Our Publications
Here you find our publications.
2020
Bourget, Edwin; Cuppens, Frédéric; Cuppens-Boulahia, Nora
PROS2E, a Probabilistic Representation of Safety and Security Events for Diagnosis Inproceedings
In: Proceedings of the 6th ACM on Cyber-Physical System Security Workshop, pp. 30–41, ACM, New York, NY, USA, 2020, ISBN: 9781450376082.
Abstract | Links | BibTeX | Tags: countermeasures, Cyber-Physical Systems, diagnosis, event model, industrial systems, safety, Security
@inproceedings{Bourget2020b,
title = {PROS2E, a Probabilistic Representation of Safety and Security Events for Diagnosis},
author = {Edwin Bourget and Fr\'{e}d\'{e}ric Cuppens and Nora Cuppens-Boulahia},
url = {https://dl.acm.org/doi/10.1145/3384941.3409590},
doi = {10.1145/3384941.3409590},
isbn = {9781450376082},
year = {2020},
date = {2020-10-01},
booktitle = {Proceedings of the 6th ACM on Cyber-Physical System Security Workshop},
pages = {30--41},
publisher = {ACM},
address = {New York, NY, USA},
abstract = {The recent and increasing interconnection of industrial systems with information technologies creates a new paradigm in which new challenges arise. Being able to provide an explanation when accidents and attacks strike the system is one of them. This article presents an event model designed to provide useful and relevant information for diagnosis of safety and security events. We provide a means for system experts to model elementary events that are automatically recombined in complex and complete scenarios. We specifically focus on the ability to represent countermeasures and sequences of events, recurrent problems in the literature. We also introduce a means to precisely measure the wear of components, an important feature for the model to obtain accurate values. We showcase the use of our model for diagnosis purposes on a cyber-physical system testbed.},
keywords = {countermeasures, Cyber-Physical Systems, diagnosis, event model, industrial systems, safety, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
The recent and increasing interconnection of industrial systems with information technologies creates a new paradigm in which new challenges arise. Being able to provide an explanation when accidents and attacks strike the system is one of them. This article presents an event model designed to provide useful and relevant information for diagnosis of safety and security events. We provide a means for system experts to model elementary events that are automatically recombined in complex and complete scenarios. We specifically focus on the ability to represent countermeasures and sequences of events, recurrent problems in the literature. We also introduce a means to precisely measure the wear of components, an important feature for the model to obtain accurate values. We showcase the use of our model for diagnosis purposes on a cyber-physical system testbed.
Wüstrich, Lars; Pahl, Marc-Oliver; Liebald, Stefan
An extensible IoT Security Taxonomy Inproceedings
In: Proceedings - IEEE Symposium on Computers and Communications, 2020.
Abstract | Links | BibTeX | Tags: attacks, Cyber-Physical Systems, IoT, naming scheme, Security, taxonomy, threat classification
@inproceedings{wustrich2020extensible,
title = {An extensible IoT Security Taxonomy},
author = {Lars W\"{u}strich and Marc-Oliver Pahl and Stefan Liebald},
doi = {10.1109/ISCC50000.2020.9219584},
year = {2020},
date = {2020-01-01},
booktitle = {Proceedings - IEEE Symposium on Computers and Communications},
abstract = {Security is essential in the Internet of Things (IoT). IoT threat classifications are often non-intuitive to use. Identifying relevant properties of an attack is difficult and requires reading details of the attack. We therefore propose a simple-to-use naming scheme for IoT threat classification. It is based on the affected layers and the affected security goals. We evaluate the usefulness of the chosen approach by applying it to common IoT threats.},
keywords = {attacks, Cyber-Physical Systems, IoT, naming scheme, Security, taxonomy, threat classification},
pubstate = {published},
tppubtype = {inproceedings}
}
Security is essential in the Internet of Things (IoT). IoT threat classifications are often non-intuitive to use. Identifying relevant properties of an attack is difficult and requires reading details of the attack. We therefore propose a simple-to-use naming scheme for IoT threat classification. It is based on the affected layers and the affected security goals. We evaluate the usefulness of the chosen approach by applying it to common IoT threats.
