Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An Attack Model of Autonomous Systems of Systems
Mälardalen University, School of Innovation, Design and Engineering.
Mälardalen University, School of Innovation, Design and Engineering.
2018 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Context: In order to provide more functionalities and services, systems collaborate with each other creating more complex systems called Systems of Systems. Exploiting security vulnerabilities in such complex systems has an impact over system safety and it is not sufficient to analyze them separately in the development process. Observing these safety and security interdependencies together can be done via the process of attack modeling where attack models deploy a model for detecting vulnerabilities and possible mitigation strategies while observing system security from an adversary point of view. Objective: The aim of the thesis is to explore the interdependencies between safety and security concerns, to provide details on attack model(s) and affected safety requirements of given system, to argument that the system is acceptably safe to operate, and to contribute to the identified business challenges. Method: The thesis work consists of: (i) a literature survey on interdependencies between safety and security, and a literature survey on the existing attack models; (ii) a demonstration on a use case where the argument that the given system is acceptably safe with respect to the selected attack model has been provided using Goal Structuring Notation (GSN). Conclusion: The first literature survey conducted on the topic of interdependencies between safety and security has resulted in a number of papers addressing the importance of investigating safety and security together. Reviewed papers have been focused either on proposing new approaches or extending the existing ones in different industry domains like automotive, railway, industrial, etc. The literature survey on existing attack models has resulted in a number of papers elaborating attack models in general and showing domain-specific attack models such as those in control systems, vehicles, Cloud Computing, IoT, networks, RFID, Recommender Systems, etc. To provide an argument that the given system is acceptably safe by using GSN, investigated results from the selected attack model showed how to protect system while observing it from an adversary point of view. Including security countermeasures, i.e. data and identity authentication and implementation of access control in the system development process can produce an acceptably safe system, whilst, at the same time, affect different business aspects by introducing latency and delay to the system. However, avoiding such mitigation techniques may have catastrophic impact on the system and its environment when attacks are launched.

Place, publisher, year, edition, pages
2018. , p. 44
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:mdh:diva-39810OAI: oai:DiVA.org:mdh-39810DiVA, id: diva2:1218262
External cooperation
Knightec AB; Volvo CE
Supervisors
Examiners
Available from: 2018-06-15 Created: 2018-06-14 Last updated: 2018-06-15Bibliographically approved

Open Access in DiVA

fulltext(1253 kB)51 downloads
File information
File name FULLTEXT01.pdfFile size 1253 kBChecksum SHA-512
c2c4c43284799363fa14fce2c79d6f00e14471496679553bc27ffeee47bba222d333953ccfc82b1d6d9fcc0076a86fdf4831d49d11bcd590918417bef3a1be2b
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hanic, DzanaSurkovic, Amer
By organisation
School of Innovation, Design and Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 51 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 39 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf