A Formal Model and Verification for HESTIA: An Automated, Adversary-Aware Risk Assessment Process for Cyber Infrastructure

Due to the characteristics and connectivity of today's critical infrastructure systems, cyber-attacks on these systems are currently difficult to prevent in an efficient and sustainable manner. Prevention and mitigation strategies need accurate identification and evaluation of: system vulnerabi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2022, Vol.10, p.83755-83792
Main Authors: Jillepalli, Ananth A., De Leon, Daniel Conte, Alves-Foss, Jim, Jeffery, Clinton L., Sheldon, Frederick T.
Format: Article
Language:English
Subjects:
Critical infrastructure
Cyber physical system security
Cyber-physical systems
Cybersecurity
formal security of critical infrastructure
Hardening
Organizations
Risk assessment
Risk management
Security
Semantics
Syntactics
Threat evaluation
Verification
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Due to the characteristics and connectivity of today's critical infrastructure systems, cyber-attacks on these systems are currently difficult to prevent in an efficient and sustainable manner. Prevention and mitigation strategies need accurate identification and evaluation of: system vulnerabilities, potential threats and attacks, and applicable hardening measures. Furthermore, the ability to prioritize hardening measures based on accurate assessments of risk is needed. In addition, the consideration of the availability, applicability, and cost of potential mitigation strategies is also needed. To address this challenge we created HESTIA: High-level and Extensible System for Training and Infrastructure risk Assessment. In this article we present a formal model of the HESTIA system. We then also present a formal verification of the HESTIA semantic model.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2022.3197195