Gap-and-IMECA-Based Assessment of I&C Systems Cyber Security
This chapter presents an approach to cyber security assessment, which is based on Gap Analysis (GA) and Intrusion Modes and Effects Criticality Analysis (IMECA) techniques, applicable to complex Instrumentation and Control (I&C) systems, including safety-critical FPGA-based I&C systems. Elements of the GA-and-IMECA procedure of assessment are proposed. As an example, the proposed approach and technique are considered in the context of assessing the cyber security properties of FPGA-based I&C systems, taking into account vulnerabilities of products and discrepancies of appropriate processes.
KeywordsLife Cycle Stage Life Cycle Model Life Cycle Process VHDL Code Field Programmable Gate Array Chip
Unable to display preview. Download preview PDF.
- 1.IEC 61508:2010, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (2010) Google Scholar
- 2.NUREG/CR-7006, Review Guidelines for Field-Programmable Gate Arrays in Nuclear Power Plant Safety Systems, U.S. Nuclear Regulatory Commission (February 2010) Google Scholar
- 3.Kharchenko, V., Sklyar, V. (eds.): FPGA-based NPP Instrumentation and Control Systems: Development and Safety Assessment, Research and Production Corporation “Radiy”, National Aerospace University named after N.E. Zhukovsky “KhAI”, State Scientific Technical Center on Nuclear and Radiation Safety, 188 p (2008)Google Scholar
- 4.Kharchenko, V. (ed.): Critical Infrastructures Safety: Mathematical and Engineering Methods of Analysis and Assurance, Department of Education and Science of Ukraine, National aerospace university named after N. Zhukovsky “KhAI”, 641 p (2011)Google Scholar
- 6.Grand, J.: Practical Secure Hardware Design for Embedded Systems. In: Proc. of the 2004 Embedded Systems Conference, San Francisco, California, March 29-April 1 (2004)Google Scholar
- 7.IEC 812, Analysis Techniques for System Reliability – Procedure for Failure Modes and Effects Analysis (FMEA). International Electrotechnical Commission, Geneva (1985)Google Scholar
- 8.Lutz, R., Helmer, G., Moseman, M., Statezni, D., Tockey, S.: Safety Analysis of Requirements for a Product Family. In: Proc. 3rd Int’l Conf. on Requirements Engineering (ICRE 1998), pp. 24–31 (1998)Google Scholar
- 9.Elyasi Komari, I., Kharchenko, V., Babeshko, E., Gorbenko, A., Siora, A.: Extended Dependability Analysis of Information and Control Systems by FME(C)A-technique: Models. In: Procedures, Application, DepCoS – RELCOMEX 2009, pp. 25–32 (2009)Google Scholar
- 10.Gorbenko, A., Kharchenko, V., Tarasyuk, O., Furmanov, A.: F(I)MEA-Technique of Web Services Analysis and Dependability Ensuring. In: Butler, M., Jones, C.B., Romanovsky, A., Troubitsyna, E. (eds.) Rigorous Development of Complex Fault-Tolerant Systems. LNCS, vol. 4157, pp. 153–167. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 12.Babeshko, E., Kharchenko, V., Gorbenko, A.: Applying F(I)MEA-technique for SCADA-based Industrial Control Systems Dependability Assessment and Ensuring. In: DepCoS-RELCOMEX 2008, pp. 309–315 (2008), doi:10.1109/DepCoS-RELCOMEX.2008.23Google Scholar
- 13.Abrial, J.-R.: Modeling in Event-B, 612 p. Cambridge University Press (2010)Google Scholar