Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2014, Vol. 54 Issue (1) : 44-52     DOI:
Orginal Article |
Attack graph generation method based the security domain on industrial control systems
Dejin WANG1(),Changqing JIANG2,Yong PENG2
1. University of International Relations, Beijing 100091, China
2. China Information Technology Security Evaluation Center, Beijing 100085, China
Download: PDF(1709 KB)   HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks     Supporting Info
Guide   
Abstract  

An attack graph technique is given for industrial control systems (ICS) that simplifies the complexity of the attack graph generation based on the characteristics of the control system network structure. The characteristics of the control system's hierarchical structure were analyzed to develop a host security domain and a network security domain. The network is divided into some security domains so that the attack patterns (remote/local) and other factors can be separated to reduce the complexity of the attack graph generation. Consequently, this method improves the production efficiency and simplifies the attack graph scale. The method is tested in a virtual network environment.
Keywords industrial control systems (ICS)      attack graph      security domain      risk assessment     
ZTFLH:     
Fund: 
Issue Date: 15 January 2014
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
Dejin WANG
Changqing JIANG
Yong PENG
Cite this article:   
Dejin WANG,Changqing JIANG,Yong PENG. Attack graph generation method based the security domain on industrial control systems[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 44-52.
URL:  
http://jst.tsinghuajournals.com/EN/     OR     http://jst.tsinghuajournals.com/EN/Y2014/V54/I1/44
  
  
  
  
  
  
  
  
  
主机 安装的软件/固件 版本 漏洞
用户PC1 WindowsXP 32位Sp3 CVE-2008-4250
CVE-2008-1083
用户PC2 WindowsXP 32位Sp3 CVE-2008-4250
CVE-2008-1083
用户PC3 Windows 2003 32位Sp3 CVE-2008-4250
CVE-2008-1083
操作员站1 WindowsXP
Siemens WinCC		 32位Sp2
7.2以下		 CVE-2011-4537
CVE-2008-1083
操作员站2 WindowsXP
Siemens WinCC		 32位Sp2
7.2以下		 CVE-2011-4537
CVE-2008-1083
工程师站 WindowsXP
Siemens Step7		 32位Sp2
8.0 SP1		 CVE-2012-3015
CVE-2008-1083
西门PLC Siemens CP 1604CP1616 固件版本低于2.5.2 CVE-2013-0659
施耐PLC Quantum140NOE77101 Firmware 4.9及之前版本 CVE-2011-4859
  
漏洞编号 描述
CVE-2008-4250 Windows XP(SP2、 SP3), Windows 2003(SP1、 SP2)存在漏洞,允许攻击者发送特制的RPC请求,达成运行任意代码漏洞。
CVE-2008-1083 Windows XP(SP2), Windows 2003(SP1、 SP2)内核存在漏洞,允许攻击者发送特制的数据包,达成特权提升攻击。
CVE-2011-4537 Siemens WinCC 7.2之前版本上的RegReader ActiveX控件存在缓冲区溢出漏洞,例如会使用在SIMATIC PCS7 8.0 SP1之前版本上,将允许远程攻击者通过超长参数执行任意代码。
CVE-2012-3015 Siemens SIMATIC STEP7 5.5 SP1之前版本的DLL存在加载漏洞,例如用在SIMATIC PCS7 7.1 SP3及之前版本,可以使得远程用户获得特权。
CVE-2013-0659 Siemens CP 1604和CP1616(固件版本低于2.5.2)工业以太网通信模块的调试特性允许远程攻击者通过发送特制的报文达成执行任意代码攻击。
CVE-2011-4859 Schnerder Electric Modicon Quantum以太网模块存在漏洞,允许远程攻击者利用漏洞查看系统配置,执行任意代码等。
  
区域 节点数 漏洞数/
节点		 local漏洞数/
remote漏洞数		 权限 状态数
2# 3 2 1/1 3 18
3# 3 2 1/1 3 18
4# 2 1 0/1 2 4
  
  
  
