Call for Paper - October 2019 Edition
IJCA solicits original research papers for the October 2019 Edition. Last date of manuscript submission is September 20, 2019. Read More

Attack Tree Design and Analysis of Offshore Oil and Gas Process Complex SCADA System

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2019
Authors:
M. V. V. Siva Prasad, P. S. Avadhani
10.5120/ijca2019918440

Siva M V V Prasad and P S Avadhani. Attack Tree Design and Analysis of Offshore Oil and Gas Process Complex SCADA System. International Journal of Computer Applications 181(41):12-18, February 2019. BibTeX

@article{10.5120/ijca2019918440,
	author = {M. V. V. Siva Prasad and P. S. Avadhani},
	title = {Attack Tree Design and Analysis of Offshore Oil and Gas Process Complex SCADA System},
	journal = {International Journal of Computer Applications},
	issue_date = {February 2019},
	volume = {181},
	number = {41},
	month = {Feb},
	year = {2019},
	issn = {0975-8887},
	pages = {12-18},
	numpages = {7},
	url = {http://www.ijcaonline.org/archives/volume181/number41/30334-2019918440},
	doi = {10.5120/ijca2019918440},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Attack Trees are very important in the effort to secure Industrial Process Control Systems (ICS), because they aid directly in indicating the presence of vulnerabilities in network and how attackers use the vulnerabilities to implement an effective attack. Attack Tree design and analysis provide clues for the network security professionals on how an attacker exploits the vulnerability on the network to achieve goals. In this paper it will be illustrated for designing attack tree in Offshore Oil and Gas Process Complex SCADA System to identify various vulnerabilities. Using the vulnerabilities it presents how an attacker can take control of the SCADA system network and eventually affect hydrocarbons production.

References

  1. B. Schneier, “Modeling security threats,” Dr. Dobb’s Journal, 1999.
  2. Phillps C, Swiler L P, “A Graph-based System for Network Vulnerability Analysis”, Proceedings of the 1998 workshop on new security paradigms, VA, USA: ACM Press, pp. 71-79, 1998.
  3. Meadows C, “ A Representation of protocol attacks for risk assessment”, Network Threats, DIMACS series in Discrete Mathematics and Theoretical Computer Science, Vol 38, R.N. Wright and P.G. Neumann editors, American Mathematical Society, PP 1-10.
  4. J, Ramakrishman C, Skar R, “Model-based Vulnerability Analysis of Computer Systems”, Proceedings of the 2nd International Workshop on Verification, Pisa, Italy: Model Checking and Abstract Interpretation Press, pp. 1-81, 1998.
  5. Ammann P, Pamuls J, Ritchev R, “A Host Based Approach to Network Attack Chaining Analysis”, Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, USA: IEEE Computer Society Press, pp. 72-84, 2005
  6. N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security risk management using Bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 1, pp. 61–74, 2012.
  7. B. Ivanc and T. Klobucar, “Critical infrastructure attack modeling,” Elektrotehniski Vestnik, vol. 79, no. 4, pp. 193–196, 2012.re
  8. SecurI Tree, Amaneza Tech Limited, A Quick Tour of Attack Tree Based Risk Analysis using SecurI Tree, Technical report, 2002.
  9. Alexander Opel, “Design and Implementation of a Support Tool for Attack Trees, 2005.
  10. TANAT Threat ANd Attack Tree Modeling Plus Simulation, 2004, http://www13.informatik.tu-muenchen.de:8080/tanat.
  11. Stefan Einarsson and Marvin Rausand “An Approach to Vulnerability Analysis of complex industrial systems, Risk Analysis, 18(5): 535-545, 1998.
  12. Jan Stefan and Markus Schumacher, “Collaborative attack modeling in Proc.SAC 2002, pages 253-259, ACM 2002.
  13. J.P.Mcdermott, “Attack net penetration testing in Proc.2000, workshop on security paradigm, pages 15-20, ACM 2001.
  14. Mauw S., Oostdijk M.(2006)Foundations of Attack Trees. In: Won D.H., Kim S.(eds) Information Security and Cryptology – ICISC 2005. ICISC 2005. Lecture notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg.

Keywords

ICS, SCADA, MTU, TDMA, RTU