Logo des Repositoriums
 

Operational Security Modeling and Analysis for IACS

dc.contributor.authorGao, Yuan
dc.contributor.authorBen Zid, Ines
dc.contributor.authorLou, Xinxin
dc.contributor.authorParekh, Mithil
dc.contributor.editorDraude, Claude
dc.contributor.editorLange, Martin
dc.contributor.editorSick, Bernhard
dc.date.accessioned2019-08-27T13:00:19Z
dc.date.available2019-08-27T13:00:19Z
dc.date.issued2019
dc.description.abstractSecurity Certifications based on international standards, like ISO 27000 and IEC 62443 series, are strongly favored by industrial manufactures and (critical) facility owners. However, comparing to mature safety certification procedures, there is only a small portion of security certifications available on the market for the booming Industry 4.0 solutions and IoT/IIoT products. The major challenge is how to define a practical working scope, which is compatible with frequent system updates as well as creations of new systems by coupling supplier services. Meanwhile, the potential security impacts should be quantitatively predictable since some of them are tolerable, which are different from most of safety constraints. Thus, in this paper, we proposed an operational security model, which intends to support monitoring and analysis on a dynamically running system. It was extended from the 3-domains security model we proposed in previous work by introducing run-time perspectives and procedures. In addition, cooperating with the security in design concept, the proposed operational procedures were developed following the guidance of the security standard series IEC 62443. For addressing the external threats, Open Source Intelligence (OSINT) were involved to query whether some confidential information, like user-credentials and system vulnerabilities are already collected and publicly known to adversaries. The introduction of OSINT can support more transparent risk assessment approaches. As the conclusion, with the operational security model, we proposed a hybrid approach which consists of security certifications and continuous monitoring/consulting to solve the current challenge.en
dc.identifier.doi10.18420/inf2019_ws31
dc.identifier.isbn978-3-88579-689-3
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/25065
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofINFORMATIK 2019: 50 Jahre Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge)
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-295
dc.subjectSecurity Model
dc.subjectOperational Security Model
dc.subjectSecurity Operation
dc.subjectContinuous Monitoring
dc.subjectOSINT
dc.subjectFunctional Safety
dc.subjectIEC 62443
dc.subjectIndustry 4.0
dc.subjectIoT
dc.subjectIIoT
dc.titleOperational Security Modeling and Analysis for IACSen
dc.typeText/Conference Paper
gi.citation.endPage281
gi.citation.publisherPlaceBonn
gi.citation.startPage271
gi.conference.date23.-26. September 2019
gi.conference.locationKassel
gi.conference.sessiontitleStandardization of Industry 4.0 Automation and Control Systems

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
paper05_04.pdf
Größe:
252.47 KB
Format:
Adobe Portable Document Format