ATA-BASED SECURITY ASSESSMENT OF SMART BUILDING AUTOMATION SYSTEMS

Qahtan Abdulmunem Al-Sudani Mustafa, Al-Khafaji Ahmed Waleed, V. S. Kharchenko

Abstract


The information and control system of smart building is considered as a set of subsystems including building automation system (BAS). BAS security and availability during its life cycle are assessed using the technique Attack Tree Analysis (ATA), and Failure Modes and Effects Analysis (FMECA). The FMECA is applied at the initial stage of analysis to assess criticality of BAS hardware/software failures and failed connections between components on the different levels of system design. Modification of FMECA is IMECA allowing to analyze modes and effects of attacks/intrusions. The ATA is applied to investigate any intrusions into the BAS by analyzing system probability of a failure caused by faults and vulnerabilities during operation time. The ATA is applied for different BAS subsystems and results of analysis are combined.

Keywords


Smart building, Building Automation System, security, FMECA,IMECA, ATA

Full Text:

PDF

References


Al-Sudani, Mustafa Qahtan Abdulmunem, AlKhafaji, Ahmed Waleed, Kharchenko, V. S. The method of IMECA-based security assessment case study for building automation system. Information processing systems, 2016. no. 1 (138), pp. 138-144. Available at: http://www.hups.mil.gov.ua/periodicapp/article/15263/soi_2016_1_31.pdf (accessed at 15.05.2016).

International standard ISO/IEC 15408-2. Third edition 2008-08-15 Corrected version 2011-06-01. Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional components. Available at: https://webstore.iec.ch/preview/info_isoiec15408- 2%7Bed3.0%7Den.pdf (accessed at 01.06.2016).

Baybutt, P. Scenario based approach for industrial cyber security vulnerability analysis. In: Hydrocarbon processing, March 2004, vol. 83, no. 3, 49 pp. Available at: http://www.primatech.com/ images/docs/paper_cyber_security_risk_analysis_for_pr ocess_control_systems_using_rings_of_protection_anal ysis_ropa.pdf (accessed at 05.06.2016).

Ban, X. A., Tong, Xin. Scenario-Based Information Security Risk Evaluation Method. International Journal of Security and Its Applications. China Information Technology Security Evaluation Center Beijing, 2014, vol. 8, no 5, pp. 21-30. Available at: http://www.sersc.org/journals/IJSIA/vol8_no5_2014/ 3.pdf (accessed at 15.06.2016).

Granzer, W., Kastner, W., Georg, N., Praus, F. Security in Networked Building Automation Systems. ViennaUniversity of Technology Inst. of Computer Aided Automation, Automation Systems Group, Treitlstraße 1-3, A-1040 Vienna, Austria. Available at: http://osgug.ucaiug.org/utilisec/embedded/Shared%20D ocuments/Device%20Security/EpochInputs/BAS%20Se curity.pdf (accessed at 20.06.2016).

Anonymous. FPGA Architectures: An Overview, Chapter 2. Available at: http://www.springer.com/cda/ content/document/cda_downloaddocument/9781461435 938-c2.pdf?SGWID=0-0-45-1333135-p174308376/ (accessed at 29.06.2016).

Majzoobi, M., Koushanfar F., Potkonjak, M. FPGA-oriented Security. Handbook, chapter 1. Available at: http://web.cs.ucla.edu/~miodrag/papers/ Majzoobi_2011.pdf (accessed at 04.07.2016 ).

Shulman, A. Top Ten Database Security Threats. Available at: http://www.schell.com/Top_Ten_ Database_Threats.pdf (accessed at 04.08.2016).

Al-sudani, Mustafa Qahtan Abdulmunem, Kharchenko, V. S., Uzun, D. Vulnerability analysis of wireless networks. Radioelectronic and computer system, 2015, no. 2 (72), pp. 76-69. Available at: http://www.khai.edu/csp/nauchportal/Arhiv/REKS/2015 /REKS215/AlSudani.pdf (accessed at 15.07.2016).

Al-sudani, Mustafa Qahtan Abdulmunem, Kharchenko, V. S. Cyber security of FPGA-based System for Building Automation System: Problem and Solutions. Radioelectronic and computer systems, 2015, no. 1 (71), pp. 39-46. Avalable at: http://www.khai. edu/csp/nauchportal/Arhiv/REKS/2015/REKS115/Suda niKHarch.pdf (accessed at 15.07.2016).

Moore, A., Ellison, R., Linger, R. Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. Available at: http://www.sei.cmu.edu/reports/01tn001.pdf (accessed at 20.07.2016 ).

Anonymous. Security Assessment via Attack Tree Model, Chapter 2. Available at: http://www.springer.com/.../9781461493563-c1.pdf (accessed at 25.07.2016).

Terrance, R. Attack Tree-based Threat Risk Analysis. Amenaza Technologies Limited406 – 917 85th St SW, m/s 125 Calgary, Alberta T3H 5Z9 Canada. Available at: https://www.amenaza.com/downloads/docs/AttackTreeThreatRiskAnalysis.pdf/ (accessed at 28.07.2016).

Ghahramain, Z. An Introduction to Hidden Markov Model and Bayeusain Network. International journal of pattern recognition and artificial intelligence. 2001, 15(1), pp. 9-42. Available at: http://mlg.eng. cam.ac.uk/zoubin/papers/ijprai.pdf (accessed at 01.08.2016).

Babeshko, Eu. Kharchenko, V. S., Gorbenko, A. Applying F(I)MEA-technique for SCADA-based Industrial Control Systems Dependability Assessment and Ensuring. Third International Conference on Dependability of Computer Systems DEPCOSRELCOMEX. 2008, pp. 315-309. Available at: http://www.scirp.org/journal/PaperDownload.aspx?pape rID=8252/(accessed at 01.08.2016).


Refbacks

  • There are currently no refbacks.