Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Stride Methodology
Discussion
Conclusions
References
All Topics
Computer Science
Cybersecurity

STRIDE-based threat modeling for cyber-physical systems

Profile image of Sakir SezerSakir Sezer

2017

https://doi.org/10.1109/ISGTEUROPE.2017.8260283
visibility

description

7 pages

link

1 file

Abstract

Critical infrastructures and industrial control systems are complex Cyber-Physical Systems (CPS). To ensure reliable operations of such systems, comprehensive threat modeling during system design and validation is of paramount significance. Previous works in literature mostly focus on safety, risks and hazards in CPS but lack effective threat modeling necessary to eliminate cyber vulnerabilities. Further, impact of cyber attacks on physical processes is not fully understood. This paper presents a comprehensive threat modeling framework for CPS using STRIDE, a systematic approach for ensuring system security at the component level. This paper first devises a feasible and effective methodology for applying STRIDE and then demonstrates it against a real synchrophasor-based synchronous islanding testbed in the laboratory. It investigates (i) what threat types could emerge in each system component based on the security properties lacking, and (ii) how a vulnerability in a system component risks the entire system security. The paper identifies that STRIDE is a light-weight and effective threat modeling methodology for CPS that simplifies the task for security analysts to identify vulnerabilities and plan appropriate component level security measures at the system design stage.

Related papers

A model-based approach to security analysis for cyber-physical systems
carl elks

2018 Annual IEEE International Systems Conference (SysCon), 2018

Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.

View PDFchevron_right
Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System
Henry Dola

Computers & Security

Cyber threat modeling is an analytical process that is used for identifying the potential threats against a system and supporting the selection of security requirements in the early stages of the system development life cycle. Thus, threat modeling is a vital instrument for the realization of the secure-bydesign principle. Despite being a well-known practice in software development projects, its adaptation to cyber-physical systems still requires systematic elaboration. The complex interactions between cyber and physical spaces and their reflection on the cyber threat landscape constitute a significant challenge for the system development teams. This study proposes a detailed methodology to apply STRIDE to cyberphysical systems and demonstrates its applicability in a case study of a microgrid system. Our methodology provides a systematic threat elicitation procedure based on an attack taxonomy that was created for this research. This paper also shows how assets could be identified, data flow diagrams formed, trust boundaries determined, and threats prioritized, in the case of a cyber-physical system.

View PDFchevron_right
HVA_CPS proposal: a process for hazardous vulnerability analysis in distributed cyber-physical systems
Tawfik Al Hadhrami

PeerJ Computer Science

Society is increasingly dependent upon the use of distributed cyber-physical systems (CPSs), such as energy networks, chemical processing plants and transport systems. Such CPSs typically have multiple layers of protection to prevent harm to people or the CPS. However, if both the control and protection systems are vulnerable to cyber-attacks, an attack may cause CPS damage or breaches of safety. Such weaknesses in the combined control and protection system are described here as hazardous vulnerabilities (HVs). Providing assurance that a complex CPS has no HVs requires a rigorous process that first identifies potential hazard scenarios and then searches for possible ways that a cyber-attacker could cause them. This article identifies the attributes that a rigorous hazardous vulnerability analysis (HVA) process would require and compares them against related works. None fully meet the requirements for rigour. A solution is proposed, HVA_CPS, which does have the required attributes. H...

View PDFchevron_right
Fundamental Challenges of Cyber-Physical Systems Security Modeling
Cody Fleming

2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)

Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyberphysical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.

View PDFchevron_right
Threat Modeling for Cyber-Physical System-Of-Systems: Methods Evaluation
Carol Woody

2018

Addressing cybersecurity for а complex system, especially for а cyber-physical system-of-systems (CPSoS), requires the strategic view of and planning for the whole lifecycle of the system. For the purpose of this paper, cyber-physical system-of-systems is defined as a system, components of which operate and are managed independently [46]. Thus, components of a system-of-systems (i.e., systems by themselves) should be able to function fully and independently even when the system-of-systems is disassembled. These components are typically acquired separately and integrated later. Components of a system-of-systems may have a physical, cyber, or mixed nature. For the sake of simplicity, we will use the term cyber-physical system instead of cyber-physical system-of-systems.

View PDFchevron_right
Assessing Cyber-Physical Security in Industrial Control Systems
Martín Barrère

6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR), 2019

Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).

View PDFchevron_right
Aligning Cyber-Physical System Safety and Security
Giedre Sabaliauskaite

Springer eBooks, 2015

Safety and security are two key properties of Cyber-Physical Systems (CPS). Safety is aimed at protecting the systems from accidental failures in order to avoid hazards, while security is focused on protecting the systems from intentional attacks. They share identical goals-protecting CPS from failing. When aligned within a CPS, safety and security work well together in providing a solid foundation of an invincible CPS, while weak alignment may produce inefficient development and partially-protected systems. The need of such alignment has been recognized by the research community, the industry, as well as the International Society of Automation (ISA), which identified a need of alignment between safety and security standards ISA84 (IEC 61511) and ISA99 (IEC 62443). We propose an approach for aligning CPS safety and security at early development phases by synchronizing safety and security lifecycles based on ISA84 and ISA99 standards. The alignment is achieved by merging safety and security lifecycle phases, and developing an unified model-Failure-Attack-CounTermeasure (FACT) Graph. The FACT graph incorporates safety artefacts (fault trees and safety countermeasures) and security artefacts (attack trees and security countermeasures), and can be used during safety and security alignment analysis, as well as in later CPS development and operation phases, such as verification, validation, monitoring, and periodic safety and security assessment.

View PDFchevron_right
A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems
#Nandha Kandasamy#, Giedre Sabaliauskaite

Telecom, 2021

Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems.

View PDFchevron_right
Cybernetic modeling of Industrial Control Systems: Towards threat analysis of critical infrastructure
abhinav biswas

ArXiv, 2015

Industrial Control Systems (ICS) encompassing resources for process automation are subjected to a wide variety of security threats. The threat landscape is arising due to increased adoption of Commercial-of-the-shelf (COTS) products as well as the convergence of Internet and legacy systems. Prevalent security approaches for protection of critical infrastructure are scattered among various subsystems and modules of ICS networks. This demands a new state-of-the-art cybernetic model of ICS networks, which can help in threat analysis by providing a comprehensive view of the relationships and interactions between the subsystems. Towards this direction, the principles of the Viable System Model (VSM) are applied to introduce a conceptual recursive model of secure ICS networks that can drive cyber security decisions.

View PDFchevron_right
Dependency-based security risk assessment for cyber-physical systems
Sokratis Katsikas

International Journal of Information Security

A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their...

View PDFchevron_right

References (24)

