Top

Published in:

2023 | OriginalPaper | Chapter

The Need for Threat Modelling in Unmanned Aerial Systems

Authors : Abdelkader Magdy Shaaban, Oliver Jung, Christoph Schmittner

Published in: Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Detecting cybersecurity vulnerabilities in Unmanned Aerial Systems (UAS) is essential to ensure the safe operation of drones. This supports the determination of cybersecurity objectives and the description of security requirements needed to achieve these objectives. However, it is challenging to automate this process to identify potential cyber threats and ensure the correctness of the applied security requirements, especially in a complex system such as a UAS network. In this work, we use ThreatGet as a threat modelling tool to identify potential cyber threats in UAS and highlight existing security vulnerabilities. This assists in determining the appropriate security requirements that could be implemented to achieve our security goal. We then develop a novel ontology-based threat modelling approach to infer a set of security threats based on the applied security requirements and then check the effectiveness of these requirements against threats to ensure these requirements are fulfilled.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Towards DO-178C Compliance of a Secure Product

next chapter Using Runtime Information of Controllers for Safe Adaptation at Runtime: A Process Mining Approach

https://www.threatget.com.

https://labyrinth2020.eu.

Genc, H., Zu, Y., Chin, T.-W., Halpern, M., Reddi, V.J.: Flying IoT: toward low-power vision in the sky. IEEE Micro 37(6), 40–51 (2017)CrossRef

Shaaban, A.M., Jung, O., Fas Millan, M.A.: Toward applying the IEC 62443 in the UAS for secure civil applications. In: Haber, P., Lampoltshammer, T.J., Leopold, H., Mayr, M. (eds.) Data Science - Analytics and Applications. Springer, Wiesbaden (2022). https://doi.org/10.1007/978-3-658-36295-9_7CrossRef

Shaaban, A.M., Jung, O., Schmittner, C.: A proposed X.800-based security architecture framework for unmanned aircraft system, pp. 389–397. Trauner Verlag (2022). Artwork Size: 479 pages Medium: PDF

IEC. Security for industrial automation and control systems - part 4-2: Technical security requirements for IACS components. Technical report, International Standard (2019)

Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590 (2012)

Lattimore, G.L.: Unmanned aerial system cybersecurity risk management decision matrix for tactical operators. Technical report, Naval Postgraduate School, Monterey, CA, USA (2019)

Walters, S.: How to set up a drone vulnerability testing lab (2016). https://medium.com/@swalters/how-to-set-up-a-drone-vulnerability-testing-lab-db8f7c762663. Accessed 12 June 2023

Manesh, M.R., Kaabouch, N.: Cyber-attacks on unmanned aerial system networks: detection, countermeasure, and future research directions. Comput. Secur. 85, 386–401 (2019)CrossRef

Kristen, E., et al.: D2.3 Architecture Requirements and Definition (v2). Technical report, AFarCloud deliverable (2020)

10.

Macaulay, T.: The 7 deadly threats to 4G: 4G LTE security roadmap and reference design, vol. 25, p. 2017 (2013)

11.

United Nations Economic Commission for Europe UNECE. CSOTA ad hoc “Threats 2” (2017). https://wiki.unece.org/pages/viewpage.action?pageId=45383725. Accessed 11 June 2023

12.

Kotapati, K., Liu, P., Sun, Y., LaPorta, T.F.: A taxonomy of cyber attacks on 3G networks. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 631–633. Springer, Heidelberg (2005). https://doi.org/10.1007/11427995_82CrossRef

13.

Schmittner, C., Chlup, S., Fellner, A., Macher, G., Brenner, E.: ThreatGet: threat modeling based approach for automated and connected vehicle systems. In: AmE 2020-Automotive meets Electronics; 11th GMM-Symposium, pp. 1–3. VDE (2020)

14.

Schmittner, C., Schrammel, B., König, S.: Asset driven ISO/SAE 21434 compliant automotive cybersecurity analysis with ThreatGet. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 548–563. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_36CrossRef

15.

Shaaban, A.M., Schmittner, C.: Threatget: new approach towards automotive security-by-design (2020)

16.

Schmittner, C., Shaaban, A.M., Macher, G.: ThreatGet: ensuring the implementation of defense-in-depth strategy for IIoT based on IEC 62443. In: 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS), pp. 1–6. IEEE (2022)

17.

Chlup, S., Christl, K., Schmittner, C., Shaaban, A.M., Schauer, S., Latzenhofer, M.: THREATGET: towards automated attack tree analysis for automotive cybersecurity. Information 14(1), 14 (2023)CrossRef

18.

Ma, Z., Schmittner, C.: Threat modeling for automotive security analysis. Adv. Sci. Technol. Lett. 139, 333–339 (2016)CrossRef

19.

Protégé. Protégé Framework. https://protege.stanford.edu. Accessed 10 June 2023

20.

Johardi. Cellfie (2018). https://github.com/protegeproject/cellfie-plugin. Accessed 10 June 2023

21.

Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014). OCLC: ocn855043351

Title: The Need for Threat Modelling in Unmanned Aerial Systems
Authors: Abdelkader Magdy Shaaban
Oliver Jung
Christoph Schmittner
Publisher: Springer Nature Switzerland
Book: Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops
Print ISBN: 978-3-031-40952-3

Electronic ISBN: 978-3-031-40953-0

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-3-031-40953-0_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner