Campus Units

Electrical and Computer Engineering

Document Type

Conference Proceeding

Conference

7th International Conference on Software Engineering & Computer Systems (ICSECS)

Publication Version

Accepted Manuscript

Publication Date

2021

Journal or Book Title

7th International Conference on Software Engineering & Computer Systems (ICSECS)

Conference Title

7th International Conference on Software Engineering & Computer Systems (ICSECS)

Conference Date

August 24-26, 2021

City

Pekan, Malaysia

Abstract

Cyber-Physical System (CPS) seamlessly integrates the computation, communication, and physical components of the system. Often, a CPS controls physical objects through computation and communication and uses of real-time feedback. Threat models of such systems must consider their hardware, network, infrastructure, software, and human aspects and the interactions of these aspects. Commonly, threat modeling of such systems is based on the given system’s architecture. In terms of components and interactions among these components, the architecture of a given CPS may change over time, making the threat model of the CPS rapidly obsolete–i.e., incomplete and invalid threat model. This paper poses the question: Can we automate threat modeling of a given CPS? A positive answer to the question helps to implement continuous up-to-date security assessments of CPSs–for different versions of the given system. It presents an approach to maintain the threat model of given CPSs up-to-date and reports about applying the proposed approach on Apollo Auto 3.5, an autonomous vehicle software. Unfortunately, the scalability limitation of the used architecture recovery technique prevents the recovering the Apollo Auto architecture and, consequently, the automated identification of the system’s threat model.

Comments

This is a manuscript of a proceeding published as Jamil, Ameerah-Muhsinah, Shifa Khan, Jian Kai Lee, and Lotfi ben Othmane. "Towards Automated Threat Modeling of Cyber-Physical Systems," 7th International Conference on Software Engineering & Computer Systems (ICSECS), IEEE, Pekan, Malaysia, 2021. Posted with permission.

Rights

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Copyright Owner

IEEE

Language

en

File Format

application/pdf

Share

Article Location

 
COinS