Global ETD Search

151	A Literature Review of Connected and Automated Vehicles : Attack Vectors Due to Level of Automation Kero, Chanelle January 2020 (has links) The manufacturing of connected and automated vehicles (CAVs) is happening and they are aiming at providing an efficient, safe, and seamless driving experience. This is done by offering automated driving together with wireless communication to and from various objects in the surrounding environment. How automated the vehicle is can be classified from level 0 (no automation at all) to level 5 (fully automated). There is many potential attack vectors of CAVs for attackers to take advantage of and these attack vectors may change depending on what level of automation the vehicle have. There are some known vulnerabilities of CAVs where the security has been breached, but what is seemed to be lacking in the academia in the field of CAVs is a place where the majority of information regarding known attack vectors and cyber-attacks on those is collected. In addition to this the attack vectors may be analyzed for each level of automation the vehicles may have. This research is a systematic literature review (SLR) with three stages (planning, conducting, and report) based on literature review methodology presented by Kitchenham (2004). These stages aim at planning the review, finding articles, extracting information from the found articles, and finally analyzing the result of them. The literature review resulted in information regarding identified cyberattacks and attack vectors the attackers may use as a path to exploit vulnerabilities of a CAV. In total 24 types of attack vectors were identified. Some attack vectors like vehicle communication types, vehicle applications, CAN bus protocol, and broadcasted messages were highlighted the most by the authors. When the attack vectors were analyzed together with the standard of ‘Levels of Driving Automation’ it became clear that there are more vulnerabilities to consider the higher level of automation the vehicle have. The contributions of this research are hence (1) a broad summary of attack vectors of CAVs and (2) a summary of these attack vectors for every level of driving automation. This had not been done before and was found to be lacking in the academia. Attack Vector CAV Connected and Automated Vehicle Cyber-Attacks Cyber-Security ITS Levels of Driving Automation VANET Vehicular Communication Computer and Information Sciences Data- och informationsvetenskap Information Systems
152	Cyber Security Risks and Opportunities of Artificial Intelligence: A Qualitative Study : How AI would form the future of cyber security Kirov, Martin January 2023 (has links) Cybercriminals' digital threats to security are increasing, and organisations seek smarter solutions to combat them. Many organisations are using artificial intelligence (AI) to protect their assets. Statistics show that the adoption of AI in cyber security worldwide has grown steadily over the past few years, demonstrating that more and more companies are searching for more effective methods than traditional ones. At the same time, some are cautious about its implementation. Previous research shows this is a topic of discussion in the cyber security branch. Researchers seek to understand further how AI is used, uncovering how it may benefit security and the challenges organisations face. Sweden is a country known for its high level of technological advancement and innovation, and it has seen a particularly significant increase in the integration of AI in cyber security practices. Using semi-structured interviews as the primary research method, a diverse range of companies, were interviewed regarding their viewpoints on the topic, both those implementing AI-based cyber security solutions and those who do not. The research objectives were to examine how companies in Sweden understand and perceive AI in cyber security, identify their perceived risks associated with any potential opportunities with AI adoption, and explore possible future developments in the field. Through in-depth interviews, participants discussed their experiences, concerns, and expectations surrounding the topic, showing anywhere from mixed to negative opinions from companies not utilising AI cyber security. This study shows how more research is needed to advance our understanding of AI cyber security and how it is implemented in companies. The study concludes that when showing interest in strengthening their security with the help of AI, organisations should consider the ethical and legal issues as well as the importance of choosing the right AI solutions. Professionals recommend AI implementation for companies wishing to increase cyber security defences in the rising and ever-changing cyber threats landscape. / Cyberbrottslingarnas digitala hot mot säkerheten ökar, och organisationer söker smartare lösningar för att bekämpa dem. Många organisationer använder artificiell intelligens (AI) för att skydda sina tillgångar. Statistik visar att