Quantitative Cybersecurity Analysis Framework for Cyber Physical Systems: A Conceptual Approach

Quantitative Cybersecurity Analysis Framework for Cyber Physical Systems: A Conceptual Approach

Cyber-physical systems (CPS) are indispensable in various sectors, enabling convenient and efficient processes in today's rapidly evolving technological landscape. However, the integration of internet-enabled components with physical processes exposes CPS to numerous security threats, ren...

Full description

Saved in:
Bibliographic Details
Main Authors: Alhassan Abdulhamid, Sohag Kabir, Ibrahim Ghafir, Ci Lei, Khalil El Hindi, Mohammad Hammoudeh
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Open Journal of the Computer Society
Subjects:
Attack tree
Bayesian networks
cyber-physical systems (CPS)
expert judgement
fuzzy logic system
security analysis
Online Access:https://ieeexplore.ieee.org/document/10829501/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber-physical systems (CPS) are indispensable in various sectors, enabling convenient and efficient processes in today's rapidly evolving technological landscape. However, the integration of internet-enabled components with physical processes exposes CPS to numerous security threats, rendering them susceptible to potential cyber-attacks. This paper presents a quantitative analysis framework for evaluating the security attributes of CPS conceptual design. Focusing on CPS design architecture, the framework models and quantifies security attributes by considering various dimensions. The paper demonstrates the integration of qualitative expert inputs into a fuzzy logic system to address the challenges and uncertainties associated with vulnerability data in CPS security quantification. Additionally, it examines the statistical dependence of basic attack steps (BASs) and their impact on the overall system security analysis, taking into account the intricate connectivity of CPS and the vulnerabilities that attackers could exploit. The novelty of the proposed framework lies in its integrated approach to modelling and quantifying cybersecurity attributes in the CPS environment while considering uncertainties in vulnerability data and dependencies between security events. The computation of statistical and stochastic dependencies among BASs is achieved by mapping the attack tree (AT) to a higher statistical model of the Bayesian network (BN) model. The application of this framework was demonstrated using an intelligent glucose monitoring and insulin administration system (IGMIAS). The framework's general nature makes it adaptable for quantifying cybersecurity behaviours in any CPS environment.
ISSN:2644-1268

Similar Items