Generation of Applicative Attacks Scenarios Against Industrial Systems

Abstract : In the context of security, risk analyzes are widely recognized as essential. However, such analyzes need to be replayed frequently to take into account new vulnerabilities, new protections, etc.. As exploits can now easily be found on internet, allowing a wide range of possible intruders with various capacities, motivations and resources. In particular in the case of industrial control systems (also called SCADA) that interact with the physical world, any breach can lead to disasters for humans and the environment. Alongside of classical security properties such as secrecy or authentication, SCADA must ensure safety properties relative to the industrial process they control. In this paper, we propose an approach to assess the security of industrial systems. This approach aims to find applicative attacks taking into account various parameters such as the behavior of the process, the safety properties that must be ensured. We also model the possible positions and capacities of attackers allowing a precise control of these attackers. We instrument our approach using the well known model-checker UPPAAL, we apply it on a case study and show how variations of properties, network topologies, and attacker models can drastically change the obtained results.
Type de document :
Communication dans un congrès
10th International Symposium on Foundations and Practice of Security, FPS 2017, Oct 2017, Nancy, France
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

http://hal.univ-grenoble-alpes.fr/hal-01615534
Contributeur : Maxime Puys <>
Soumis le : jeudi 12 octobre 2017 - 15:04:32
Dernière modification le : lundi 30 avril 2018 - 15:02:49

Fichier

fps17.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01615534, version 1

Collections

Citation

Maxime Puys, Marie-Laure Potet, Abdelaziz Khaled. Generation of Applicative Attacks Scenarios Against Industrial Systems. 10th International Symposium on Foundations and Practice of Security, FPS 2017, Oct 2017, Nancy, France. 〈hal-01615534〉

Partager

Métriques

Consultations de la notice

79

Téléchargements de fichiers

25