SCADA Case Study from QEST 2011
Basic Information
- Example Name: Scada Case Study from QEST 2011
- Mobius Version: 2.5
- Contributor(s): Ken Keefe
- Contact Information: kjkeefe@illinois.edu
- Web URL: http://www.mobius.illinois.edu
- Associated Paper: ADVISE
Description
System architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and its adversaries. To provide such metrics, we formally define the ADversary VIew Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the results of such an attack. The attack decision function uses information about adversary attack preferences and possible attacks against the system to mimic how the adversary selects the most attractive next attack step. The adversary’s decision involves looking ahead some number of attack steps. System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. We demonstrate the feasibility and benefits of ADVISE using a case study. To produce quantitative model-based security metrics, we have implemented the ADVISE method in a tool that facilitates user input of system and adversary data and automatically generates executable models.
Additional Details
System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. The practical application of ADVISE was demonstrated in a case study of four adversaries attacking two variants of a SCADA architecture. This case study demonstrated how the quantitative security metrics produced by ADVISE can aid system design and provide insight on system security.
