Past Research

2015 Research

by Dr. Janusz Zalewski

Threat Modeling for Aviation Computer Security Crosstalk: The Journal of Defense Software Engineering

A. Baquero, A.J. Kornecki, J. Zalewski

Crosstalk: The Journal of Defense Software Engineering, Vol. 28, No. 6, pp. 21-27, 2015.

Abstract: The safety of aircraft cannot be analyzed anymore based only on potential hazards and failures. Due to their increasing interconnectivity, modern computer systems are exposed to a variety of security threats. Additionally, complexity of the system may be a source of vulnerabilities opening the system to malicious actions with ultimate impact on safety. Threat Modeling is the technique that assists software engineers to identify and document potential security threats associated with a software product, providing development teams a systematic way of discovering strengths and weaknesses in their software applications. Microsoft’s SDL Threat Modeling Tool offers automated analysis of security threats of systems that can be represented using data flow diagrams. The article discusses issues of security in aviation and presents a case study of a realistic cyber-physical system to introduce tool-supported threat modeling method which can be used for unmanned aerial systems security analyses.

Modeling Resiliency and Its Essential Components for Cyberphysical Systems Annals of Computer Science and Information Systems

J. Zalewski, S. Drager, W. McKeever, A.J. Kornecki, B. Czejdo

Annals of Computer Science and Information Systems, Vol. 6, pp. 107-114, 2015.

Abstract: This paper presents an initial approach related to modeling resiliency for cyberphysical systems. It discusses the concept and definitions of resiliency and outlines the process of building a model of resiliency. Through analogies with feedback control and fault tolerance, the Design for Resilience is addressed, where the design of the controller component of a cyberphysical system needs to account for potential safety hazards and security threats, with awareness of its internal faults and vulnerabilities. This model is validated against other approaches to modeling resilience described in the literature, followed by a discussion of the resilience metrics. The paper concludes with presenting the strategy of modeling resiliency, based on the assumption that one cannot guarantee absolute protection against attacks, or failures, but can aim at providing successful recovery after disruptions. With safety and security as essential resiliency components, an extended model is proposed involving an attacker, suggesting appropriate performance metric reflecting the distance between the normal state and the degraded state. A model-based environment Möbius, from the University of Illinois, is considered in helping to evaluate resiliency under various operational scenarios.

Close Menu