A GENERAL FRAMEWORK FOR CHARACTERIZING AND EVALUATING ATTACKER MODELS FOR CPS SECURITY ASSESSMENT

Author

Christopher S. Deloglos, Virginia Commonwealth UniversityFollow
Christopher Deloglos, Virginia Commonwealth University

DOI

https://doi.org/10.25772/F6X6-WR48

Author ORCID Identifier

0000-0002-4120-5745

Defense Date

2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Electrical & Computer Engineering

First Advisor

Carl Elks

Second Advisor

Ashraf Tantawy

Third Advisor

Patrick Martin

Fourth Advisor

Nathan Lau

Fifth Advisor

Barry Johnson

Abstract

Characterizing the attacker’s perspective is essential to assessing the security posture and resilience of cyber-physical systems. The attacker’s perspective is most often achieved by cyber-security experts (e.g., red teams) who critically challenge and analyze the system from an adversarial stance. Unfortunately, the knowledge and experience of cyber-security experts can be inconsistent leading to situations where there are gaps in the security assessment of a given system. Structured security review processes (such as TAM, Mission Aware, STPA-SEC, and STPA-SafeSec) attempt to standardize the review processes to impart consistency across an organization or application domain. However, with most security review processes, the attackers’ perspectives are ad hoc and often lack structure. Attacker modeling is a potential solution but there is a lack of uniformity in published literature and a lack of structured methods to integrate the attacker perspective into established security review processes.

This dissertation proposes a generalized framework for characterizing and evaluating attacker models for CPS security assessment. We developed this framework from a structured literature survey on attacker model characteristics which we used to create an ontology of attacker models from a context of security assessment. This generalized framework facilitates the characterization and functional representation of attacker models, leveraged in a novel scalable integration workflow. This workflow leverages an intermediate functional representation module to integrate attacker models into a security review process. In conclusion, we demonstrate the efficacy of our attacker modeling framework through a use case in which we integrate an attacker model into an established security review process.

Rights

© Christopher Deloglos

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission

12-16-2021