Publications
27 results found
Barrère M, Hankin C, OReilly D, 2023, Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems, Computers & Security, Vol: 132, Pages: 1-13, ISSN: 0167-4048
Attack graphs are a fundamental security tool focused on depicting how multi-stage attacks can be carried out through a network to compromise specific assets and systems. While attack graphs have been widely utilised in the IT cyber domain, their use in Operational Technology (OT) environments requires new approaches able to properly model and analyse Cyber-Physical Systems (CPS). In this paper, we introduce Cyber-Physical Attack Graphs (CPAGs) as a class of attack graphs able to cover both cyber and physical aspects. CPAGs aim at extending the reach of standard attack graphs to cyber-physical networks typically observed in industrial environments and critical infrastructure systems, analyse how an attacker can move within the network, and understand the impact that these actions may have on the system. We propose a constructive methodology to design CPAGs backed up by a formal rule-based approach that specifies how integral parts of the model can be generated and later composed to build more complex CPAGs. We then explore the semantics of CPAGs associated to cyber and physical attack actions as well as their impact on CPS environments. We also discuss potential CPAG-based analysis techniques and focus on risk analysis using Bayesian CPAGs. Finally, we show the application of the proposed model over a realistic scenario on smart farming using our open source tool T-CITY.
Barrere Cambrun M, Hankin C, 2021, Analysing mission-critical cyber-physical systems with AND/OR graphs and MaxSAT, ACM Transactions on Cyber-Physical Systems, Vol: 5, Pages: 1-29, ISSN: 2378-962X
Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission, for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this paper, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space in order to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.
Barrere Cambrun M, Hankin C, 2020, MaxSAT Evaluation 2020 - Benchmark: Identifying maximum probability minimal cut sets in fault trees, MaxSAT Evaluation 2020 (affiliated with SAT 2020), Publisher: University of Helsinki, Department of Computer Science
This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as the optimal cost and solution for each case.
Barrere M, Hankin C, Nicolau N, et al., 2020, Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies, Journal of Information Security and Applications, Vol: 52, Pages: 1-17, ISSN: 2214-2126
In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).
Barrere Cambrun M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT, 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020), Publisher: IEEE
In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient.
Barrère M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT., Publisher: IEEE, Pages: 53-54
Hankin C, Barrère M, 2020, Trustworthy Inter-connected Cyber-Physical Systems, Critical Information Infrastructures Security, Publisher: Springer International Publishing, Pages: 3-13, ISBN: 9783030582944
In this paper we identify some of the particular challenges that are encountered when trying to secure cyber-physical systems. We describe three of our current activities: the architecture of a system for monitoring cyber-physical systems; a new approach to modelling dependencies in such systems which leads to a measurement of the security of the system – interpreted as the least effort that an attacker has to expend to compromise the operation; and an approach to optimising the diversity of products used in a system with a view to slowing the propagation of malware. We conclude by discussing how these different threads of work contribute to meeting the challenges and identify possible avenues for future development, as well as providing some pointers to other work.
Barrere Cambrun M, Hankin C, Nicolaou N, et al., 2019, MaxSAT Evaluation 2019 - Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs, MaxSAT Evaluation 2019 (affiliated with SAT 2019), Pages: 32-33
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case.
Barrère M, Hankin C, Eliades DG, et al., 2019, Assessing cyber-physical security in industrial control systems, 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Publisher: BCS Learning & Development, Pages: 49-58
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
Barrère M, Hankin C, Nicolau N, et al., 2019, Identifying security-critical cyber-physical components in industrial control systems, Publisher: arxiv
In recent years, Industrial Control Systems (ICS) have become an appealingtarget for cyber attacks, having massive destructive consequences. Securitymetrics are therefore essential to assess their security posture. In thispaper, we present a novel ICS security metric based on AND/OR graphs thatrepresent cyber-physical dependencies among network components. Our metric isable to efficiently identify sets of critical cyber-physical components, withminimal cost for an attacker, such that if compromised, the system would enterinto a non-operational state. We address this problem by efficientlytransforming the input AND/OR graph-based model into a weighted logical formulathat is then used to build and solve a Weighted Partial MAX-SAT problem. Ourtool, META4ICS, leverages state-of-the-art techniques from the field of logicalsatisfiability optimisation in order to achieve efficient computation times.Our experimental results indicate that the proposed security metric canefficiently scale to networks with thousands of nodes and be computed inseconds. In addition, we present a case study where we have used our system toanalyse the security posture of a realistic water transport network. We discussour findings on the plant as well as further security applications of ourmetric.