användningen av AI inom cybersäkerhet världen över har ökat stadigt under de senaste åren, vilket visar att allt fler företag söker efter mer effektiva metoder än de traditionella. Samtidigt är vissa försiktiga vad gäller AI:s implementering. Tidigare forskning visar att detta är ett diskussionsämne inom cybersäkerhetsbranschen. Forskarna vill förstå mer om hur AI används, hur det kan gynna säkerheten och vilka utmaningar organisationerna står inför. Sverige är ett land som är känt för sin höga nivå av teknisk utveckling och innovation och man har sett en särskilt betydande ökning av integrationen av AI i cybersäkerhetspraxis i landet. Med hjälp av semistrukturerade intervjuer som primär forskningsmetod intervjuades en rad olika företag om deras syn på ämnet, både de som implementerar AI-baserade cybersäkerhetslösningar och de som inte gör det. Målet var att undersöka hur företag i Sverige förstår och uppfattar AI inom cybersäkerhet, att identifiera deras upplevda risker i samband med eventuella möjligheter med AI-adoption och utforska möjlig framtida utveckling inom området. Genom djupintervjuer diskuterade deltagarna sina erfarenheter, farhågor och förväntningar i ämnet, som visade allt från blandade till negativa åsikter från företag som inte använder AI i cybersäkerhet. Studien visar att det behövs ytterligare forskning för att öka vår förståelse för AI-cybersäkerhet och hur den ska implementeras i företag. Studien drar slutsatsen att organisationer som visar intresse för att stärka sin säkerhet med hjälp av AI bör ta hänsyn till etiska och juridiska frågor samt vikten av att välja rätt AI-lösningar. Experter rekommenderar att AI implementeras för företag som vill stärka sin cybersäkerhet i det ständigt ökande och föränderliga cyberhotslandskapet. AI Cyber Security qualitative research semi-structured interviews perceptions risks opportunities ethical considerations legal implications responsible AI deployment. Computer Systems Datorsystem Robotics Robotteknik och automation Embedded Systems Inbäddad systemteknik
153	Model-Based Autonomic Security Management of Networked Distributed Systems Chen, Qian 13 December 2014 (has links) This research focuses on the development and validation of an autonomic security management (ASM) framework to proactively protect distributed systems (DSs) from a wide range of cyber assaults with little or no human intervention. Multi-dimensional cyber attack taxonomy was developed to characterize cyber attack methods and tactics against both a Web application (Web-app) and an industrial control system (ICS) by accounting for their impacts on a set of system, network, and security features. Based on this taxonomy, a normal region of system performance is constructed, refined, and used to predict and identify abnormal system behavior with the help of forecasting modules and intrusion detection systems (IDS). Protection mechanisms are evaluated and implemented by a multi-criteria analysis controller (MAC) for their efficiency in eliminating and/or mitigating attacks, maintaining normal services, and minimizing operational costs and impacts. Causes and impacts of unknown attacks are first investigated by an ASM framework learning module. Attack signatures are then captured to update IDS detection algorithms and MAC protection mechanisms in near real-time. The ASM approach was validated within Web-app and ICS testbeds demonstrating the effectiveness of the self-protection capability. Experiments were conducted using realworld cyber attack tools and profiles. Experimental results show that DS security behavior is predicted, detected, and eliminated thus validating our original hypothesis concerning the self-protection core capability. One important benefit from the self-protection feature is the cost-effective elimination of malicious requests before they impede, intrude or compromise victim systems. The ASM framework can also be used as a decision support system. This feature is important especially when unknown attack signatures are ambiguous or when responses selected automatically are not efficient or are too risky to mitigate attacks. In this scenario, man-in-the-loop decisions are necessary to provide manual countermeasures and recovery operations. The ASM framework is resilient because its main modules are installed on a master controller virtual machine (MC-VM). This MC-VM is simple to use and configure for various platforms. The MC-VM is protected; thus, even if the internal network is compromised, the MC-VM can still maintain “normal” self-protection services thereby defending the host system from cyber attack on-thely. Intrusion Mitigation and Response System Self-Protection Autonomic Computing Intrusion Detection/Protection System Network Forensics Cyber Attack Taxonomy Cyber Security Intrusion Estimation Security Model-based Validation
