Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Security Modelling for Cyber-Physical Systems: A Systematic Literature Review (2404.07527v2)

Published 11 Apr 2024 in cs.CR

Abstract: Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the inherent weaknesses of critical infrastructure reliant on CPS. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system lifecycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for CPS security. A systematic search yielded 428 articles, from which 15 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the lifecycle of CPS, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (57)
  1. STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles. Computers & Security 133, 103391. URL: https://linkinghub.elsevier.com/retrieve/pii/S0167404823003012, doi:10.1016/j.cose.2023.103391.
  2. Security Threat Modeling for Power Transformers in Cyber-Physical Environments, in: 2021 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), IEEE. pp. 1–5. URL: https://ieeexplore.ieee.org/document/9372271/, doi:10.1109/ISGT49243.2021.9372271.
  3. Cyber Security Threat Modeling of A Telesurgery System, in: 2020 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI), IEEE. pp. 1–6. URL: https://ieeexplore.ieee.org/document/9350452/, doi:10.1109/STI50764.2020.9350452.
  4. Cyber-attack modeling analysis techniques: An overview, in: 4th IEEE International Conference on Future Internet of Things and Cloud Workshops, FiCloud Workshops 2016, Vienna, Austria, August 22-24, 2016, IEEE Computer Society. pp. 69–76. URL: https://doi.org/10.1109/W-FiCloud.2016.29, doi:10.1109/W-FICLOUD.2016.29.
  5. MITRE ATT&CK® for Industrial Control Systems: Design and Philosophy.
  6. On Threat Modeling and Mitigation of Medical Cyber-Physical Systems, in: 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), IEEE. pp. 114–119. URL: http://ieeexplore.ieee.org/document/8010624/, doi:10.1109/CHASE.2017.69.
  7. The Industrial Control System Cyber Kill Chain. URL: https://www.sans.org/white-papers/36297/.
  8. Modelling cyber-attacks: a survey study. Network Security 2018, 13–19. URL: http://www.magonlinelibrary.com/doi/10.1016/S1353-4858%2818%2930025-4, doi:10.1016/S1353-4858(18)30025-4.
  9. Enhancement of Cyber Security for Cyber Physical Systems in the Automotive Field Through Attack Analysis .
  10. Modeling security in cyber–physical systems. International Journal of Critical Infrastructure Protection 5, 118–126. URL: https://linkinghub.elsevier.com/retrieve/pii/S1874548212000443, doi:10.1016/j.ijcip.2012.08.002.
  11. The Diamond Model of Intrusion Analysis .
  12. Petri Net Modeling of Cyber-Physical Attacks on Smart Grid. IEEE Transactions on Smart Grid 2, 741–749. URL: http://ieeexplore.ieee.org/document/5967924/, doi:10.1109/TSG.2011.2160000.
  13. Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets, in: Fourth IEEE International Workshop on Information Assurance (IWIA’06), IEEE. pp. 157–168. URL: http://ieeexplore.ieee.org/document/1610008/, doi:10.1109/IWIA.2006.17.
  14. Developer-driven threat modeling: Lessons learned in the trenches. IEEE Secur. Priv. 9, 41–47. URL: https://doi.org/10.1109/MSP.2011.47, doi:10.1109/MSP.2011.47.
  15. Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics .
  16. Threat Modeling in Cyber-Physical Systems, in: 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), IEEE. pp. 448–453. URL: https://ieeexplore.ieee.org/document/7588885/, doi:10.1109/DASC-PICom-DataCom-CyberSciTec.2016.89.
  17. Consequence-driven cyber-informed engineering (CCE). Technical Report INL/EXT-16-39212. URL: https://www.osti.gov/biblio/1341416, doi:10.2172/1341416.
  18. Framework for cyber-physical systems: volume 1, overview. Technical Report NIST SP 1500-201. URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf, doi:10.6028/NIST.SP.1500-201.
  19. CPS Security Modelling Literature Review Notes. URL: https://github.com/shaofeihuang/CPS-Security-Modelling-Literature-Review.
  20. Cyber-Physical Systems Security—A Survey. IEEE Internet of Things Journal 4, 1802–1831. URL: http://ieeexplore.ieee.org/document/7924372/, doi:10.1109/JIOT.2017.2703172.
  21. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains .
  22. International Electrotechnical Commission, . IEC 62443-4-1:2018. URL: https://webstore.iec.ch/publication/33615.
  23. Threat modelling for industrial cyber physical systems in the era of smart manufacturing. Computers in Industry 137, 103611. URL: https://linkinghub.elsevier.com/retrieve/pii/S0166361522000069, doi:10.1016/j.compind.2022.103611.
  24. Cybersecurity and safety co-engineering of cyberphysical systems - A comprehensive survey. Future Internet 12, 65. URL: https://doi.org/10.3390/fi12040065, doi:10.3390/FI12040065.
  25. Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System. Computers & Security 124, 102950. URL: https://linkinghub.elsevier.com/retrieve/pii/S016740482200342X, doi:10.1016/j.cose.2022.102950.
  26. Threat modeling of industrial control systems: A systematic literature review. Computers & Security 136, 103543. URL: https://linkinghub.elsevier.com/retrieve/pii/S0167404823004534, doi:10.1016/j.cose.2023.103543.
  27. STRIDE-based threat modeling for cyber-physical systems, in: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), IEEE. pp. 1–6. URL: http://ieeexplore.ieee.org/document/8260283/, doi:10.1109/ISGTEurope.2017.8260283.
  28. STRIDE‐based threat modeling and DREAD evaluation for the distributed control system in the oil refinery. ETRI Journal 44, 991–1003. URL: https://onlinelibrary.wiley.com/doi/10.4218/etrij.2021-0181, doi:10.4218/etrij.2021-0181.
  29. Guidelines for performing systematic literature reviews in software engineering.
  30. A survey of approaches combining safety and security for industrial control systems. Reliability Engineering & System Safety 139, 156–178. URL: https://www.sciencedirect.com/science/article/pii/S0951832015000538, doi:10.1016/j.ress.2015.02.008.
  31. APT attacks on industrial control systems: A tale of three incidents. International Journal of Critical Infrastructure Protection 37, 100521. URL: https://linkinghub.elsevier.com/retrieve/pii/S1874548222000129, doi:10.1016/j.ijcip.2022.100521.
  32. Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging, in: Proceedings 2023 Network and Distributed System Security Symposium, Internet Society. doi:10.14722/ndss.2023.23251.
  33. Vision: Security-Usability Threat Modeling for Industrial Control Systems, in: Proceedings of the 2021 European Symposium on Usable Security, ACM. pp. 83–88. doi:10.1145/3481357.3481527.
  34. Towards a systematic threat modeling approach for cyber-physical systems, in: 2015 Resilience Week (RWS), pp. 1–6. URL: https://ieeexplore.ieee.org/abstract/document/7287428, doi:10.1109/RWEEK.2015.7287428.
  35. A threat model method for ICS malware: the TRISIS case, in: Proceedings of the 18th ACM International Conference on Computing Frontiers, ACM. pp. 221–228. doi:10.1145/3457388.3458868.
  36. Petri Nets: Properties, Analysis and Applications. PROCEEDINGS OF THE IEEE 77.
  37. Smart Grid Cyber-Physical Situational Awareness of Complex Operational Technology Attacks: A Review. ACM Computing Surveys 55, 1–36. doi:10.1145/3565570.
  38. National Institute of Standards and Technology, 2023. The NIST Cybersecurity Framework 2.0. Technical Report NIST CSWP 29 ipd. URL: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.ipd.pdf, doi:10.6028/NIST.CSWP.29.ipd.
  39. Kill Chain Attack Modelling for Hidden Channel Attack Scenarios in Industrial Control Systems. IFAC-PapersOnLine 53, 11074–11080. URL: https://linkinghub.elsevier.com/retrieve/pii/S2405896320305231, doi:10.1016/j.ifacol.2020.12.246.
  40. Attack Models for Advanced Persistent Threats in Smart Grid Wide Area Monitoring, in: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, ACM. pp. 61–66. doi:10.1145/3055386.3055390.
  41. Aligning cyber-physical system safety and security, in: Complex Systems Design & Management Asia, Designing Smart Cities: Proceedings of the First Asia - Pacific Conference on Complex Systems Design & Management, CSD&M Asia 2014, Singapore, December 10-12, 2014, Springer. pp. 41–53. URL: https://doi.org/10.1007/978-3-319-12544-2_4, doi:10.1007/978-3-319-12544-2_4.
  42. Threat Modeling Using Attack Trees .
  43. Attack Trees. URL: https://tnlandforms.us/cs594-cns96/attacktrees.pdf.
  44. Threat Modeling For Cyber-Physical System-of-Systems: Methods Evaluation .
  45. Security threat modeling: Are data flow diagrams enough?, in: ICSE ’20: 42nd International Conference on Software Engineering, Workshops, Seoul, Republic of Korea, 27 June - 19 July, 2020, ACM. pp. 254–257. URL: https://doi.org/10.1145/3387940.3392221, doi:10.1145/3387940.3392221.
  46. MITRE ATT&CK: Design and philosophy.
  47. Merging safety and cybersecurity analysis in product design. IET Intelligent Transport Systems 12, 1103–1109. URL: https://ietresearch.onlinelibrary.wiley.com/doi/abs/10.1049/iet-its.2018.5323, doi:https://doi.org/10.1049/iet-its.2018.5323.
  48. A review of threat modelling approaches for APT-style attacks. Heliyon 7, e05969. URL: https://linkinghub.elsevier.com/retrieve/pii/S2405844021000748, doi:10.1016/j.heliyon.2021.e05969.
  49. An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces 36, 734–747. URL: https://doi.org/10.1016/j.csi.2013.12.008, doi:10.1016/J.CSI.2013.12.008.
  50. A Hybrid Threat Model for Smart Systems. IEEE Transactions on Dependable and Secure Computing 20, 4403–4417. URL: https://ieeexplore.ieee.org/document/9916127/, doi:10.1109/TDSC.2022.3213577.
  51. Threat modeling – A systematic literature review. Computers & Security 84, 53–69. URL: https://linkinghub.elsevier.com/retrieve/pii/S0167404818307478, doi:10.1016/j.cose.2019.03.010.
  52. From Tactics to Techniques: A Systematic Attack Modeling for Advanced Persistent Threats in Industrial Control Systems, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE. pp. 336–344. URL: https://ieeexplore.ieee.org/document/10190669/, doi:10.1109/EuroSPW59978.2023.00042.
  53. Threat modeling in smart firefighting systems: Aligning MITRE ATT&CK matrix and NIST security controls. Internet of Things 22, 100766. URL: https://linkinghub.elsevier.com/retrieve/pii/S2542660523000896, doi:10.1016/j.iot.2023.100766.
  54. Threat modeling for security assessment in cyberphysical systems, in: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, ACM. pp. 1–4. doi:10.1145/2459976.2459987.
  55. Attack graph analysis: An explanatory guide. Comput. Secur. 126, 103081. URL: https://doi.org/10.1016/j.cose.2022.103081, doi:10.1016/J.COSE.2022.103081.
  56. A Taxonomy of Cyber Attacks on SCADA Systems, in: 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, IEEE. pp. 380–388. URL: http://ieeexplore.ieee.org/document/6142258/, doi:10.1109/iThings/CPSCom.2011.34.
  57. Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access 9, 29775–29818. URL: https://ieeexplore.ieee.org/document/9351954/, doi:10.1109/ACCESS.2021.3058403.

