行,不考虑软件控制系统特有的动态性和时序依赖性,无法推导出网络攻击所导致的最终影响。因此,文中基于状态事件故障树提出一种信息物理融合系统风险建模方法。首先,针对状态事件故障树(Stata/Event Fault Trees,SEFTs)模型进行攻击步骤集成,提出Attack-SEFTs模型;在此基础上,给出信息物理融合系统的常见漏洞模式,并基于Attack-SEFTs对各种漏洞模式进行建模;接着,给出Attack-SEFTs模型的失效路径分析方法;最后通过一个案例说明了所提方法的可行性。

关键词: 安全性, 防危性, 攻击树, 信息物理融合系统, 状态事件故障树

Abstract: The cyber-physical system is prone to be attacked by the network attacker because of the application of embedded system network in it,and the attacker may utilize the vulnerabilities in the software and communication components to control the system,resulting in a system failure.The existing modeling methods of integrating safety and securi-ty are built on traditional static fault trees,and don’t consider the characteristics of dynamic and temporal dependencies of the software control system,so they can’t infer the final impacts caused by network attracts.In light of this,this paper presented a modeling method of integrating safety and security of cyber-physical systems.Firstly,the Attack-SEFTs model is proposed based on SEFTs model.On this basis,common vulnerabilities in the cyber physical system are proposed,and various vulnerability patterns are modeled based on Attack-SEFTs.Secondly,the unified representation of the Attack-SEFTs model is presented to support its analysis.Finally,a case study is described specially to show the feasibi-lity of the proposed method.

Key words: Attack trees, Cyber-physical systems, Safety, Security, State/event fault trees

中图分类号: 

  • TP393
[1]BAHETI R,GILL H.Cyber-physical systems[J].The impact of control technology,2011,12(1):161-166.
[2]ROTH M,LIGGESMEYER P.Modeling and analysis of safety-critical cyber physical systems using state/event fault trees[C]∥SAFECOMP 2013-Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety,Reliabi-lity and Security.Toulouse,France:Springer International Publishing,2013:1-11.
[3]GUO Q L,XIN S J,WANG J H,et al.Comprehensive Security Assessment for a cyber physical energy system:a lesson from Ukraine’s Blackout [J].Automation of Electric Power Systems,2016,40(5):145-147.(in Chinese)郭庆来,辛蜀骏,王剑辉,等.由乌克兰停电事件看信息能源系统综合安全评估[J].电力系统自动化,2016,40(5):145-147.
[4]TANG Y,CHEN Q,LI M Y,et al.Overview on Cyber-attacks Against Cyber Physical Power System [J].Automation of Electric Power Systems,2016,40(17):59-69.(in Chinese)汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.
[5]BRUNNER M,HUBER M,SAUERWEIN C,et al.Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems[C]∥2017 IEEE International Conference on Software Quality,Reliability and Security Companion (QRSC).Prague:IEEE Press,2017:334-340.
[6]WOSKOWSKI C.A pragmatic approach towards safe and secure medical device integration[C]∥International Conference on Computer Safety,Reliability,and Security.Florence:Springer,2014:342-353.
[7]NAGARAJU V,FIONDELLA L,WANDJI T.A survey of fault and attack tree modeling and analysis for cyber risk management[C]∥2017 IEEE International Symposium on Technologies for Homeland Security (HST).Waltham,MA,USA:IEEE Press,2017:1-6.
[8]MACHER G,MESSNARZ R,ARMENGAUD E,et al.IntegratedSafety and Security Development in the Automotive Domain:2017-01-1661 [R].USA:SAE Technical Paper,2017.
[9]KAISER B,GRAMLICH C,FÖRSTER M.State/event faulttrees-A safety analysis model for software-controlled systems[J].Reliability Engineering & System Safety,2007,92(11):1521-1537.
[10]KRIAA S,PIETRE-CAMBACEDES L,BOUISSOU M,et al.A survey of approaches combining safety and security for industrialcontrol systems[J].Reliability Engineering & System Safety,2015,139(3):156-178.
[11]KORDY B,PIÉTRE-CAMBACÉDÉS L,SCHWEITZER P.
DAG-based attack and defense modeling:Don’t miss the forest for the attack trees[J].Computer Science Review,2014,13:1-38.
[12]FOVINO I N,MASERA M,DE CIAN A.Integrating cyber attacks within fault trees[J].Reliability Engineering & System Safety,2009,94(9):1394-1402.
[13]MAX S.Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees [D].Kaiserslautern:Technische Universität Kaiserslautern,2016.
[14]CHOCKALINGAM S,HADŽIOSMANOVIC' D,PIETERS W,et al.Integrated safety and security risk assessment methods:a survey of key characteristics and applications[C]∥International Conference on Critical Information Infrastructures Security.Pa-ris:Springer,2016:50-62.
[15]XU B,HUANG Z,HU J,et al.Minimal cut sequence generation for state/event fault trees[C]∥Proceedings of the 2013 Middleware Doctoral Symposium.Beijing:ACM,2013:3-10.
[16]ISHTIAQ ROUFA R M,MUSTAFAA H,TRAVIS TAYLORA S O,et al.Security and privacy vulnerabilities of in-car wireless networks:A tire pressure monitoring system case study[C]∥19th USENIX Security Symposium.Washington DC:USENIX Association,2010:11-13.
[1] 周连兵, 周湘贞, 崔学荣.
基于双重二维混沌映射的压缩图像加密方案
Compressed Image Encryption Scheme Based on Dual Two Dimensional Chaotic Map
计算机科学, 2022, 49(8): 344-349. https://doi.org/10.11896/jsjkx.210700235
[2] 李瑭, 秦小麟, 迟贺宇, 费珂.
面向多无人系统的安全协同模型
Secure Coordination Model for Multiple Unmanned Systems
计算机科学, 2022, 49(7): 332-339. https://doi.org/10.11896/jsjkx.210600107
[3] 张振超, 刘亚丽, 殷新春.
适用于物联网环境的无证书广义签密方案
New Certificateless Generalized Signcryption Scheme for Internet of Things Environment
计算机科学, 2022, 49(3): 329-337. https://doi.org/10.11896/jsjkx.201200256
[4] 杜金莲, 孙鹏飞, 金雪云.
一种用于威胁检测的反目标攻击树模型
Anti-target Attack Tree Model for Threat Detection
计算机科学, 2021, 48(6A): 468-476. https://doi.org/10.11896/jsjkx.200900205
[5] 陈海彪, 黄声勇, 蔡洁锐.
一个基于智能电网的跨层路由的信任评估协议
Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid
计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169
[6] 姜昊堃, 董学东, 张成.
改进的具有前向安全性的无证书代理盲签名方案
Improved Certificateless Proxy Blind Signature Scheme with Forward Security
计算机科学, 2021, 48(6A): 529-532. https://doi.org/10.11896/jsjkx.200700049
[7] 石铁柱, 钱俊彦, 潘海玉.
模糊安全性和活性
Fuzzy Safety and Liveness Properties
计算机科学, 2021, 48(4): 31-36. https://doi.org/10.11896/jsjkx.200500036
[8] 叶胜男, 陈建华.
一个强安全的无证书签名方案的分析和改进
Security Analysis and Improvement of Strongly Secure Certificateless Digital Signature Scheme
计算机科学, 2021, 48(10): 272-277. https://doi.org/10.11896/jsjkx.201200117
[9] 蒲泓全, 崔喆, 刘霆, 饶金涛.
安全性电子投票方案研究综述
Comprehensive Review of Secure Electronic Voting Schemes
计算机科学, 2020, 47(9): 275-282. https://doi.org/10.11896/jsjkx.190900125
[10] 李智, 邓杰, 杨溢龙, 韦尚锋.
从信息物理融合系统问题模型到UML用例图的变换方法
Transformational Approach from Problem Models of Cyber-Physical Systems to Use Case Diagrams in UML
计算机科学, 2020, 47(12): 65-72. https://doi.org/10.11896/jsjkx.201200044
[11] 董奇颖, 单轩, 贾春福.
口令Zipf分布对相关安全协议的影响分析
Impact of Zipf's Law on Password-related Security Protocols
计算机科学, 2020, 47(11): 42-47. https://doi.org/10.11896/jsjkx.200500144
[12] 蔡泳, 钱俊彦, 潘海玉.
基于度量线性时态逻辑的近似安全性
Approximate Safety Properties in Metric Linear Temporal Logic
计算机科学, 2020, 47(10): 309-314. https://doi.org/10.11896/jsjkx.191000175
[13] 孙宝华, 胡楠, 李东洋.
基于神经网络和NLP的软件需求安全分析研究
Analysis Research of Software Requirement Safety Based on Neural Network and NLP
计算机科学, 2019, 46(6A): 348-352.
[14] 韦性佳,张京花,刘增芳,芦殿军.
具有前向安全性质的基于身份的聚合签名方案
Identity Based Aggregate Signature Scheme with Forward Security
计算机科学, 2018, 45(6A): 387-391.
[15] 吴伟坚,陈世国,李丹.
二重keeloq算法在智能门禁系统中的应用研究
Application of Dual Keeloq Algorithm in Intelligent Access Control System
计算机科学, 2018, 45(6A): 573-575.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发