154	Reasoning about Moving Target Defense in Attack Modeling Formalisms / Resonemang om Rörligt Målförsvar i Attackmodelleringsformalismer Ballot, Gabriel January 2022 (has links) Since 2009, Moving Target Defense (MTD) has become a new paradigm of defensive mechanism that frequently changes the state of the target system to confuse the attacker. This frequent change is costly and leads to a trade-off between misleading the attacker and disrupting the quality of service. Optimizing the MTD activation frequency is necessary to develop this defense mechanism when facing realistic, multi-step attack scenarios. Attack modeling formalisms based on DAG are prominently used to specify these scenarios. It represents the attack goal in the root of a tree that is recursively refined into subgoals to show the different ways the attacker can compromise the system. According to some specific models, the tree is augmented with countermeasures, time, costs, or probabilities. Our contribution is a new DAG-based formalism for MTDs and its translation into a Price Timed Markov Decision Process to find the best activation frequencies against the attacker’s time/cost-optimal strategies. For the first time, MTD activation frequencies are analyzed in a state-of-the-art DAG-based representation. Moreover, this is the first paper that considers the specificity of MTDs in the automatic analysis of attack modeling formalisms. Finally, we present some experimental results using UPPAAL STRATEGO to demonstrate its applicability and relevance. / Sedan 2009 har Moving Target Defense (MTD) blivit ett nytt paradigm av defensiv mekanism som ofta ändrar målsystemets tillstånd för att förvirra angriparen. Denna frekventa förändring är kostsam och leder till en avvägning mellan att vilseleda angriparen och att störa målsystemets tillförlitlighet. Att optimera MTD-aktiveringsfrekvensen är nödvändigt för att utveckla denna försvarsmekanism när man står inför realistiska attackscenarier i flera steg. Attackmodelleringsformalismer baserade på DAG är de främst använda metoderna för att specificera dessa scenarier. Metoden representer attackmålet i roten av ett träd som rekursivt förfinas till delmål för att visa de olika sätt som angriparen kan äventyra systemet. Enligt vissa specifika modeller är trädet utökat med motåtgärder, tid, kostnader eller sannolikheter. Vårt bidrag är en ny DAG-baserad formalism för MTD:er och dess översättning till en Price Timed Markov Decision Process för att hitta de bästa aktiveringsfrekvenserna mot angriparens tids-/kostnadsoptimala strategier. För första gången analyseras MTD-aktiveringsfrekvenser i en toppmodern DAG-baserad representation. Dessutom är detta det första rapporten som överväger specificiteten hos MTD:er i den automatiska analysen av attackmodelleringsformalismer. Slutligen presenterar vi några experimentella resultat med UPPAAL STRATEGO för att visa dess tillämpbarhet och relevans. Timed Model checking Cyber Security Threat Modeling Moving Target Defense Tidsinställd modellkontroll Cybersäkerhet Hotmodellering Moving Target Defense Computer Sciences Datavetenskap (datalogi)
155	Ethical hacking of Sennheiser smart headphones / Etiskt hackande av Sennheiser smarta hörlurar Huang, Fuhao January 2022 (has links) The proliferation of IoT devices has brought our world closer than ever. However, because these devices can connect to the internet, they are also vulnerable to cyberattacks. IoT devices collect our personal information, so we must take IoT security seriously to protect our privacy. In this master thesis, an assessment of the security of Sennheiser smart headphones Momentum 3 wireless was conducted to demonstrate whether the smart headphones are secure or not. This pair of headphones were chosen because Sennheiser is a well-known brand and the headphones are one of its high-end headphones, they should be expected to be more secure. Previous academic papers related to the security of Bluetooth headphones were not found, because the security of headphones is generally considered to be less important. For the above reasons, this paper conducts security assessment on this pair of smart headphones. The thesis begins with gathering information of the smart headphones from a black-box perspective. Then threat modeling is used to list and select the attacks to be performed during penetration testing. Finally, the penetration testing is conducted. The result of the penetration testing shows that the headphones are secure enough with no serious vulnerabilities found but a few minor flaws. As this thesis is not in cooperation with Sennheiser, some tests were not performed due to Swedish law. Meanwhile, due to time constraints, some of the identified threats were not attempted in the penetration testing phase and require further investigation. / Spridningen av IoT-enheter har fört vår värld närmare än någonsin. Men eftersom dessa enheter kan ansluta till internet är de också sårbara för cyberattacker. IoT-enheter samlar in vår personliga information, så vi måste ta IoT-säkerhet på allvar för att skydda vår integritet. I denna masteruppsats genomfördes en bedömning av säkerheten hos Sennheiser smarta hörlurar Momentum 3 wireless för att visa om de smarta hörlurarna är säkra eller inte. Detta par hörlurar valdes för att Sennheiser är ett välkänt varumärke och hörlurarna är en av dess avancerade hörlurar, de bör förväntas vara säkrare. Tidigare akademiska artiklar relaterade till säkerheten för Bluetooth-hörlurar hittades inte, eftersom säkerheten för hörlurar generellt anses vara mindre viktig. Av ovanstående skäl genomför detta dokument en säkerhetsbedömning av detta par smarta hörlurar. Examensarbetet börjar med att samla information om de smarta hörlurarna ur ett black-box-perspektiv. Sedan används hotmodellering för att lista och välja de attacker som ska utföras under penetrationstestning. Slutligen genomförs penetrationsprovningen. Resultatet av penetrationstestet visar att hörlurarna är tillräckligt säkra utan några allvarliga sårbarheter men några mindre brister. Eftersom detta examensarbete inte är i samarbete med Sennheiser har vissa tester inte utförts på grund av svensk lag. Under tiden, på grund av tidsbrist, försökte inte några av de identifierade hoten under penetrationstestfasen och kräver ytterligare undersökning. Ethical hacking smart headphones Bluetooth cyber security Internet of Things Etisk hackning smarta hörlurar Bluetooth cybersäkerhet Internet of Things Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik
156	PROACTIVE VULNERABILITY IDENTIFICATION AND DEFENSE CONSTRUCTION -- THE CASE FOR CAN Khaled Serag Alsharif (8384187) 25 July 2023 (has links) <p>The progressive integration of microcontrollers into various domains has transformed traditional mechanical systems into modern cyber-physical systems. However, the beginning of this transformation predated the era of hyper-interconnectedness that characterizes our contemporary world. As such, the principles and visions guiding the design choices of this transformation had not accounted for many of today's security challenges. Many designers had envisioned their systems to operate in an air-gapped-like fashion where few security threats loom. However, with the hyper-connectivity of today's world, many CPS find themselves in uncharted territory for which they are unprepared.</p> <p><br></p> <p>An example of this evolution is the Controller Area Network (CAN). CAN emerged during the transformation of many mechanical systems into cyber-physical systems as a pivotal communication standard, reducing vehicle wiring and enabling efficient data exchange. CAN's features, including noise resistance, decentralization, error handling, and fault confinement mechanisms, made it a widely adopted communication medium not only in transportation but also in diverse applications such as factories, elevators, medical equipment, avionic systems, and naval applications.</p> <p><br></p> <p>The increasing connectivity of modern vehicles through CD players, USB sticks, Bluetooth, and WiFi access has exposed CAN systems to unprecedented security challenges and highlighted the need to bolster their security posture. This dissertation addresses the urgent need to enhance the security of modern cyber-physical systems in the face of emerging threats by proposing a proactive vulnerability identification and defense construction approach and applying it to CAN as a lucid case study. By adopting this proactive approach, vulnerabilities can be systematically identified, and robust defense mechanisms can be constructed to safeguard the resilience of CAN systems.</p> <p><br></p> <p>We focus on developing vulnerability scanning techniques and innovative defense system designs tailored for CAN systems. By systematically identifying vulnerabilities before they are discovered and exploited by external actors, we minimize the risks associated with cyber-attacks, ensuring the longevity and reliability of CAN systems. Furthermore, the defense mechanisms proposed in this research overcome the limitations of existing solutions, providing holistic protection against CAN threats while considering its performance requirements and operational conditions.</p> <p><br></p> <p>It is important to emphasize that while this dissertation focuses on CAN, the techniques and rationale used here could be replicated to secure other cyber-physical systems. Specifically, due to CAN's presence in many cyber-physical systems, it shares many performance and security challenges with those systems, which makes most of the techniques and approaches used here easily transferrable to them. By accentuating the importance of proactive security, this research endeavors to establish a foundational approach to cyber-physical systems security and resiliency. It recognizes the evolving nature of cyber-physical systems and the specific security challenges facing each system in today's hyper-connected world and hence focuses on a single case study. </p> System and network security CAN Controller Area Network Cyber Physical Systems (CPS) Vulnerability Identification Protocol Testing Protocol Fuzzing Intrusion Detection / Prevention Systems Cyber Security
157	Adaptable Information and Data Security Process : A Secure Yet Employee Friendly Process Proposal of IT Security Implementation in Organizations. Ali, Mirza Maaz January 2017 (has links) Organizations have been changing their IT structure due to several reasons such as merger of two companies, acquisition of one company by another or IT consolidation within a company. IT policies are one of the areas which get redefined during such changes. However the lack of test facilities, time, funds, or human resources and expertise for change assessment of reengineering IT infrastructure such as integration of independently working systems or switching from on premises IT resources to cloud based IT resources, can be left unassessed. The absence of forthcoming changes' assessment can cause trouble at many levels of any organization, depending on which business operation is affected. Since every employee with a workstation is an end user, it is safe to say that end users or employees are the target of those unforeseen impacts. This situation can be handled by a working process which is able to adapt the changes made to IT systems security. This thesis presents a process that highlights post change issues and can help organizations to adapt to the changes in the environment and minimizes highlighted issues hence called Adaptable Information and Data Security Process. A system or entity is adaptable if it can adapt to changes. The results of this research are derived by putting the proposed process in use to calculate monetary and time loss in any project using different variables. Those results can encourage and support middle management to propose investment in user training and local support staff when presenting their case to upper management. Our results show the loss of 0.24% of a 200,000 kroner project to be completed in 44 weeks due to lack of adequate training of technical staff and users training to use IT systems. Another dimension of loss is calculated to show 4.2 hour of time loss on top of monetary loss given a total of 44 weeks of project period. The proposal suggests that the calculations of those loses can help management invest the time and money on users’ training and onsite technical support which will result in less investment and long lasting results as oppose to conventional approach that is lack of users training and off shore support that may reduce expenses in short term but causes significant long term losses. / Organisationer har förändra sin IT-struktur på grund av flera skäl, såsom sammanslagning av två företag, förvärv av ett företag med en annan eller ITkonsolidering inom ett företag. IT-politik är ett av de områden som får omdefinieras under sådana förändringar. Dock är det faktum att dessa omedelbara förändringar kommer att medföra en massa problem som ofta förbises eller det är oförutsedd eftersom den fulla effekten av förändring inte kunde bedömas. Dessa oförutsedda konsekvenser kan orsaka problem på många organisationsnivåer beroende på vilken affärsverksamhet påverkas. Eftersom varje anställd på en arbetsstation är en slutanvändare eller anställd, är det säkert att säga att slutanvändare eller anställda är föremål för dessa oförutsedda konsekvenser. Denna situation kan hanteras genom en arbetsprocess som är i stånd att anpassa de ändringar som gjorts till IT-system säkerhet. Avhandlingen presenterar en process som lyfter fram förändringsproblem och kan hjälpa organisationer att anpassa sig till förändringarna i miljön och minimerar markerade problem, så kallade anpassningsbar informationsoch datasäkerhetsprocess. Ett system eller en enhet är anpassningsbar om den kan anpassa sig till förändringar. Resultaten av denna forskning är härledda genom att den föreslagna processen används för att beräkna monetär och tidsförlust i något projekt med olika variabler. Dessa resultat kan uppmuntra och stödja mellanhantering för att föreslå investeringar i användarutbildning och lokal supportpersonal när de presenterar sitt ärende för den överordnade ledningen. Våra resultat visar förlusten på 0,24% av ett projekt på 200 000 kronor som ska slutföras på 44 veckor på grund av brist på adekvat utbildning av teknisk personal och användarutbildning för att använda IT-system. En annan dimension av förlust beräknas visa 4.2 timme tidsförlust ovanpå monetär förlust med totalt 44 veckor projektperiod. Vårt förslag tyder på att beräkningarna av de som förlorar kan hjälpa ledningen att investera i tid och pengar på användarutbildning och teknisk support på plats, vilket kommer att leda till mindre investeringar och långvariga resultat som motsätter sig konventionellt tillvägagångssätt som bristen på utbildning av användare Landsstöd som kan minska kostnaderna på kort sikt men orsakar betydande långsiktiga förluster. information security cyber-security secure adaptability user friendly user friendliness process processes organizations. information säkerhet Cybersäkerhet säker anpassningsförmåga användarvänliga användarvänlighet process processer organisationer. Computer and Information Sciences Data- och informationsvetenskap
