Towards Security Attack and Risk Assessment during Early System Design

Lukas Alexander Gressl, Christian Steger, Michael Krisper, Ulrich Neffe

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of smart and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are attractive targets for security attackers. Hence, with their integration into both the industry and consumer devices, they added a new surface for cybersecurity attacks. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. The design of secure systems is a complex task, especially if they must adhere to other constraints, such as performance, power consumption, and others. A range of design space exploration tools have been proposed in academics, which aim to support system designers in their task of finding the optimal selection of hardware components and task mappings. Said tools offer a limited way of modeling attack scenarios as constraints for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early design phase. It offers designers to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and security risk. The framework's feasibility and performance is demonstrated by revisiting a potential system design of an industry partner.
Originalspracheenglisch
TitelInternational Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers
ISBN (elektronisch)9781728164281
DOIs
PublikationsstatusVeröffentlicht - Juni 2020
Veranstaltung2020 International Conference on Cyber Security and Protection of Digital Services - Virtuell
Dauer: 15 Juni 202019 Juni 2020

Publikationsreihe

NameInternational Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

Konferenz

Konferenz2020 International Conference on Cyber Security and Protection of Digital Services
KurztitelCyber Security 2020
OrtVirtuell
Zeitraum15/06/2019/06/20

ASJC Scopus subject areas

  • Informationssysteme und -management
  • Sicherheit, Risiko, Zuverlässigkeit und Qualität
  • Computernetzwerke und -kommunikation
  • Artificial intelligence
  • Theoretische Informatik und Mathematik

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application

Fingerprint

Untersuchen Sie die Forschungsthemen von „Towards Security Attack and Risk Assessment during Early System Design“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren