Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AsIf: Asset Interface Analysis of Industrial Automation Devices

Thomas Rosenstatter, Christian Schäfer, Olaf Saßnick, Stefan Huber

TL;DR

A systematic approach is introduced to help identify and classify asset interfaces in industrial systems, with special focus on physical threats, and results in an enriched system model of the asset, offering a comprehensive overview visually represented as an interface tree.

Abstract

As Industry 4.0 and the Industrial Internet of Things continue to advance, industrial control systems are increasingly adopting IT solutions, including communication standards and protocols. As these systems become more decentralized and interconnected, a critical need for enhanced security measures arises. Threat modeling is traditionally performed in structured brainstorming sessions involving domain and security experts. Such sessions, however, often fail to provide an exhaustive identification of assets and interfaces due to the lack of a systematic approach. This is a major issue, as it leads to poor threat modeling, resulting in insufficient mitigation strategies and, lastly, a flawed security architecture. We propose a method for the analysis of assets in industrial systems, with special focus on physical threats. Inspired by the ISO/OSI reference model, a systematic approach is introduced to help identify and classify asset interfaces. This results in an enriched system model of the asset, offering a comprehensive overview visually represented as an interface tree, thereby laying the foundation for subsequent threat modeling steps. To demonstrate the proposed method, the results of its application to a programmable logic controller (PLC) are presented. In support of this, a study involving a group of 12 security experts was conducted. Additionally, the study offers valuable insights into the experts' general perspectives and workflows on threat modeling.

AsIf: Asset Interface Analysis of Industrial Automation Devices

TL;DR

A systematic approach is introduced to help identify and classify asset interfaces in industrial systems, with special focus on physical threats, and results in an enriched system model of the asset, offering a comprehensive overview visually represented as an interface tree.

Abstract

As Industry 4.0 and the Industrial Internet of Things continue to advance, industrial control systems are increasingly adopting IT solutions, including communication standards and protocols. As these systems become more decentralized and interconnected, a critical need for enhanced security measures arises. Threat modeling is traditionally performed in structured brainstorming sessions involving domain and security experts. Such sessions, however, often fail to provide an exhaustive identification of assets and interfaces due to the lack of a systematic approach. This is a major issue, as it leads to poor threat modeling, resulting in insufficient mitigation strategies and, lastly, a flawed security architecture. We propose a method for the analysis of assets in industrial systems, with special focus on physical threats. Inspired by the ISO/OSI reference model, a systematic approach is introduced to help identify and classify asset interfaces. This results in an enriched system model of the asset, offering a comprehensive overview visually represented as an interface tree, thereby laying the foundation for subsequent threat modeling steps. To demonstrate the proposed method, the results of its application to a programmable logic controller (PLC) are presented. In support of this, a study involving a group of 12 security experts was conducted. Additionally, the study offers valuable insights into the experts' general perspectives and workflows on threat modeling.
Paper Structure (17 sections, 7 figures, 2 tables)

This paper contains 17 sections, 7 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Motivation
  3. Problem Statement and Contribution
  4. Related Work and Background
  5. Related Work
  6. Hybrid TCP/IP Model
  7. Threat Modeling
  8. Methodology
  9. Use Case
  10. Hardware
  11. Applying the Method
  12. Generating a Data Flow Diagram
  13. Evaluation
  14. Design of the Study
  15. Industry's Perception on Threat Modeling
  16. ...and 2 more sections

Figures (7)

  • Figure 1: Comparison of the different network models: / model (left), the / model (center) and Tanenbaum's hybrid TCP/IP model tanenbaum2010 (right).
  • Figure 2: Extended TCP/IP model with example protocols. It shows the interfaces of an exemplary industrial device, which provides access via OPC UA and an HMI via a HTTP web server. As the firmware contains not only the applications, but also the software stacks and drivers for all other interfaces, it is modeled across all layers.
  • Figure 3: A threat modeling workflow, ranging from the system analysis and modeling (1.a) to the creation of a (1.b), the threat analysis (2.a) and prioritization (2.b), with and exemplary, to the identification (3.a) and implementation (3.b) of countermeasures and lastly their validation (4). The use of STRIDE is exemplary, any threat modeling method can be used based on AsIf.
  • Figure 4: Resulting interface tree after applying the AsIf method on the .
  • Figure 5: Data flow diagram of the during the service phase.
  • ...and 2 more figures