Security Risk Mitigation of Cyber Physical Systems: A Case Study of a Flight Simulator

  • Maryam ZahidEmail author
  • Irum Inayat
  • Atif Mashkoor
  • Zahid Mehmood
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1062)


Avionics has seen a greatest shift in technology over the last two decades. The severity of the consequences resulting from a lack of risk management in avionics can be seen from recent incidents of unmanned aerial vehicles being hacked or in the hacking of vendor-controlled systems installed in commercial aircrafts. Over a million incidents related to security breaches at cyber layer have been recorded over the last decade, among which 350,000 cyber-attacks alone have taken place in the year 2018. Unfortunately, only a limited set of studies have been conducted on security risk management, particularly specific to avionics. In this article, we aim to identify, analyze and mitigate the security risks of 6 Degree of Freedom Flight Simulator. As a result, we identify 8 risks of level 3–4 as per the IEC 61508 standard. Further analysis of the identified risks yields in another 34 risks. We then mitigate the severity of the identified risks from level 4 to level 2 as per the IEC 61508 standard. The cryptosystem used for risk mitigation performed relatively faster as compared to some of the most recently proposed encryption schemes.


Cyber Physical Systems (CPS) Cyber-security Risk identification Risk assessment Risk mitigation Risk management Cryptosystem 


  1. 1.
    Santini, R., Panzieri, S.: A graph-based evidence theory for assessing risk. In: 18th International Conference, Information Fusion, pp. 1467–1474 (2015)Google Scholar
  2. 2.
    Smith, D., Simpson, K.: Functional Safety: A Straightforward Guide to Applying IEC 61508 and Related Standards, 2nd edn. Elsevier Butterwirth-Heinemann, Oxford (2004)Google Scholar
  3. 3.
    Rierson, L.: Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance, 1st edn. CRC Press, Boca Raton (2013)Google Scholar
  4. 4.
    Hird, J., Hawley, M., Machin, C.: Air traffic management security research in SESAR. In: Proceedings - 11th International Conference on Availability, Reliability and Security (ARES), pp. 486–492 (2016)Google Scholar
  5. 5.
    Gong, L., Zhang, L., Zhang, W., Li, X., Wang, X., Pan, W.: The application of data encryption technology in computer network communication security. In: American Institute of Physics, vol. 1834 (2017)Google Scholar
  6. 6.
    Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.-K.R.: Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 3(1), 50–59 (2016)CrossRefGoogle Scholar
  7. 7.
    Peng, Y., Lu, T., Liu, J., Gao, Y., Guo, X., Xie, F.: Cyber-physical system risk assessment. In: 9th International Conference Proceedings on Intelligent Information Hiding and Multimedia Signal, pp. 442–447 (2013)Google Scholar
  8. 8.
    Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security – a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)CrossRefGoogle Scholar
  9. 9.
    Best, J.: “‘Wake up baby’: Man HACKS into 10-month-old’s baby monitor to watch sleeping infant.” Mirror Online, April 2014Google Scholar
  10. 10.
    Polemi, N., Papastergiou, S.: Current efforts in ports and supply chains risk assessment. In: 2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, pp. 349–354 (2015)Google Scholar
  11. 11.
    Wu, G., Sun, J., Chen, J.: A survey on the security of cyber-physical systems. Control Theory Technol. 14(1), 2–10 (2016)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 1–39 (2013)CrossRefGoogle Scholar
  13. 13.
    Cárenas, A.A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-Physical Systems Security (2009)Google Scholar
  14. 14.
    Yoneda, S., Tanimoto, S., Konosu, T.: Risk assessment in cyber-physical system in office environment. In: 18th International Conference on Network-Based Information Systems, pp. 412–417 (2015)Google Scholar
  15. 15.
    Axelrod, C.W.: Managing the risks of cyber-physical systems. In: 2013 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6 (2013)Google Scholar
  16. 16.
    Kim, Y., Kolesnikov, V., Thottan, M.: Resilient end-to-end message protection for cyber-physical system communications. IEEE Trans. Smart Grid 9(4), 2478–2487 (2016)CrossRefGoogle Scholar
  17. 17.
    Rajbhandari, L., Snekkenes, E.A.: Mapping between classical risk management and game theoretical approaches. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 147–154. Springer, Heidelberg (2011). Scholar
  18. 18.
    Zhou, L., Guo, H., Li, D., Zhou, J., Wong, J.: A scheme for lightweight SCADA packet authentication. In: 23rd Asia-Pacific Conference on Communications (APCC) (2017)Google Scholar
  19. 19.
    Karati, A., Amin, R., Islam, S.K.H., Choo, K.R.: Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment. IEEE Trans. Cloud Comput. 7161(c), 1–14 (2018)CrossRefGoogle Scholar
  20. 20.
    Fovino, I.N.: SCADA system cyber security. In: Markantonakis, K., Mayes, K. (eds.) Secure Smart Embedded Devices, Platforms and Applications, pp. 451–471. Springer, New York (2014). Scholar
  21. 21.
    Biro, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2017)CrossRefGoogle Scholar
  22. 22.
    Fletcher, K.K., Liu, X.: Security requirements analysis, specification, prioritization and policy development in cyber-physical systems. In: 2011 5th International Conference on Secure Software Integration and Reliability Improvement - Companion, SSIRI-C 2011, pp. 106–113 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Maryam Zahid
    • 1
    Email author
  • Irum Inayat
    • 2
  • Atif Mashkoor
    • 3
    • 4
  • Zahid Mehmood
    • 5
  1. 1.Capital University of Science and Technology (C.U.S.T.)IslamabadPakistan
  2. 2.Software Engineering and Automation Lab (S.E.A.L.)National University of Computer and Emerging SciencesIslamabadPakistan
  3. 3.Software Competence Center Hagenberg GmbHHagenbergAustria
  4. 4.Johannes Kepler University LinzLinzAustria
  5. 5.University of LahoreIslamabadPakistan

Personalised recommendations