Architecture-based attack propagation and variation analysis for identifying confidentiality issues in Industry 4.0

被引：1

作者：

Walter, Maximilian ^{[1
]}

Hahner, Sebastian ^{[1
]}

Bures, Tomas ^{[2
]}

Hnetynka, Petr ^{[2
]}

Heinrich, Robert ^{[1
]}

Reussner, Ralf ^{[1
]}

机构：

[1] Karlsruhe Inst Technol KIT, Inst Informat Secur & Dependabil KASTEL, Dependabil Software Intens Syst Grp DSiS, Fasanengarten 5, D-76131 Karlsruhe, Germany

[2] Charles Univ Prague, Fac Math & Phys, Malostranske Namesti 25, Prague 1, Czech Republic

来源：

AT-AUTOMATISIERUNGSTECHNIK | 2023年 / 71卷 / 06期

关键词：

attack propagation; confidentiality; software architecture;

D O I：

10.1515/auto-2022-0135

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Exchanging data between entities is an essential part of Industry 4.0. However, the data exchange should not affect the confidentiality. Therefore, data should only be shared with the intended entities. In exceptional scenarios, it is unclear whether data should be shared or not and what the impact of the access decision is. Runtime access control systems such as role-based access control often do not consider the impact on the overall confidentiality. Static design-time analyses often provide this information. We use architectural design-time analyses together with an uncertainty variation metamodel mitigating uncertainty to calculate impact properties of attack paths. Runtime access control approaches can then use this information to support the access control decision. We evaluated our approach on four case studies based on real-world examples and research cases.

引用

页码：443 / 452

页数：10

共 50 条

[1] Architectural Attack Propagation Analysis for Identifying Confidentiality Issues
Walter, Maximilian
Heinrich, Robert
Reussner, Ralf
IEEE 19TH INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE (ICSA 2022), 2022, : 1 - 12
[2] Dataset - Architectural Attack Propagation Analysis for Identifying Confidentiality Issues
Walter, Maximilian
Heinrich, Robert
Reussner, Ralf
2022 IEEE 19TH INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE COMPANION (ICSA-C 2022), 2022, : 59 - 59
[3] Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents
Walter, Maximilian
Heinrich, Robert
Reussner, Ralf
SOFTWARE ARCHITECTURE, ECSA 2023, 2023, 14212 : 37 - 53
[4] Architecture-based Uncertainty Impact Analysis to ensure Confidentiality
Hahner, Sebastian
Heinrich, Robert
Reussner, Ralf
2023 IEEE/ACM 18TH SYMPOSIUM ON SOFTWARE ENGINEERING FOR ADAPTIVE AND SELF-MANAGING SYSTEMS, SEAMS, 2023, : 126 - 132
[5] Architecture-Based Issue Propagation Analysis
Speth, Sandro
Krieger, Niklas
Heinrich, Robert
Becker, Steffen
SOFTWARE ARCHITECTURE, ECSA 2024, 2024, 14889 : 121 - 137
[6] IT confidentiality risk assessment for an architecture-based approach
Morali, Ayse
Zambon, Emmanuele
Etalle, Sandro
Re, Ir P. L. Overbeek
2008 3RD IEEE/IFIP INTERNATIONAL WORKSHOP ON BUSINESS-DRIVEN IT MANAGEMENT, 2008, : 31 - +
[7] An Architecture-based Modeling Approach Using Data Flows for Zone Concepts in Industry 4.0
Kern, Matthias
Taspolatoglu, Emre
Scheytt, Fabian
Glock, Thomas
Liu, Bo
Betancourt, Victor Pazmino
Becker, Juergen
Sax, Eric
2020 6TH IEEE INTERNATIONAL SYMPOSIUM ON SYSTEMS ENGINEERING (IEEE ISSE 2020), 2020,
[8] Consider of Fault Propagation in Architecture-Based Software Reliability Analysis
Zhang, Fan
Zhou, Xingshe
Dong, Yunwei
Chen, Junwen
2009 IEEE/ACS INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS, VOLS 1 AND 2, 2009, : 783 - 786
[9] Architecture-based Software Reliability with Error Propagation and Recovery
Fiondella, Lance
Gokhale, Swapna S.
2013 INTERNATIONAL SYMPOSIUM ON PERFORMANCE EVALUATION OF COMPUTER AND TELECOMMUNICATION SYSTEMS (SPECTS), 2013, : 38 - 45
[10] Identifying Reference Architecture Types for Stakeholder Groups in Industry 4.0
Josef Ressel Center for Dependable System-of-Systems Engineering Urstein Sued 1, 5412 Puch/Salzburg, Austria
INCOSE Int. Sym., 2024, 1 (1119-1134):

← 1 2 3 4 5 →