Munoz Gonzalez L, Sgandurra D, Barrere Cambrun M, et al., 2019, Exact Inference Techniques for the Analysis of Bayesian Attack Graphs, IEEE Transactions on Dependable and Secure Computing, Vol: 16, Pages: 231-244, ISSN: 1941-0018
Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.
Barrere Cambrun M, Hankin C, Barboni A, et al., 2019, CPS-MT: a real-time cyber-physical system monitoring tool for security Research, 24th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA2018), Publisher: IEEE
Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT’s capabilities and limitations for security applications.
Steiner RV, Barrère M, Lupu E, 2018, WSNs Under Attack! How Bad Is It? Evaluating Connectivity Impact Using Centrality Measures, Living in the Internet of Things: Cybersecurity of the IoT - 2018
We propose a model to represent the health of WSNs that allows us to evaluate a network’s ability to execute its functions. Central to this model is how we quantify the importance of each network node. As we focus on the availability of the network data, we investigate how well different centrality measures identify the significance of each node for the network connectivity. In this process, we propose a new metric named current-flow sink betweenness. Through a number of experiments, we demonstrate that while no metric is invariably better in identifying sensors’ connectivity relevance, the proposed current-flow sink betweenness outperforms existing metrics in the vast majority of cases.
Barrere Cambrun M, Vieira Steiner R, Mohsen R, et al., 2018, Tracking the bad guys: an efficient forensic methodology to trace multi-step attacks using core attack graphs, 13th International Conference on Network and Service Management (CNSM'17), Publisher: IEEE, ISSN: 2165-963X
In this paper, we describe an efficient methodology to guide investigators during network forensic analysis. To this end, we introduce the concept of core attack graph, a compact representation of the main routes an attacker can take towards specific network targets. Such compactness allows forensic investigators to focus their efforts on critical nodes that are more likely to be part of attack paths, thus reducing the overall number of nodes (devices, network privileges) that need to be examined. Nevertheless, core graphs also allow investigators to hierarchically explore the graph in order to retrieve different levels of summarised information. We have evaluated our approach over different network topologies varying parameters such as network size, density, and forensic evaluation threshold. Our results demonstrate that we can achieve the same level of accuracy provided by standard logical attack graphs while significantly reducing the exploration rate of the network.
Barrere M, Lupu EC, 2017, Naggen: a Network Attack Graph GENeration tool, 2017 IEEE Conference on Communications and Network Security, CNS 2017, Publisher: IEEE, Pages: 378-379
Attack graphs constitute a powerful security tool aimed at modelling the many ways in which an attacker may compromise different assets in a network. Despite their usefulness in several security-related activities (e.g. hardening, monitoring, forensics), the complexity of these graphs can massively grow as the network becomes denser and larger, thus defying their practical usability. In this presentation, we first describe some of the problems that currently challenge the practical use of attack graphs. We then explain our approach based on core attack graphs, a novel perspective to address attack graph complexity. Finally, we present Naggen, a tool for generating, visualising and exploring core attack graphs. We use Naggen to show the advantages of our approach on different security applications.
Barrere Cambrun M, BETARTE G, CODOCEDO V, et al., 2015, Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery, What can FCA do for Artificial Intelligence? (FCA4AI'15), Publisher: CEUR
Over the last years, computer networks have evolved intohighly dynamic and interconnected environments, involving multiple heterogeneousdevices and providing a myriad of services on top of them.This complex landscape has made it extremely difficult for security administratorsto keep accurate and be effective in protecting their systemsagainst cyber threats. In this paper, we describe our vision and scientificposture on how artificial intelligence techniques and a smart use of securityknowledge may assist system administrators in better defendingtheir networks. To that end, we put forward a research roadmap involvingthree complimentary axes, namely, (I) the use of FCA-based mechanismsfor managing configuration vulnerabilities, (II) the exploitation ofknowledge representation techniques for automated security reasoning,and (III) the design of a cyber threat intelligence mechanism as a CKDDprocess. Then, we describe a machine-assisted process for cyber threatanalysis which provides a holistic perspective of how these three researchaxes are integrated together.
