Towards Security Attack and Risk Assessment during Early System Design

Lukas Alexander Gressl, Christian Steger, Michael Krisper, Ulrich Neffe

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of smart and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are attractive targets for security attackers. Hence, with their integration into both the industry and consumer devices, they added a new surface for cybersecurity attacks. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. The design of secure systems is a complex task, especially if they must adhere to other constraints, such as performance, power consumption, and others. A range of design space exploration tools have been proposed in academics, which aim to support system designers in their task of finding the optimal selection of hardware components and task mappings. Said tools offer a limited way of modeling attack scenarios as constraints for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early design phase. It offers designers to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and security risk. The framework's feasibility and performance is demonstrated by revisiting a potential system design of an industry partner.
Original languageEnglish
Title of host publicationInternational Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020
PublisherInstitute of Electrical and Electronics Engineers
ISBN (Electronic)9781728164281
DOIs
Publication statusPublished - Jun 2020
Event2020 International Conference on Cyber Security and Protection of Digital Services - Virtuell
Duration: 15 Jun 202019 Jun 2020

Publication series

NameInternational Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

Conference

Conference2020 International Conference on Cyber Security and Protection of Digital Services
Abbreviated titleCyber Security 2020
CityVirtuell
Period15/06/2019/06/20

Keywords

  • Cyber Security
  • Design Space Exploration
  • Embedded System Design
  • Secure Embedded Consumer Devices
  • Secure IoT Systems

ASJC Scopus subject areas

  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Artificial Intelligence
  • Computational Theory and Mathematics

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application

Fingerprint Dive into the research topics of 'Towards Security Attack and Risk Assessment during Early System Design'. Together they form a unique fingerprint.

Cite this