A Security Analysis Method for Industrial Internet of Things

Haralambos Mouratidis; Vasiiki Diamantopoulou

doi:10.1109/TII.2018.2832853

A Security Analysis Method for Industrial Internet of Things

Haralambos Mouratidis, Vasiiki Diamantopoulou

Research output: Contribution to journal › Article › peer-review

Abstract

The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels (design/modelling and runtime/simulation). Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate the applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.

Original language	English
Pages (from-to)	4093 - 4100
Journal	IEEE Transactions on Industrial Informatics
Volume	14
Issue number	9
DOIs	https://doi.org/10.1109/TII.2018.2832853
Publication status	Published - 3 May 2018

Bibliographical note

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must beobtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

Attack Path Discovery
Industrial Internet of Things
Security Requirements Engineering

Access to Document

10.1109/TII.2018.2832853

A security analysis method for industrial internet of thingsAccepted author manuscript, 1.13 MB

Cite this

@article{b3c5d26ad75e423e8b1d3b2489225947,

title = "A Security Analysis Method for Industrial Internet of Things",

abstract = "The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels (design/modelling and runtime/simulation). Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate the applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.",

keywords = "Attack Path Discovery, Industrial Internet of Things, Security Requirements Engineering",

author = "Haralambos Mouratidis and Vasiiki Diamantopoulou",

note = "{\textcopyright} 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must beobtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ",

year = "2018",

month = may,

day = "3",

doi = "10.1109/TII.2018.2832853",

language = "English",

volume = "14",

pages = "4093 -- 4100",

journal = "IEEE Transactions on Industrial Informatics",

issn = "1551-3203",

number = "9",

}

TY - JOUR

T1 - A Security Analysis Method for Industrial Internet of Things

AU - Mouratidis, Haralambos

AU - Diamantopoulou, Vasiiki

N1 - © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must beobtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2018/5/3

Y1 - 2018/5/3

N2 - The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels (design/modelling and runtime/simulation). Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate the applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.

AB - The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels (design/modelling and runtime/simulation). Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate the applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.

KW - Attack Path Discovery

KW - Industrial Internet of Things

KW - Security Requirements Engineering

UR - http://www.scopus.com/inward/record.url?scp=85046349771&partnerID=8YFLogxK

U2 - 10.1109/TII.2018.2832853

DO - 10.1109/TII.2018.2832853

M3 - Article

AN - SCOPUS:85046349771

SN - 1551-3203

VL - 14

SP - 4093

EP - 4100

JO - IEEE Transactions on Industrial Informatics

JF - IEEE Transactions on Industrial Informatics

IS - 9

ER -

A Security Analysis Method for Industrial Internet of Things

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this