Analysis of Informed Attacks and Appropriate Countermeasures for Cyber-Physical Systems

  • Francesca Saglietti
  • Matthias Meitner
  • Lars von Wardenburg
  • Valentina Richthammer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9923)

Abstract

Based on considerations about the knowledge required to carry out different types of network attacks, this article discusses the logical demands posed to the attacker in order to circumvent the most classical checks for message trustworthiness. In view of the limitations of existing avoidance and detection techniques, the article stresses the need for targeted testing strategies aimed at the identification of exploitable code vulnerabilities. For this purpose, it proposes a paradigm for the generation of intelligent test cases meant to maximize the chances of anticipating challenging scenarios during early verification phases.

Keywords

Cyber-attack Informed attack Level of knowledge Communication constraints Confidence constraints Control constraints Arithmetical overflow Buffer overflow Testing 

Notes

Acknowledgment

The authors gratefully acknowledge that a major part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project SMARTEST. The project is carried out in cooperation with the partner institutions University of Magdeburg, University of Applied Sciences of Magdeburg-Stendal and AREVA GmbH. In particular, the authors thank Robert Fischer und Robert Clausing for inspiring discussions.

References

  1. 1.
    Zetter, K.: Countdown to Zero Day. Stuxnet and the Launch of the World’s First Digital Weapon. Crown, New York (2014)Google Scholar
  2. 2.
    Krotofil, M.: Rocking the pocket book: hacking chemical plants for competition and extortion, white paper, Black Hat Conference (2015)Google Scholar
  3. 3.
    Bundesamt für Sicherheit in der Informationstechnik (BSI): IT-Grundschutz-Standards, BSI-Standards 100-1, 100-2, 100-3, 100-4 (2008)Google Scholar
  4. 4.
    Quirk, W., Wall, D.N.: Customer functional requirements for the protection systems to be used as the DARTS example. In: European Project “Demonstration of Advanced Reliability Techniques for Safety Related Computer Systems” (DARTS), Research Programme ESPRIT II, Project Final Deliverable (1990)Google Scholar
  5. 5.
    Cowan, C., Pu, C., Maier, D., et al.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: 7th Conference on USENIX Security Symposium, USENIX Association (1998)Google Scholar
  6. 6.
    Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: a static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications (ACSAC 2000). IEEE Xplore (2000)Google Scholar
  7. 7.
    Wagner, D., Foster, J.S., Brewer, E.A., et al.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium (NDSS 2000). The Internet Society (2000)Google Scholar
  8. 8.
    Oster, N., Saglietti, F.: Automatic test data generation by multi-objective optimisation. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 426–438. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Saglietti, F., Pinte, F.: Automated unit and integration testing for component-based software systems. In: Workshop on Dependability and Security for Resource Constrained Embedded Systems. ACM Digital Library (2010)Google Scholar
  10. 10.
    Meitner, M., Saglietti, F.: Target-specific adaptations of coupling-based software reliability testing. In: Fischbach, K., Krieger, U.R. (eds.) MMB & DFT 2014. LNCS, vol. 8376, pp. 192–206. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  11. 11.
    Saglietti, F., Winzinger, S., Lill, R.: Reconfiguration testing for cooperative autonomous agents. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 144–155. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  12. 12.
    Saglietti, F., Spengler, R., Meitner, M.: Quantitative reliability assessment for mobile cooperative systems. In: Skavhaug, A., Guiochet, J., Bitsch, F., Schoitsch, E. (eds.) SAFECOMP Workshops 2016. LNCS, vol. 9923, pp. 118–129. Springer, Heidelberg (2016)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Francesca Saglietti
    • 1
  • Matthias Meitner
    • 1
  • Lars von Wardenburg
    • 1
  • Valentina Richthammer
    • 1
  1. 1.Software Engineering (Informatik 11)University of Erlangen-NurembergErlangenGermany

Personalised recommendations