Barrere M, Badonnel R, Festor O, 2014, A SAT-based Autonomous Strategy for Security Vulnerability Management, 14th IEEE/IFIP Network Operations and Management Symposium (NOMS), Publisher: IEEE, ISSN: 1542-1201
Barrere M, Badonnel R, Festor O, 2014, Vulnerability Assessment in Autonomic Networks and Services: A Survey, IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, Vol: 16, Pages: 988-1004
- Author Web Link
- Open Access Link
- Cite
- Citations: 9
Barrère M, Hurel G, Badonnel R, et al., 2013, Increasing Android Security using a Lightweight OVAL-based Vulnerability Assessment Framework, Automated Security Management, Editors: Al-Shaer, Ou, Xie, Publisher: Springer International Publishing, Pages: 41-58, ISBN: 9783319014326
Barrere M, Hurel G, Badonnel R, et al., 2013, Ovaldroid: an OVAL-based Vulnerability Assessment Framework for Android, 13th IFIP/IEEE International Symposium on Integrated Network Management (IM), Publisher: IEEE, Pages: 1074-1075
- Author Web Link
- Cite
- Citations: 2
Barrere M, Hurel G, Badonnel R, et al., 2013, A Probabilistic Cost-efficient Approach for Mobile Security Assessment, 9th International Conference on Network and Service Management (CNSM), Publisher: IEEE, Pages: 235-242, ISSN: 2165-9605
- Author Web Link
- Cite
- Citations: 2
Barrere M, Badonnel R, Festor O, 2013, Improving Present Security through the Detection of Past Hidden Vulnerable States, 13th IFIP/IEEE International Symposium on Integrated Network Management (IM), Publisher: IEEE, Pages: 471-477
Barrère M, Badonnel R, Festor O, 2012, Collaborative remediation of configuration vulnerabilities in autonomic networks and systems, Pages: 357-363
Autonomic computing has become an important paradigm for dealing with large scale network management. However, changes operated by administrators and self-governed entities may generate vulnerable configurations increasing the exposure to security attacks. In this paper, we propose a novel approach for supporting collaborative treatments in order to remediate known security vulnerabilities in autonomic networks and systems. We put forward a mathematical formulation of vulnerability treatments as well as an XCCDF-based language for specifying them in a machine-readable manner. We describe a collaborative framework for performing these treatments taking advantage of optimized algorithms, and evaluate its performance in order to show the feasibility of our solution. © 2012 IFIP.
Barrere M, Badonnel R, Festor O, 2012, Towards the Assessment of Distributed Vulnerabilities in Autonomic Networks and Systems, 13th IEEE/IFIP Network Operations and Management Symposium, Publisher: IEEE, Pages: 335-342, ISSN: 1542-1201
- Author Web Link
- Cite
- Citations: 5
Barrère M, Badonnel R, Festor O, 2011, Supporting vulnerability awareness in autonomic networks and systems with OVAL
Changes that are operated by autonomic networks and systems may generate vulnerabilities and increase the exposure to security attacks. We present in this paper a new approach for increasing vulnerability awareness in such self-managed environments. Our objective is to enable autonomic networks to take advantage of the knowledge provided by vulnerability descriptions in order to maintain safe configurations. In that context, we propose a modeling and an architecture for automatically translating these descriptions into policy rules that are interpretable by an autonomic configuration system. We also describe an implementation prototype and evaluate its performance through an extensive set of experiments. © 2011 IFIP.
Barrere M, Betarte G, Rodriguez M, 2011, Towards machine-assisted formal procedures for the collection of digital evidence, 9th Annual International Conference on Privacy, Security and Trust, Publisher: IEEE, Pages: 32-35, ISSN: 1712-364X
- Author Web Link
- Cite
- Citations: 1
Barrere M, Badonnel R, Festor O, 2011, Towards Vulnerability Prevention in Autonomic Networks and Systems, 5th International Conference on Autonomous Infrastructure, Management, and Security (AIMS), Publisher: SPRINGER-VERLAG BERLIN, Pages: 65-68, ISSN: 0302-9743
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.