Summary

  • The paper presents a systematic review that categorizes CPS security modelling methods and highlights key research gaps.
  • It contrasts threat modelling, used during early system development, with attack modelling applied when systems are operational.
  • The review recommends a unified framework combining continuous monitoring and adaptive strategies to counter evolving cyber-physical threats.

A Systematic Review on Security Modelling for Cyber-Physical Systems

Introduction to Cyber-Physical Systems (CPS) Security Modelling

Cyber-physical systems (CPS) integrate physical processes with cybersecurity and digital networking, occupying central roles in vital sectors including healthcare, transportation, and industrial automation. With their deep integration into critical infrastructure, CPS have emerged as focal points for sophisticated cyberattacks, underscoring the importance of robust security modelling to safeguard them against evolving threats. This paper presents a systematic literature review on the current state and methodologies of CPS security modelling, focusing on threat and attack modelling, their applications, and the distinguishing factors between them in the context of CPS security. A total of 15 articles were identified and analyzed, revealing notable trends, gaps, and opportunities for future research in the domain.

Current State of CPS Security Modelling

The paper categorizes the selected studies into three clusters: (1) threat modelling methods, (2) attack modelling methods, and (3) systematic literature reviews on these topics. It emphasizes that while both threat and attack modelling are crucial for envisioning defensive strategies, they serve different purposes within the security landscape of CPS. Threat modelling is typically performed during the early phases of system development to anticipate and mitigate potential vulnerabilities upfront. Conversely, attack modelling tends to be applied once systems are operational, aiming to counter specific tactics, techniques, and procedures used by attackers.

Gaps and Challenges

Several limitations within existing research on CPS security modelling were highlighted:

  • Focus on IT Systems: Current security models are predominantly tailored to IT systems, lacking the depth and specificity required to address the unique characteristics of CPS. These include the systems’ dynamic, multi-layer, multi-path, and multi-agent nature, which are not adequately covered by existing models.
  • Outdated Approaches Due to Evolving Threats: The rapid evolution of cyber threats often renders early-stage threat models obsolete by the time a CPS is fully operational, posing challenges in maintaining their relevance over time.
  • Ambiguity in Definitions and Applications: The literature reveals confusion regarding the distinct roles and definitions of threat and attack modelling in the context of CPS. This ambiguity complicates the development of a cohesive framework for CPS security.

The Proposed Unified Security Modelling Framework

Responding to these challenges, the paper proposes a unified security modelling framework that integrates threat modelling, attack modelling, and continuous security monitoring throughout the lifecycle of CPS. This framework seeks to address the dynamic nature of cyber-physical attacks and the evolving capabilities of attackers, ensuring robust and adaptive defensive strategies.

Future Research Directions

The review identifies several areas for future research aiming to strengthen CPS security modelling:

  • Incorporating Real-time Data and Feedback: Enhancing models with real-time operational data and feedback can improve their accuracy and relevance, enabling adaptive responses to emerging threats.
  • Exploring Novel Modelling Techniques: Investigating advanced techniques such as Petri nets for modelling the complex interplay between cyber and physical components in CPS attacks.
  • Focusing on Self-healing CPS: Research into self-healing mechanisms can offer new avenues for automatic recovery and resilience in the face of attacks, minimizing potential damage.

Conclusion

This systematic review underscores the burgeoning interest in CPS security and the critical need for specialized modelling approaches that transcend traditional IT-centric methodologies. By addressing the identified gaps and exploring proposed research directions, the field can move towards more effective, adaptive, and resilient security strategies for the protection of cyber-physical systems.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown