nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Application TRIKE Methodology When Modeling Threats to APCs Information Security

verfasst von : D. Chernov

Erschienen in: Advances in Automation III

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In the modern world automation technologies of industrial processes have found wide application. Automated process control systems have become an important part of enterprises that operate in different economic fields and life support facilities all over the world. Nevertheless, the high growth of automation means raises the acute problem of providing APCs information security from external and internal threats. There are systematic reports in the media about new critical vulnerabilities in industrial equipment and attacks based on the exploitation of such vulnerabilities. When designing such systems it is necessary to estimate possible information security threats that already exist in the system or that are predicted to appear. That is why threat modeling is an important part of providing information security at industrial facilities using automation. In this work the author investigates the methodology of estimating threats to software security TRIKE. The research is aimed at finding general approaches to determine threat sources, tactics, and techniques for making implementation scenarios of threats to software information security, for applying them to provide cyber security of automated process control systems. In the frameworks of the subject mainstreaming, the research gives a description of cyber-attacks at big industrial facilities, and their basic vulnerabilities are emphasized. In the article the analysis of TRIKE methodology has been done. It is aimed at determining basic threat modeling stages applicable to industrial automation systems. The approach of TRIKE methodology to generating a list of threats to information security is formalized. To achieve the aims the author constructs DFD data flow diagrams with the decomposition of peculiar elements of the algorithm for modeling threats to information security of automated process control systems using TRIKE methodology.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Software Package for Training Users to Respond to Information Security Incidents in Industrial Automated Systems

Nächstes Kapitel Industrial Control System Cybersecurity Assessment Handling Delay Estimation

Aktual'nye kiberugrozy. 2 kvartal 2018 (Actual cyber threats. II quarter of 2018), Moscow, Positive Technologies (2018)

Panettieri, J.: Ransomware attack Rock City Power. Johannesburg, South Africa, MSSP Allert (2019)

Aktual'nye kiberugrozy. 2 kvartal 2019 (Actual cyber threats. II quarter of 2019). Moscow, Positive Technologies (2019)

Aktual'nye kiberugrozy: itogi 2019 goda (Cybersecurity threatscape-2019), Moscow, Positive Technologies (2020)

Chernov, D.V., Sychugov, A.A.: Development of a mathematical model of threat to information security of automated process control systems. In: 2019 International Russian Automation Conference (RusAutoCon), Sochi, Russia, pp. 1–5 (2019). https://doi.org/10.1109/RUSAUTOCON.2019.8867708

Eddington, M., Larcom, B., Saitta, E.: TRIKE v1 Methodology Document, USA. Octotrike (2005)

Khanji, S., Jabir, R., Ahmad, L.: Evaluation of Linux SMTP server security aspects? a case study. In: 7th International Conference on Information and Communication Systems (ICICS), pp. 252–257 (2016). https://doi.org/10.1109/IACS.2016.7476120

Fu, M., Wang, D.: Modeling method of operational task combined with IDEF and UML. In: IEEE 3rd Advanced Information Technology Electronic and Automation Control Conference, pp. 1443–1447 (2018). https://doi.org/10.1109/IAEAC.2018.8577660

Yu, H., Wu, D.: Enterprise modeling based on IDEF and UML. In: 4th International Conference on Advanced Information Technology and Sensor Application (AITS), pp. 59–62 (2015). https://doi.org/10.1109/AITS.2015.22

10.

Manenti, G., Ebrahimiarjestan, M.: Functional modelling and IDEF0 to enhance and support process tailoring in systems engineering. In: International Symposium on Systems Engineering (ISSE), pp. 1–8 (2019). https://doi.org/10.1109/ISSE46696.2019.8984539

11.

Pletnev, P.V., Belov, V.M.: Metodika ocenki riskov informacionnoj bezopasnosti na predpriyatiyah malogo i srednego biznesa (Methodology for assessing information security risks in small and medium-sized businesses). Doklady Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioelektroniki 25(1–2), 83–86 (2012)

12.

Semenov, D.A., Chichikin, G.Y.: Zashchita informacionnyh aktivov (Protection of information assets). Academy 57(6), 31–33 (2020)

13.

Rozdestvenskaya, T.E., Guznov, A.: Cifrovye finansovye aktivy: problemy i perspektivy pravovogo regulirovaniya (Digital financial assets: problems and prospects of legal regulation). Aktual’nye problemy rossijskogo prava 115(6), 43–54 (2020)CrossRef

14.

Tasvaeva, A.N.: Diagrammy potokov dannyh i variantov ispol’zovaniya kak instrumenty proektirovaniya informacionnyh sistem (Data flow diagrams and use cases as information system design tools). Modeli, sistemy, seti v ekonomike, tekhnike, prirode i obshchestve 3(2), 143–146 (2012)

15.

Kalyanov, G.N.: Konceptual’naya model’ DFD-tekhnologii (The conceptual model of DFD technology). Otkrytoe obrazovanie 21(4), 21–26 (2017)

16.

Zimovetc, O.A., Matorin, S.I.: Predstavlenie diagramm v notaciyah DFD, IDEF0 i BPMN s pomoshch’yu sistemno-ob”ektnyh modelej “Uzel-funkciya-ob”ekt” (Representation of diagrams in DFD, IDEF0, and BPMN notations using Node-Function-Object system-object models). Ekonomika. Informatika 20(19–1), 134–144 (2011)

17.

Chernov, D.V., Sychugov, A.A.: Mathematical modeling of information security threats of automated process control systems. In: International Conference on Electrotechnical Complexes and Systems (ICOECS) (2019). https://doi.org/10.1109/ICOECS46375.2019.8950023

18.

Verigo, A.A., Csapko, G.P., Katashev, A.S.: Ocenka uyazvimostej avtomatizirovannyh sistem upravleniya tekhnologicheskimi processami (Vulnerability assessment of automated process control systems). Mezhdunarodnyj nauchno-issledovatel’skij zhurnal 53(11–4), 47–49 (2016)

19.

Chernov, D.V., Sychugov, A.A.: Analysis of modern requirements and problems of information security of automated process control systems. Neurocomputers 8, 38–46 (2018). https://doi.org/10.18127/j19998554-201808-04CrossRef

20.

Konovalenko, S.A., Korolyov, I.D.: Vyyavlenie uyazvimostej informacionnyh sistem (Identifying information system vulnerabilities). Innovacii v nauke 58(9), 12–20 (2016)

21.

Muhanova, A., Revnivikh, A.V., Fedotov, A.M.: Klassifikaciya ugroz i uyazvimostej informacionnoj bezopasnosti v korporativnyh sistemah (Classification of threats and vulnerabilities of information security in corporate systems). Vestnik Novosibirskogo gosudarstvennogo universiteta. Seriya: Informacionnye tekhnologii 11(2), 55–72 (2013)

22.

Chernov, D.V., Sychugov, A.A.: Application of the method of determining the degree of danger of destructive actions to solve the problem of information security of APCs. In: 2020 International Conference on Electrotechnical Complexes and Systems (ICOECS), Ufa, pp. 1–4 (2020). https://doi.org/10.1109/ICOECS50468.2020.9278479

Titel: Application TRIKE Methodology When Modeling Threats to APCs Information Security
verfasst von: D. Chernov
Verlag: Springer International Publishing
Buch: Advances in Automation III
Print ISBN: 978-3-030-94201-4

Electronic ISBN: 978-3-030-94202-1

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-3-030-94202-1_42

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Dr. Fabian Struck/© Forto Logistics SE & Co., Bau Immobilie/© Gina Sanders / Fotolia, Kundenpotenzial/© Andrii Yalanskyi / Getty Images / iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.