158	vehicleLang: a probabilistic modeling and simulation language for vehicular cyber attacks Katsikeas, Sotirios January 2018 (has links) The technological advancements in the automotive industry as well as in thefield of communication technologies done the last years have transformed thevehicles to complex machines that include not only electrical and mechanicalcomponents but also a great number of electronic components. Furthermore,modern vehicles are now connected to the Wide Area Network (WAN) and inthe near future communications will also be present between the cars (Vehicleto-Vehicle, V2V) and between cars and infrastructure (Vehicle-to-Infrastructure, V2I), something that can be found as Internet of Vehicles (IoV)in the literature. The main motivations towards all the aforementioned changesin modern vehicles are of course the improvement of road safety, the higherconvenience of the passengers, the increase in the efficiency and the higher userfriendliness.On the other hand, having vehicles connected to the Internet opens them up toa new domain of interest, this no other than the domain of cyber security. Thispractically means that while previously we were only considering cyber-attackson computational systems, now we need to start thinking about it also forvehicles. This, as a result, creates a new field of research, namely the vehicularcyber security. However, this field does not only include the possible vehicularcyber-attacks and their corresponding defenses but also the modeling andsimulation of them with the use of vehicular security analysis tools, which isalso recommended by the ENISA report titled “Cyber Security and Resilienceof smart cars: Good practices and recommendations”.Building on this need for vehicular security analysis tools, this work aims tocreate and evaluate a domain-specific, probabilistic modeling and simulationlanguage for cyber-attacks on modern connected vehicles. The language will bedesigned based on the existing threat modeling and risk management toolsecuriCAD® by foreseeti AB and more specifically based on its underlyingmechanisms for describing and probabilistically evaluating the cyber threats ofthe models.The outcome/final product of this work will be the probabilistic modeling andsimulation language for connected vehicles, called vehicleLang, that will beready for future use in the securiCAD® software. / De tekniska framstegen inom fordonsindustrin såväl som inomkommunikationsteknik som gjorts de senaste åren har omvandlat fordon tillkomplexa maskiner som inte bara omfattar elektriska och mekaniskakomponenter utan också ett stort antal elektroniska komponenter. Dessutom ärmoderna fordon nu anslutna till Internet (WAN) och inom den närmasteframtiden kommer kommunikation också att etableras mellan bilarna (Vehicleto-Vehicle, V2V) och mellan bilar och infrastruktur (Vehicle-to-Infrastructure,V2I). Detta kan också kallas fordonens internet (Internet of Vehicles - IoV) ilitteraturen. De främsta motiven för alla ovannämnda förändringar i modernafordon är förstås förbättringen av trafiksäkerheten, ökad bekvämlighet förpassagerarna, ökad effektivitet och högre användarvänlighet.Å andra sidan, att ha fordon anslutna till Internet öppnar dem för en ny domän,nämligen cybersäkerhet. Då vi tidigare bara övervägde cyberattacker påtraditionella datorsystem, måste vi nu börja tänka på det även för fordon. Dettaområde omfattar emellertid inte bara de möjliga fordonsattackerna och derasmotsvarande försvar utan även modellering och simulering av dem med hjälpav verktyg för analys av fordonssäkerhet, vilket också rekommenderas avENISA-rapporten med titeln ”Cyber Security and Resilience of smart cars: Goodpractices and recommendations”.På grund av detta behov av verktyg för fordonssäkerhetsanalys syftar dettaarbete till att skapa och utvärdera ett domänspecifikt, probabilistisktmodelleringsspråk för simulering av cyberattacker på moderna anslutna fordon.Språket har utformats utifrån det befintliga hotmodellerings- ochriskhanteringsverktyget securiCAD® av foreseeti AB och mer specifikt baseratpå dess underliggande mekanismer för att beskriva och probabilistiskt utvärderamodellernas cyberhot.Resultatet/slutprodukten av detta arbete är ett probabilistisktmodelleringsspråk för uppkopplade fordon, vehicleLang. Domain Specific Language Probabilistic Modeling Cyber Security Threat Modeling Attack Graphs Vehicular Security Domänspecifikt språk Probabilistisk modellering Cybersäkerhet Hotmodellering Attackgrafer Fordonsäkerhet Engineering and Technology Teknik och teknologier
159	Towards Hybrid System Approaches for Cyber-Physical System Security and Resiliency Dawei Sun (14205656) 02 December 2022 (has links) <p>Cyber-physical systems (CPS) are a class of complicated systems integrating cyber components with physical components. Although such a cyber-physical interaction improves the system performance and intelligence, it increases the system complexity and makes the system vulnerable to various types of faults, failures, and cyber-attacks. To assure the security and improve the resiliency of CPS, it is found that the hybrid system model can be a powerful tool in the domain of fault detection and isolation, cyber-attack diagnosis and containment, as well as resilient control and reconfiguration. Several problems are concerned in this dissertation. For situational awareness, \textit{mode discernibility}, which stands for whether the discrete state of a hybrid system can be correctly identified, is characterized and discussed with potential applications to monitoring system design. For CPS vulnerability analysis, the problem of stealthy attack design for systems with switching structures is investigated, which is motivated by the recent literature. To further understand and remedy for the vulnerabilities, the detectability and identifiability for severe cyber-attacks are defined and characterized, which are followed by the discussions on the methodologies for cyber-attack detection and identification. Last but not least, based on the understanding of identifiability, a framework of resilient control design is proposed to mitigate the impact of cyber-attacks, which can be generalized in future to account for additional design criteria.</p> Control engineering Hybrid systems. Cyber-Security Fault Detection and Isolation Geometric Control Theory
160	Identifying and analysing forensic artefacts of specific attacks on a Programmable Logic Controller / Identifiera och analysera kriminaltekniska artefakter för specifika attacker på en Programmerbar Logisk Styrenhet Forsberg, Rebecka January 2022 (has links) In Industrial Computer Systems, Programmable Logic Controllers (PLCs) are essential components since they control physical processes. Altering these could have enormous consequences as they can control processes in nuclear plants, gas pipelines and water supplies. Over the years, PLCs have become more and more connected since it facilitates their configuration and programming remotely. More connected does also means that they could be more vulnerable to attacks. Therefore, it would be desirable to be able to do a forensic investigation and interpret the artefacts if an incident happens, especially since PLCs control such vital functions. There exists little research about this area, but it does not discuss how to evaluate or interpret possible artefacts forensic investigation could reveal. This thesis aims to answer what artefacts are left in the system after two specific attacks. The result showed that some artefacts is left. One of the attacks does not leave so much specific artefacts that one could conclude how the attack happened, but for the other one, it was possible to conclude how they got remote access to the system. However, these artefacts were possible to cover up by deleting the IP address that was added in order to get remote access to the system. In other words, the only persistent artefacts left in the system after the attacks and cover-ups was metadata about created, modified, and removed files. Future work would be to expand and include more attacks to get a better overview of the overall forensic abilities of the PLC. / I industriella datorsystem är PLC (Programmable Logic Controllers) viktiga komponenter eftersom de styr fysiska processer. Att ändra dessa kan få enorma konsekvenser eftersom de kan styra processer i kärnkraftverk, gasledningar och vattenförsörjning. Under årens lopp har PLC:er blivit mer och mer uppkopplade eftersom det underlättar deras konfiguration och programmering på distans. Mer uppkopplade betyder också att de kan vara mer sårbara för attacker. Därför vore det önskvärt att kunna göra en kriminalteknisk undersökning och tolka bevisningen om en incident inträffar, särskilt eftersom PLC:er kontrollerar sådana vitala funktioner. Det finns lite forskning om detta område, men den diskuterar inte hur man ska utvärdera eller tolka eventuella bevis som den kriminalteknisk undersökningen kan avslöja. Denna avhandling syftar till att svara på vilka artefakter som finns kvar i systemet efter två specifika attacker. Resultatet visade att en del bevis finns kvar. En av attackerna lämnar inte så mycket specifika bevis att man kunde dra slutsatsen hur attacken gick till, men för den andra gick det att dra slutsatsen hur de fick fjärråtkomst till systemet. Dessa artefakter var dock möjliga att dölja genom att radera IP-adressen som lades till för att få fjärråtkomst till systemet. Med andra ord, det enda ihållande bevisningen som fanns kvar i systemet efter attackerna och mörkläggningarna var metadata om skapade, modifierade och borttagna filer. Framtida arbete skulle vara att expandera och inkludera fler attacker för att få en bättre överblick över PLC:s övergripande forensiska förmågor. Industrial Cyber Security forensics Programmable Logic Controller Forensic analysis Artefacts Forensic readiness Industriell cybersäkerhet forensik Programmerbar logikkontroller Forensik analys Artefakter Forensisk mogenhet Computer Sciences Datavetenskap (datalogi)

Search results