[1] 彭勇, 江常青, 谢丰, 等. 工业控制系统信息安全研究进展 [J]. 清华大学学报: 自然科学版, 2012, 52(10): 1396-1408. PENG Yong, JIANG Changqing, XIE Feng, et al.Industrial control system cyber security research[J]. Journal of Tsinghua University: Science and Technology, 2012, 52(10): 1396-1408. (in chinese).
url: http://www.cnki.com.cn/Article/CJFDTotal-QHXB201210014.htm
[2] Ammann P, Wijesekera D, KaushikS. Scalable, graph-based network vulnerability analysis [C] //Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, USA: Association for Computing Machinery Press, 2002. 217-224.
[3] 胡欣, 孙永林, 王勇军. 一种基于网络安全梯度的攻击图生成并行化方法[J]. 计算机应用与软件, 2011, 28(11): 25-29. HU Xin, SUN Yonglin, WANG Yongjun. A network security grade based attack graph generation parallel approach[J]. Computer Applications and Software, 2011, 28(11): 25-29.
url: http://www.cnki.com.cn/Article/CJFDTotal-JYRJ201111009.htm
[4] Swiler L P, Phillips C, Ellis D, et al.Computer-attack graph generation tool [C] //Proceedings of DARPA Information Survivability Conference and Exposition. Anaheim, USA: IEEE Computer Society, 2001: 1307-1321.
[5] Swiler L P, Phillips C, Gaylor T. A graph-based network-vulnerability analysis system, SAND97-3010/1 [R]. Albuquerque, USA: Sandia National Laboratories, 1998.
[6] NIST SP800-82. Guide to Industrial Control Systems (ICS) Security[S]. Gaithersburg, USA: National Institute of Standards and Technology (NIST), 2011.
[7] Ritchey R W, Ammann P. Using model checking to analyze network vulnerabilities [C]// Proceedings of 2000 IEEE Computer Society Symposium on Security and Privacy. Oakland, USA: IEEE Computer Society, 2000: 156-165.
[8] OU Xinming. A Logic-programming Approach to Network Security Analysis[M]. Princeton, USA: Princeton University, 2005.
[9] Ralston P A S, Graham J H, Hieb J L. Cyber security risk assessment for SCADA and DCS networks[J]. ISA Transactions, 2007, 46(4): 583-594.
url: http://dx.doi.org/10.1016/j.isatra.2007.04.003
[10] Byres E J, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems [C]// International Infrastructure Survivability Workshop (IISW'04). Lisbon, Portugal: IEEE, 2004.
[11] Cheminod M, Bertolotti I C, Durante L, et al.Detecting chains of vulnerabilities in industrial networks[J]. Industrial Informatics, IEEE Transactions on, 2009, 5(2): 181-193.
url: http://dx.doi.org/10.1109/TII.2009.2018627
[12] Stouffer K, Falco J, Scarfone K. Guide to Industrial Control Systems (ICS) Security, NIST—National Institute of Standard and Technology, 2008, Final Public Draft [Z/OL]. (2013-08-20), http://csrc.nist.gov/publications/drafts/800- 82/draft_sp800-82-fpd.pdf.
[13] Ten C W, Liu C C, Govindarasu M. Vulnerability assessment of cybersecurity for SCADA systems[J] IEEE Transactions on Power Sytems, 2008, 23(4): 1836-1846.
url: http://dx.doi.org/10.1109/TPWRS.2008.2002298
[14] David A. Multiple Efforts to Secure Control Systems Are under Way, But Challenges Remain, GAO-07-1036 [R]. Washington DC, USA: US Government Accountability Office (US GAO), 2007.
[15] NIST SP800-82. Guide to Industrial Control Systems (ICS) Security[S]. Maryland, USA: National Institute of Standard and Technology (NIST), 2003.
[1] DU Yuji, FU Ming, DUANMU Weike, HOU Longfei, LI Jing. Risk assessment method of gas pipeline networks based on fuzzy analytic hierarchy process and improved coefficient of variation[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(6): 941-950.
[2] HU Jun, SHU Xueming, XIE Xuecai, YAN Jun, ZHANG Lei. Building fire insurance premium rate based on quantitative risk assessment[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(5): 775-782.
[3] SHEN Kaixin, HE Zhichao, WENG Wenguo. Synergistic physical effects of domino accidents in the chemical industry[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(10): 1559-1570.
[4] SHU Xueming, YAN Jun, HU Jun, WU Jinjin, DENG Boyu. Risk assessment model for building fires based on a Bayesian network[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(4): 321-327.
[5] CHEN Yu, WANG Na, WANG Jindong. An n-fold reduction of linguistic variables based on the triangular fuzzy numbers[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(8): 892-896.
[6] LI Zhoujun, WU Chunming, WANG Xiao. Assessment of Android application's risk behavior based on a sandbox system[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 453-460.
[7] MA Gang, DU Yuge, YANG Xi, ZHANG Bo, SHI Zhongzhi. Risk assessment expert system for the complex system[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 66-76,82.
[8] SU Boni, HUANG Hong, ZHANG Nan. Dynamic urban waterlogging risk assessment method based on scenario simulations[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(6): 684-690.
[9] ZHAO Jinlong, TANG Qing, HUANG Hong, SU Boni, LI Yuntao, FU Ming. Quantitative risk assessment of external floating roof tank areas based on the numerical simulations[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(10): 1143-1149.
[10] Yi LIU,Long LIU,Wangfeng LI,Yebin DONG,Xiuqing ZHANG. Modeling regional atmospheric risks of petrochemical park planning[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(1): 80-86.
[11] Gang MA, Yuge DU, Jiang RONG, Jiarui GAN, Zhongzhi SHI, Bo AN. Risk assessment of complex information system security based on threat propagation[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 35-43.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd