Skip to main content
SpringerLink
Log in

Security Risk Mitigation of Cyber Physical Systems: A Case Study of a Flight Simulator

  • Conference paper
  • First Online:
Database and Expert Systems Applications (DEXA 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1062))

Included in the following conference series:

Abstract

Avionics has seen a greatest shift in technology over the last two decades. The severity of the consequences resulting from a lack of risk management in avionics can be seen from recent incidents of unmanned aerial vehicles being hacked or in the hacking of vendor-controlled systems installed in commercial aircrafts. Over a million incidents related to security breaches at cyber layer have been recorded over the last decade, among which 350,000 cyber-attacks alone have taken place in the year 2018. Unfortunately, only a limited set of studies have been conducted on security risk management, particularly specific to avionics. In this article, we aim to identify, analyze and mitigate the security risks of 6 Degree of Freedom Flight Simulator. As a result, we identify 8 risks of level 3–4 as per the IEC 61508 standard. Further analysis of the identified risks yields in another 34 risks. We then mitigate the severity of the identified risks from level 4 to level 2 as per the IEC 61508 standard. The cryptosystem used for risk mitigation performed relatively faster as compared to some of the most recently proposed encryption schemes.

This work has been partially supported by the Austrian Ministry for Transport, Innovation and Technology, the Federal Ministry of Science, Research and Economy, and the State of Upper Austria in the frame of the COMET center SCCH, and the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.ni.com/labview.

References

  1. Santini, R., Panzieri, S.: A graph-based evidence theory for assessing risk. In: 18th International Conference, Information Fusion, pp. 1467–1474 (2015)

    Google Scholar 

  2. Smith, D., Simpson, K.: Functional Safety: A Straightforward Guide to Applying IEC 61508 and Related Standards, 2nd edn. Elsevier Butterwirth-Heinemann, Oxford (2004)

    Google Scholar 

  3. Rierson, L.: Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance, 1st edn. CRC Press, Boca Raton (2013)

    Google Scholar 

  4. Hird, J., Hawley, M., Machin, C.: Air traffic management security research in SESAR. In: Proceedings - 11th International Conference on Availability, Reliability and Security (ARES), pp. 486–492 (2016)

    Google Scholar 

  5. Gong, L., Zhang, L., Zhang, W., Li, X., Wang, X., Pan, W.: The application of data encryption technology in computer network communication security. In: American Institute of Physics, vol. 1834 (2017)

    Google Scholar 

  6. Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.-K.R.: Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 3(1), 50–59 (2016)

    Article  Google Scholar 

  7. Peng, Y., Lu, T., Liu, J., Gao, Y., Guo, X., Xie, F.: Cyber-physical system risk assessment. In: 9th International Conference Proceedings on Intelligent Information Hiding and Multimedia Signal, pp. 442–447 (2013)

    Google Scholar 

  8. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security – a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)

    Article  Google Scholar 

  9. Best, J.: “‘Wake up baby’: Man HACKS into 10-month-old’s baby monitor to watch sleeping infant.” Mirror Online, April 2014

    Google Scholar 

  10. Polemi, N., Papastergiou, S.: Current efforts in ports and supply chains risk assessment. In: 2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, pp. 349–354 (2015)

    Google Scholar 

  11. Wu, G., Sun, J., Chen, J.: A survey on the security of cyber-physical systems. Control Theory Technol. 14(1), 2–10 (2016)

    Article  MathSciNet  Google Scholar 

  12. Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 1–39 (2013)

    Article  Google Scholar 

  13. Cárenas, A.A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-Physical Systems Security (2009)

    Google Scholar 

  14. Yoneda, S., Tanimoto, S., Konosu, T.: Risk assessment in cyber-physical system in office environment. In: 18th International Conference on Network-Based Information Systems, pp. 412–417 (2015)

    Google Scholar 

  15. Axelrod, C.W.: Managing the risks of cyber-physical systems. In: 2013 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6 (2013)