  1. R. M. Lee, M. J. Assante, and T. Conway, "Analysis of the Cyber Attack on the Ukrainian Power Grid -Defense Use Case," in Technical Report, SANS ICS, March 2016.
  2. R. M. Lee, M. J. Assante, and T. Conway, "ICS CP/PE (Cyber-to- Physical or Process Effects) case study paper -German Steel Mill Cyber Attack," in Technical Report, SANS ICS, 2014.
  3. J. Slay and M. Miller, "Lessons Learned from the Maroochy Water Breach," in Critical Infrastructure Protection, 2008.
  4. R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, "Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid," in ICS-CSR conference, 2016.
  5. J. P. Farwell and R. Rohozinski, "Stuxnet and the Future of Cyber War," in Survival, vol. 53, no. 1, pp. 2340, 2011.
  6. I. M. Dragomir and S. S. Iliescu, "Synchrophasors Applications in Power System Monitoring, Protection and Control," in CSCS conference, 2015.
  7. I. Friedberg, D. Laverty, K. McLaughlin, and P. Smith, "A cyber-physical security analysis of synchronous-islanded microgrid operation," in ICS- CSR conference, 2015.
  8. R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, "IEEE C37.118- 2 Synchrophasor Communication Framework -Overview, Cyber Vul- nerabilities Analysis and Performance Evaluation," in 2nd International Conference on Information Systems Security and Privacy, 2016.
  9. Y. Wang, T. T. Gamage, and C. H. Hauser, "Security implications of transport layer protocols in power grid synchrophasor data communica- tion," IEEE Transactions on Smart Grid, 2016.
  10. R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, "Analysis of IEEE C37.118 and IEC 61850-90-5 Synchrophasor Communication Frameworks," in IEEE Power and Energy Society -General Meeting (IEEE PES-GM 2016), July 2016.
  11. L. Coppolino, S. DAntonio, and L. Romano, "Exposing Vulnerabilities in Electric Power Grids: An Experimental Approach," in International Journal of Critical Infrastructure Protection vol:7(1), pp:51-60, 2014.
  12. S. Pal, B. Sikdar, and J. Chow, "Real-time detection of packet drop attacks on synchrophasor data," in Smart Grid Communications (Smart- GridComm), 2014 IEEE International Conference on, 2014.
  13. T. Morris et al., "Cybersecurity Testing of Substation Phasor Measure- ment Units and Phasor Data Concentrators," in ACM CSIIRW, 2011.
  14. S. Paudel, P. Smith, and T. Zseby, "Data Integrity Attacks in Smart Grid Wide Area Monitoring," in ICS-CSR conference, 2016.
  15. D. Shepard, T. Humphreys, and A. Fansler, "Evaluation of the Vul- nerability of Phasor Measurement Units to GPS Spoofing Attacks," in International Journal of Critical Infrastructure Protection, 2012.
  16. W. Young and N. G. Leveson, "An Integrated Approach to Safety and Security Based on Systems Theory," in Commun. ACM, 2014.
  17. T. A. Kletz, "HAZOP and HAZAN: identifying and assessing process industry hazards," in IChemE, 1999.
  18. G. Macher, H. Sporer, R. Berlach, E. Armengaud, and C. Kreiner, "SAHARA: A security-aware hazard and risk analysis method," in Design, Automation Test in Europe Conference Exhibition (DATE), 2015.
  19. M. Abomhara, M. Gerdes, and G. M. Koien, "A STRIDE-Based Threat Model for Telehealth Systems," in NISK, 2015.
  20. M. Howard and S. Lipner, The Security Development Lifecycle. Red- mond, WA, USA: Microsoft Press, 2006.
  21. I. Friedberg, K. McLaughlin, P. Smith, D. Laverty, and S. Sezer, "STPA- SafeSec: Safety and Security Analysis for Cyber-Physical Systems," in Journal of Information Security and Applications, 2016.
  22. A. Shostack, "Threat Modeling -Designing for Security," in Wiley, 2014.
  23. D. M. Laverty et al., "The OpenPMU Project: Challenges and Perspec- tives," in IEEE PES-GM, 2013.
  24. E. B. Fernandez, "Threat Modeling in Cyber-Physical Systems," in Dependable, Autonomic and Secure Computing conference, 2016.

Related papers

Model-Based Risk Assessment for Cyber Physical Systems Security
Ashraf Tantawy

Computers & Security, 2020

Traditional techniques for Cyber-Physical Systems (CPS) security design either treat the cyber and physical systems independently, or do not address the specific vulnerabilities of real time embedded controllers and networks used to monitor and control physical processes. In this work, we develop and test an integrated model-based approach for CPS security risk assessment utilizing a CPS testbed with real-world industrial controllers and communication protocols. The testbed monitors and controls an exothermic Continuous Stirred Tank Reactor (CSTR) simulated in real-time. CSTR is a fundamental process unit in many industries, including Oil & Gas, Petrochemicals, Water treatment, and nuclear industry. In addition, the process is rich in terms of hazardous scenarios that could be triggered by cyber attacks due to the lack of possible mechanical protection. The paper presents an integrated approach to analyze and design the cyber security system for a given CPS where the physical threats are identified first to guide the risk assessment process. A mathematical model is derived for the physical system using a hybrid automaton to enumerate potential hazardous states of the system. The cyber system is then analyzed using network and data flow models to develop the attack scenarios that may lead to the identified hazards. Finally, the attack scenarios are performed on the testbed and observations are obtained on the possible ways to prevent and mitigate the attacks. The insights gained from the experiments result in several key findings, including the expressive power of hybrid automaton in security risk assessment, the hazard development time and its impact on cyber security design, and the tight coupling between the physical and the cyber systems for CPS that requires an integrated design approach to achieve cost-effective and secure designs.

View PDFchevron_right
Threat Modeling of Cyber-Physical Systems in Practice
Lotfi Ben Othmane

2021

Traditional Cyber-physical Systems (CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technology (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in security consultation companies, software engineering companies, an Original Equipment Manufacturer (OEM), and ground and areal vehicles integrators. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they...

View PDFchevron_right
Hazard Driven Threat Modelling for Cyber Physical Systems
Luca Castiglione

Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, 2020

Adversarial actors have shown their ability to infiltrate enterprise networks deployed around Cyber Physical Systems (CPSs) through social engineering, credential stealing and file-less infections. When inside, they can gain enough privileges to maliciously call legitimate APIs and apply unsafe control actions to degrade the system performance and undermine its safety. Our work lies at the intersection of security and safety, and aims to understand dependencies among security, reliability and safety in CPS/IoT. We present a methodology to perform hazard driven threat modelling and impact assessment in the context of CPSs. The process starts from the analysis of behavioural, functional and architectural models of the CPS. We then apply System Theoretic Process Analysis (STPA) on the functional model to highlight high-level abuse cases. We leverage a mapping between the architectural and the system theoretic (ST) models to enumerate those components whose impairment provides the attacker with enough privileges to tamper with or disrupt the data-flows. This enables us to find a causal connection between the attack surface (in the architectural model) and system level losses. We then link the behavioural and system theoretic representations of the CPS to quantify the impact of the attack. Using our methodology it is possible to compute a comprehensive attack graph of the known attack paths and to perform both a qualitative and quantitative impact assessment of the exploitation of vulnerabilities affecting target nodes. The framework and methodology are illustrated using a small scale example featuring a Communication Based Train Control (CBTC) system. Aspects regarding the scalability of our methodology and its application in real world scenarios are also considered. Finally, we discuss the possibility of using the results obtained to engineer both design time and real time defensive mechanisms. CCS CONCEPTS • Security and privacy → Distributed systems security; Information flow control.

View PDFchevron_right
An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security
carl elks

2020

Characterizing attacker behavior with respect to Cyber-Physical Systems is important to assuring the security posture and resilience of these systems. Classical cyber vulnerability assessment approaches rely on the knowledge and experience of cyber-security experts to conduct security analyses and can be inconsistent where the experts' knowledge and experience are lacking. This paper proposes a flexible attacker modeling framework that aids in the security analysis process by simulating a diverse set of attacker behaviors to predict attack progression and provide consistent system vulnerability analysis. The model proposes an expanded architecture of vulnerability databases to maximize its effectiveness and consistency in detecting CPS vulnerabilities while being compatible with existing vulnerability databases. The model has the power to be implemented and simulated against an actual or virtual CPS. Execution of the attacker model is demonstrated against a simulated industrial ...

View PDFchevron_right
Towards a systematic threat modeling approach for cyber-physical systems
Gonçalo Martins

2015 Resilience Week (RWS), 2015

Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of attacks. In this paper, it is argued that an effective approach to achieve this goal is to systematically identify the potential threats at the design phase of building such systems, commonly achieved via threat modeling. In this context, a tool to perform systematic analysis of threat modeling for CPS is proposed. A real-world wireless railway temperature monitoring system is used as a case study to validate the proposed approach. The threats identified in the system are subsequently mitigated using National Institute of Standards and Technology (NIST) standards.

View PDFchevron_right

Related topics

  • Computer Science
  • Computer Security
  • Cyber Defence
  • Threat Modeling
  • Cyber Physical System
  • Cyber Attacks

    • Cited by

    Cybersecurity in unmanned aerial vehicles (UAVs)
    Bora Ly

    Journal of Cyber Security Technology

    For the investigation, the security factor is crucial as Unmanned Aerial Vehicles (UAVs) become prevalent, and their operational range grows exponentially. This research is a comprehensive literature review investigating which cyber-attacks are most frequent and what consequences they cause in civilian UAV attacks. The cyber threats described in this study are categorized using the STRIDE attack paradigm, the challenge they pose, and the appropriate equipment for the attack. The most common forms of UAV cyberattack and the most effective result are spoofing and denial of service attacks. No difficult-to-reach device is needed for any attack style, meaning that the security state currently requires enhancements to civilian use of UAVs in most cases.

