Visible to the public Towards Security Attack and Risk Assessment during Early System Design

TitleTowards Security Attack and Risk Assessment during Early System Design
Publication TypeConference Paper
Year of Publication2020
AuthorsGressl, L., Krisper, M., Steger, C., Neffe, U.
Conference Name2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Date PublishedJune 2020
ISBN Number978-1-7281-6428-1
Keywordscomposability, computer network security, CPS, cyber security, Cyber-physical systems, cybersecurity attacks, Design Space Exploration, design space exploration tools, Embedded System Design, Embedded systems, Internet of Things, IoT devices, Metrics, pubcrawl, resilience, Resiliency, risk assessment, Secure Embedded Consumer Devices, Secure IoT Systems, security attack, security attackers, security constraints, security risk, security vulnerabilities, smart devices, system designers, task mappings

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of smart and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are attractive targets for security attackers. Hence, with their integration into both the industry and consumer devices, they added a new surface for cybersecurity attacks. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. The design of secure systems is a complex task, especially if they must adhere to other constraints, such as performance, power consumption, and others. A range of design space exploration tools have been proposed in academics, which aim to support system designers in their task of finding the optimal selection of hardware components and task mappings. Said tools offer a limited way of modeling attack scenarios as constraints for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early design phase. It offers designers to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and security risk. The framework's feasibility and performance is demonstrated by revisiting a potential system design of an industry partner.

Citation Keygressl_towards_2020