    Google Scholar 

  16. Kim, Y., Kolesnikov, V., Thottan, M.: Resilient end-to-end message protection for cyber-physical system communications. IEEE Trans. Smart Grid 9(4), 2478–2487 (2016)

    Article  Google Scholar 

  17. Rajbhandari, L., Snekkenes, E.A.: Mapping between classical risk management and game theoretical approaches. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 147–154. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24712-5_12

    Chapter  Google Scholar 

  18. Zhou, L., Guo, H., Li, D., Zhou, J., Wong, J.: A scheme for lightweight SCADA packet authentication. In: 23rd Asia-Pacific Conference on Communications (APCC) (2017)

    Google Scholar 

  19. Karati, A., Amin, R., Islam, S.K.H., Choo, K.R.: Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment. IEEE Trans. Cloud Comput. 7161(c), 1–14 (2018)

    Article  Google Scholar 

  20. Fovino, I.N.: SCADA system cyber security. In: Markantonakis, K., Mayes, K. (eds.) Secure Smart Embedded Devices, Platforms and Applications, pp. 451–471. Springer, New York (2014). https://doi.org/10.1007/978-1-4614-7915-4_20

    Chapter  Google Scholar 

  21. Biro, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2017)

    Article  Google Scholar 

  22. Fletcher, K.K., Liu, X.: Security requirements analysis, specification, prioritization and policy development in cyber-physical systems. In: 2011 5th International Conference on Secure Software Integration and Reliability Improvement - Companion, SSIRI-C 2011, pp. 106–113 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Capital University of Science and Technology (C.U.S.T.), Islamabad, Pakistan

    Maryam Zahid

  2. Software Engineering and Automation Lab (S.E.A.L.), National University of Computer and Emerging Sciences, Islamabad, Pakistan

    Irum Inayat

  3. Software Competence Center Hagenberg GmbH, Hagenberg, Austria

    Atif Mashkoor

  4. Johannes Kepler University Linz, Linz, Austria

    Atif Mashkoor

  5. University of Lahore, Islamabad, Pakistan

    Zahid Mehmood

Authors
  1. Maryam Zahid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Irum Inayat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atif Mashkoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zahid Mehmood
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maryam Zahid .

Editor information

Editors and Affiliations

  1. Institute of Telecooperation, Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Anderst-Kotsis

  2. Software Competence Center Hagenberg, Hagenberg, Austria

    A Min Tjoa

  3. Institute of Telecooperation, Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

  4. ENSIT, LaTICE, University of Tunis, Tunis, Tunisia

    Mourad Elloumi

  5. Software Competence Center, Hagenberg, Austria

    Atif Mashkoor

  6. Steyregg, Oberösterreich, Austria

    Johannes Sametinger

  7. Edificio 204, ICT Division,TECNALIA, Derio, Vizcaya, Spain

    Xabier Larrucea

  8. Top 74, Innsbruck, Tirol, Austria

    Anna Fensel

  9. Hagenberg Gmbh, Software Competence Center, Hagenberg im Mühlkreis, Oberösterreich, Austria

    Jorge Martinez-Gil

  10. Software Competence Center Hagenberg, SC, Hagenberg im Mühlkreis, Oberösterreich, Austria

    Bernhard Moser

  11. University of Twente, ENSCHEDE, Overijssel, The Netherlands

    Christin Seifert

  12. Bauhaus Universität Weimar, Weimar, Thüringen, Germany

    Benno Stein

  13. MiCS, Media Computer Science, University of Passau, Passau, Bayern, Germany

    Michael Granitzer

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zahid, M., Inayat, I., Mashkoor, A., Mehmood, Z. (2019). Security Risk Mitigation of Cyber Physical Systems: A Case Study of a Flight Simulator. In: Anderst-Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2019. Communications in Computer and Information Science, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-27684-3_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27684-3_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27683-6

  • Online ISBN: 978-3-030-27684-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation