The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Les systèmes cyberphysiques, dans lesquels les systèmes TIC et les appareils de terrain sont interconnectés et imbriqués, se sont répandus. Davantage de menaces doivent être prises en compte lors de la conception de la sécurité des systèmes cyber-physiques. Les attaquants peuvent causer des dommages au monde physique en exploitant les vulnérabilités des systèmes TIC, tandis que d'autres attaquants peuvent exploiter les faiblesses des frontières physiques pour exploiter les systèmes TIC. Il est donc nécessaire d’évaluer correctement ces risques d’attaques. Une attaque par accès direct dans le domaine automobile est le dernier type d'attaque dans lequel un attaquant connecte directement un équipement non autorisé à un réseau embarqué et tente un accès non autorisé. Mais elle a été considérée comme moins réaliste et évaluée comme moins risquée que d’autres menaces via les points d’entrée du réseau par les méthodes conventionnelles d’évaluation des risques. Nous nous sommes concentrés sur la réévaluation des menaces via des attaques par accès direct en proposant des procédures de conception de sécurité efficaces pour les systèmes cyber-physiques basées sur une directive pour les automobiles, JASO TP15002. Dans cet article, nous nous concentrons sur « l’adaptation à un domaine ou à un point de vue spécifique » d’un tel système cyber-physique et concevons une nouvelle méthode de quantification des risques, RSS-CWSS_CPS basée sur CWSS, qui est également une norme d’évaluation de la vulnérabilité pour les systèmes TIC. Il peut quantifier les caractéristiques des limites physiques des systèmes cyber-physiques.
Yasuyuki KAWANISHI
Sumitomo Electric Industries, Ltd.,AIST,Kyoto Sangyo University
Hideaki NISHIHARA
AIST
Hideki YAMAMOTO
Sumitomo Electric Industries, Ltd.,AIST
Hirotaka YOSHIDA
AIST
Hiroyuki INOUE
AIST,Kyoto Sangyo University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Yasuyuki KAWANISHI, Hideaki NISHIHARA, Hideki YAMAMOTO, Hirotaka YOSHIDA, Hiroyuki INOUE, "A Study of The Risk Quantification Method of Cyber-Physical Systems focusing on Direct-Access Attacks to In-Vehicle Networks" in IEICE TRANSACTIONS on Fundamentals,
vol. E106-A, no. 3, pp. 341-349, March 2023, doi: 10.1587/transfun.2022CIP0004.
Abstract: Cyber-physical systems, in which ICT systems and field devices are interconnected and interlocked, have become widespread. More threats need to be taken into consideration when designing the security of cyber-physical systems. Attackers may cause damage to the physical world by attacks which exploit vulnerabilities of ICT systems, while other attackers may use the weaknesses of physical boundaries to exploit ICT systems. Therefore, it is necessary to assess such risks of attacks properly. A direct-access attack in the field of automobiles is the latter type of attacks where an attacker connects unauthorized equipment to an in-vehicle network directly and attempts unauthorized access. But it has been considered as less realistic and evaluated less risky than other threats via network entry points by conventional risk assessment methods. We focused on reassessing threats via direct access attacks in proposing effective security design procedures for cyber-physical systems based on a guideline for automobiles, JASO TP15002. In this paper, we focus on “fitting to a specific area or viewpoint” of such a cyber-physical system, and devise a new risk quantification method, RSS-CWSS_CPS based on CWSS, which is also a vulnerability evaluation standard for ICT systems. It can quantify the characteristics of the physical boundaries in cyber-physical systems.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2022CIP0004/_p
Copier
@ARTICLE{e106-a_3_341,
author={Yasuyuki KAWANISHI, Hideaki NISHIHARA, Hideki YAMAMOTO, Hirotaka YOSHIDA, Hiroyuki INOUE, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={A Study of The Risk Quantification Method of Cyber-Physical Systems focusing on Direct-Access Attacks to In-Vehicle Networks},
year={2023},
volume={E106-A},
number={3},
pages={341-349},
abstract={Cyber-physical systems, in which ICT systems and field devices are interconnected and interlocked, have become widespread. More threats need to be taken into consideration when designing the security of cyber-physical systems. Attackers may cause damage to the physical world by attacks which exploit vulnerabilities of ICT systems, while other attackers may use the weaknesses of physical boundaries to exploit ICT systems. Therefore, it is necessary to assess such risks of attacks properly. A direct-access attack in the field of automobiles is the latter type of attacks where an attacker connects unauthorized equipment to an in-vehicle network directly and attempts unauthorized access. But it has been considered as less realistic and evaluated less risky than other threats via network entry points by conventional risk assessment methods. We focused on reassessing threats via direct access attacks in proposing effective security design procedures for cyber-physical systems based on a guideline for automobiles, JASO TP15002. In this paper, we focus on “fitting to a specific area or viewpoint” of such a cyber-physical system, and devise a new risk quantification method, RSS-CWSS_CPS based on CWSS, which is also a vulnerability evaluation standard for ICT systems. It can quantify the characteristics of the physical boundaries in cyber-physical systems.},
keywords={},
doi={10.1587/transfun.2022CIP0004},
ISSN={1745-1337},
month={March},}
Copier
TY - JOUR
TI - A Study of The Risk Quantification Method of Cyber-Physical Systems focusing on Direct-Access Attacks to In-Vehicle Networks
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 341
EP - 349
AU - Yasuyuki KAWANISHI
AU - Hideaki NISHIHARA
AU - Hideki YAMAMOTO
AU - Hirotaka YOSHIDA
AU - Hiroyuki INOUE
PY - 2023
DO - 10.1587/transfun.2022CIP0004
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E106-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2023
AB - Cyber-physical systems, in which ICT systems and field devices are interconnected and interlocked, have become widespread. More threats need to be taken into consideration when designing the security of cyber-physical systems. Attackers may cause damage to the physical world by attacks which exploit vulnerabilities of ICT systems, while other attackers may use the weaknesses of physical boundaries to exploit ICT systems. Therefore, it is necessary to assess such risks of attacks properly. A direct-access attack in the field of automobiles is the latter type of attacks where an attacker connects unauthorized equipment to an in-vehicle network directly and attempts unauthorized access. But it has been considered as less realistic and evaluated less risky than other threats via network entry points by conventional risk assessment methods. We focused on reassessing threats via direct access attacks in proposing effective security design procedures for cyber-physical systems based on a guideline for automobiles, JASO TP15002. In this paper, we focus on “fitting to a specific area or viewpoint” of such a cyber-physical system, and devise a new risk quantification method, RSS-CWSS_CPS based on CWSS, which is also a vulnerability evaluation standard for ICT systems. It can quantify the characteristics of the physical boundaries in cyber-physical systems.
ER -