    View PDFchevron_right
    Operational Technology on Construction Sites: A Review from the Cybersecurity Perspective
    Semih Sonkor

    Journal of Construction Engineering and Management

    The digital transformation in the construction industry affects how information is exchanged and disrupts the way construction sites operate. The levels of operational technology (OT) to control and monitor site activities by utilizing robotic, autonomous, and remotely controlled machines raise cybersecurity concerns. As construction sites are places where humans and machines work together, the potential safety outcomes of cybersecurity vulnerabilities are magnified. This study's motivation was to understand the current state of the art and identify gaps to suggest future directions regarding OT in construction from the cybersecurity perspective. To achieve that, a bibliometric analysis was conducted. The analysis utilized the Scopus database to retrieve related publications and VOSviewer version 1.6.15 software to visualize bibliometric networks. Main research themes were identified, and each theme was reviewed from a cybersecurity perspective. The limitations of the analysis include the lack of industry-based categorization, the domination of publications focusing on the cybersecurity of industrial control systems (ICSs), and the set of keyword combinations used for the literature search that could be expanded to cover a broader range of research topics. The findings reveal the lack of focus on the construction phase in the construction cybersecurity research. Moreover, cybersecurity aspects are absent in the construction automation studies, and there is a need for bespoke threat modeling and intrusion detection systems for all the phases of construction projects. Suggestions for further research on the potential threats against the construction phase are provided. Future directions include possible adaptations of the available cybersecurity frameworks considering the utilization of OT on construction sites and investigating the methods to evaluate security levels on construction sites and countermeasures against cyberattacks.

    View PDFchevron_right
    Threat Modeling of Cyber-Physical Systems in Practice
    Ameerah Jamil

    Lecture Notes in Computer Science

    Traditional Cyber-physical Systems (CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technology (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in security consultation companies, software engineering companies, an Original Equipment Manufacturer (OEM), and ground and areal vehicles integrators. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they perform threat modeling of given CPSs. Key challenges practitioners face are: they cannot transfer the threat modeling knowledge that they acquire in a cyberphysical domain to other domains, threat models of modified systems are often not updated, and the reliance on mostly peer-evaluation and quality checklists to ensure the quality of threat models. The study warns about the difficulty to develop secure CPSs and calls for research on developing practical threat modeling methods for CPSs, techniques for continuous threat modeling, and techniques to ensure the quality of threat models.

    View PDFchevron_right
    Securing and Hardening Embedded Linux Devices - case study based on NXP i.MX6 Platform
    Marcin Bajer

    2022 9th International Conference on Future Internet of Things and Cloud (FiCloud)

    We have already gotten used to the fact software has become an integral part of almost every device we use. We are slowly getting used to our devices being interconnected with each other, controlling and monitoring crucial elements of our daily life and exchanging our private data. We are putting more and more trust in the embedded devices that are designed to help us out. Securing embedded devices was always a challenging task, but ubiquitous connectivity made it even much more important and difficult. As devices become smarter and highly interconnected there is more room for cybercriminals to exploit the system's vulnerabilities to issue malicious control commands or create data breaches. The purpose of this paper is to describe the main security measures for protecting embedded Linux-based systems. It describes details of the implementation of a secure boot and a secure storage mechanism using embedded hardware features of NXP i.MX6 platform. In addition, the paper discusses methods for secure connection to the cloud and device provisioning with the support of TPM module. Overall, it provides practical guidelines on how to develop an embedded Linux device having security considerations in mind and summarizes the current state of knowledge on the topic.

    View PDFchevron_right
    Modeling Threats to AI-ML Systems Using STRIDE
    Ernesto Damiani

    Sensors

    The application of emerging technologies, such as Artificial Intelligence (AI), entails risks that need to be addressed to ensure secure and trustworthy socio-technical infrastructures. Machine Learning (ML), the most developed subfield of AI, allows for improved decision-making processes. However, ML models exhibit specific vulnerabilities that conventional IT systems are not subject to. As systems incorporating ML components become increasingly pervasive, the need to provide security practitioners with threat modeling tailored to the specific AI-ML pipeline is of paramount importance. Currently, there exist no well-established approach accounting for the entire ML life-cycle in the identification and analysis of threats targeting ML techniques. In this paper, we propose an asset-centered methodology—STRIDE-AI—for assessing the security of AI-ML-based systems. We discuss how to apply the FMEA process to identify how assets generated and used at different stages of the ML life-cycle...

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved