Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incident...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2019-06
Main Authors: Alrimawi, Faeq, Pasquale, Liliana, Mehta, Deepak, Yoshioka, Nobukazu, Nuseibeh, Bashar
Format: Article
Language:English
Subjects:
Automation
Cyber-physical systems
Knowledge representation
Knowledge sharing
Organizations
Smart buildings
Transportation systems
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Alrimawi, Faeq
Pasquale, Liliana
Mehta, Deepak
Yoshioka, Nobukazu
Nuseibeh, Bashar
description Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2250835832</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2250835832</sourcerecordid><originalsourceid>FETCH-proquest_journals_22508358323</originalsourceid><addsrcrecordid>eNqNjMsKwjAURIMgWNR_uODWQk2MFnciiuIDse4l1ts2UhPNA8nf24Xg1tXMYQ7TIhFlbBSnY0o7pG_tPUkSOplSzllE_Ebl8obKWZgbhD0K5aDQBnYojJKqHMJBOzjhE4VrcAZZJUxTYKv0u8ZbiTC_au8gw9wb6QL8HqWCRbiiiY9VsDIXNWTBOnzYHmkXorbY_2aXDFbL82IdP41-ebTuctfeqGa6UMqTlPGUUfaf9QHmwEvv</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2250835832</pqid></control><display><type>article</type><title>Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems</title><source>Publicly Available Content Database</source><creator>Alrimawi, Faeq ; Pasquale, Liliana ; Mehta, Deepak ; Yoshioka, Nobukazu ; Nuseibeh, Bashar</creator><creatorcontrib>Alrimawi, Faeq ; Pasquale, Liliana ; Mehta, Deepak ; Yoshioka, Nobukazu ; Nuseibeh, Bashar</creatorcontrib><description>Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Automation ; Cyber-physical systems ; Knowledge representation ; Knowledge sharing ; Organizations ; Smart buildings ; Transportation systems</subject><ispartof>arXiv.org, 2019-06</ispartof><rights>2019. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2250835832?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Alrimawi, Faeq</creatorcontrib><creatorcontrib>Pasquale, Liliana</creatorcontrib><creatorcontrib>Mehta, Deepak</creatorcontrib><creatorcontrib>Yoshioka, Nobukazu</creatorcontrib><creatorcontrib>Nuseibeh, Bashar</creatorcontrib><title>Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems</title><title>arXiv.org</title><description>Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.</description><subject>Automation</subject><subject>Cyber-physical systems</subject><subject>Knowledge representation</subject><subject>Knowledge sharing</subject><subject>Organizations</subject><subject>Smart buildings</subject><subject>Transportation systems</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNjMsKwjAURIMgWNR_uODWQk2MFnciiuIDse4l1ts2UhPNA8nf24Xg1tXMYQ7TIhFlbBSnY0o7pG_tPUkSOplSzllE_Ebl8obKWZgbhD0K5aDQBnYojJKqHMJBOzjhE4VrcAZZJUxTYKv0u8ZbiTC_au8gw9wb6QL8HqWCRbiiiY9VsDIXNWTBOnzYHmkXorbY_2aXDFbL82IdP41-ebTuctfeqGa6UMqTlPGUUfaf9QHmwEvv</recordid><startdate>20190629</startdate><enddate>20190629</enddate><creator>Alrimawi, Faeq</creator><creator>Pasquale, Liliana</creator><creator>Mehta, Deepak</creator><creator>Yoshioka, Nobukazu</creator><creator>Nuseibeh, Bashar</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20190629</creationdate><title>Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems</title><author>Alrimawi, Faeq ; Pasquale, Liliana ; Mehta, Deepak ; Yoshioka, Nobukazu ; Nuseibeh, Bashar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_22508358323</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Automation</topic><topic>Cyber-physical systems</topic><topic>Knowledge representation</topic><topic>Knowledge sharing</topic><topic>Organizations</topic><topic>Smart buildings</topic><topic>Transportation systems</topic><toplevel>online_resources</toplevel><creatorcontrib>Alrimawi, Faeq</creatorcontrib><creatorcontrib>Pasquale, Liliana</creatorcontrib><creatorcontrib>Mehta, Deepak</creatorcontrib><creatorcontrib>Yoshioka, Nobukazu</creatorcontrib><creatorcontrib>Nuseibeh, Bashar</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Alrimawi, Faeq</au><au>Pasquale, Liliana</au><au>Mehta, Deepak</au><au>Yoshioka, Nobukazu</au><au>Nuseibeh, Bashar</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems</atitle><jtitle>arXiv.org</jtitle><date>2019-06-29</date><risdate>2019</risdate><eissn>2331-8422</eissn><abstract>Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2019-06
issn 2331-8422
language eng
recordid cdi_proquest_journals_2250835832
source Publicly Available Content Database
subjects Automation
Cyber-physical systems
Knowledge representation
Knowledge sharing
Organizations
Smart buildings
Transportation systems
title Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T05%3A50%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Incidents%20Are%20Meant%20for%20Learning,%20Not%20Repeating:%20Sharing%20Knowledge%20About%20Security%20Incidents%20in%20Cyber-Physical%20Systems&rft.jtitle=arXiv.org&rft.au=Alrimawi,%20Faeq&rft.date=2019-06-29&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2250835832%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_22508358323%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2250835832&rft_id=info:pmid/&rfr_iscdi=true