Portal de Periódicos da CAPES

An architecture for HESTIA: high-level and extensible system for training and infrastructure risk assessment

2018; Volume: 1; Issue: 2 Linguagem: Inglês

10.1504/ijitca.2018.10013700

2059-7975

Michael Haney, Predrag T. Tošić, Jim Alves-Foss, Brian Johnson, Frederick T. Sheldon, Mohammad Ashrafuzzaman, Ananth A. Jillepalli, Daniel Conte de Leon, Yacine Chakhchoukh,

Network Security and Intrusion Detection

Currently, preventing and mitigating cyber-attacks on cyber-physical control systems (CPCS) is a major challenge. A successful process for cyber-attack prevention and mitigation requires continuous vulnerability identification, threat modelling, risk assessment, hardening strategy design, and timely and correct implementation. These processes require a complete and detailed model of the CPCS plus knowledge of possible attacks and applicable defences. In this article, we describe the architecture of HESTIA: high-level and extensible system for training and infrastructure risk assessment. HESTIA is an iterative and adversarial-based modelling and risk assessment process and accompanying tool-set. We also describe the non-trivial design hurdles and concrete strategies for addressing these hurdles. Once fully developed, HESTIA will be able to: 1) completely specify a CPCS infrastructure; 2) check a specification for consistency; 3) identify applicable attacks and defences from a library; 4) enable the iterative execution of attack and hardening scenarios for training and risk-assessment and mitigation.