CRNov 18, 2020
Assessment of System-Level Cyber Attack Vulnerability for Connected and Autonomous Vehicles Using Bayesian NetworksGurcan Comert, Mashrur Chowdhury, David M. Nicol
This study presents a methodology to quantify vulnerability of cyber attacks and their impacts based on probabilistic graphical models for intelligent transportation systems under connected and autonomous vehicles framework. Cyber attack vulnerabilities from various types and their impacts are calculated for intelligent signals and cooperative adaptive cruise control (CACC) applications based on the selected performance measures. Numerical examples are given that show impact of vulnerabilities in terms of average intersection queue lengths, number of stops, average speed, and delays. At a signalized network with and without redundant systems, vulnerability can increase average queues and delays by $3\%$ and $15\%$ and $4\%$ and $17\%$, respectively. For CACC application, impact levels reach to $50\%$ delay difference on average when low amount of speed information is perturbed. When significantly different speed characteristics are inserted by an attacker, delay difference increases beyond $100\%$ of normal traffic conditions.
CRMay 29, 2014
Automatic Generation of Security Argument GraphsNils Ole Tippenhauer, William G. Temple, An Hoa Vu et al.
Graph-based assessment formalisms have proven to be useful in the safety, dependability, and security communities to help stakeholders manage risk and maintain appropriate documentation throughout the system lifecycle. In this paper, we propose a set of methods to automatically construct security argument graphs, a graphical formalism that integrates various security-related information to argue about the security level of a system. Our approach is to generate the graph in a progressive manner by exploiting logical relationships among pieces of diverse input information. Using those emergent argument patterns as a starting point, we define a set of extension templates that can be applied iteratively to grow a security argument graph. Using a scenario from the electric power sector, we demonstrate the graph generation process and highlight its application for system security evaluation in our prototype software tool, CyberSAGE.