東華大學圖書館 |

Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services = = Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services =/
其他題名:	Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών.
作者:	Στέλλιος, Ιωάννης.
其他作者:	Stellios, Ioannis,
面頁冊數:	1 online resource (232 pages)
附註:	Source: Dissertations Abstracts International, Volume: 84-12, Section: A.
Contained By:	Dissertations Abstracts International84-12A.
標題:	Smart cities. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30461233click for full text (PQDT)
ISBN:	9798379647827

Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services = = Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών.
Στέλλιος, Ιωάννης.

Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services =Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών. - 1 online resource (232 pages)

Source: Dissertations Abstracts International, Volume: 84-12, Section: A.

Thesis (Ph.D.)--University of Piraeus (Greece), 2022.

Includes bibliographical references

Critical Infrastructures (CIs) play a vital role to the well-being of our society, as their disruption would have a significant effect on the security, safety, economy and public health at a national or even international level. Power grids, communication networks, industry infrastructures, transportation networks, health services, financial services, agriculture as well as urban environments can be considered as the most important CI sectors. In the last few decades the growth of Information and Communication Technologies (ICT) have introduced Industrial Control Systems (ICS) which, in turn, play a vital role on most CIs environments. Unfortunately, cyber-physical threats evolved to fit this new environment. Attacks that formerly required physical access to be triggered, have not become cyber-enabled: A remote adversary could disrupt the operations of a CI just by attacking the corresponding ICS systems.Furthermore, the introduction of Industry 4.0 as well as the Internet of Things (IoT) related technologies have further transformed the CIs. Enabling features such as system automation and operating efficiency, remote management, command & control, production programming and optimization, human error as well as production cost reduction became the norm to otherwise isolated complex cyber-physical systems.But all this interconnectivity, interoperability and physical proximity transformed the threat landscape by introducing complex and hard-to-identify attack vectors against Cyber-Physical Systems (CPS) that used to be isolated systems. In addition, the lack of up-to-date security controls and frameworks, the use of commercial, off-the-shelf IoT devices in manufacturing and industrial facilities, the plethora of vulnerabilities found in both hardware and software, the adoption of insecure wireless network protocols and the copious cyber-physical capabilities of IoT-devices, have enabled remote adversaries to extend their reach from cyber to cyber-physical thus resulting in complex, subliminal attack scenarios. Most of these attacks can be considered as IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected with it, in some way.Unfortunately, existing Risk Assessment (RA) methodologies cannot address these new threat types. In the literature, there is a lack of risk assessment methodologies targeted in identifying, modelling and assessing such complex cyber-physical attack vectors. The main research goal of this thesis is to contribute in understanding, identifying and assessing these novel IoT-enabled, cyber-physical attacks paths against critical infrastructures and services.The thesis is structured in five sections, each of which includes a number of chapters. In Section I the foundations (Chapter 1) and the related work (Chapter 2) is introduced, to assist the reader in understanding the current state-of-the-art and the open research challenges related with the identification and assessment of IoT-enabled, cyber-physical attacks. Section II (Chapters 3-4) analyzes the relevant threat landscape. In particular, in Chapter 3 we review recent, Proof-of-Concept (PoC) as well as real incidents of IoT-enabled attacks on critical infrastructures and services whereas in Chapter 4 we dive into a deeper analysis of high-profile attacks presented in the previous chapter.Section III (Chapters 5-6) introduces the novel risk assessment methodologies introduced in this thesis. Specifically, in Chapter 5 we propose a high-level framework in order to assess the criticality of the attack scenarios presented in Chapters 3 and 4. Then, in Chapter 6, we develop a low-level, detailed RA methodology to identify, model and assess complex, IoT-enabled cyber-physical attacks.Section IV (Chapters 7-9) focuses on the validation of the methodologies presented in Chapters 5 and 6. Particularly, in Chapter 7 we apply the framework presented in Chapter 5 on the cyber-physical attacks presented in Chapters 3 and 4, considering a worst-case scenario approach. Then, we test the low-level RA methodology presented in Chapter 6, in two different cases: a smart city scenario (Chapter 8) and a healthcare scenario (Chapter 9).Finally, Section V (Chapters 10-11) summarizes the results of this thesis that are related with the mitigation of IoT-enabled attack paths, along with open research challenges that require additional future work respectively. In Chapter 10 state-of-the-art mitigation controls are proposed for specific domains. In particular, countermeasures that aim at reducing the threat and/or the vulnerability level, in the context of the attack scenarios presented in Chapter 10.Additionally, mitigation strategies based on the results of our low-level methodology are presented for the e-healthcare PoC scenario. Finally, Chapter 11 concludes this thesis by providing an overview of the proposed methodologies, along with their limitations and the future research challenges that have been identified.

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2023

Mode of access: World Wide Web

ISBN: 9798379647827Subjects--Topical Terms:

3338351
Smart cities.
Index Terms--Genre/Form:

542853
Electronic books.

Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services = = Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών.
LDR:06815nmm a2200397K 4500 001 2362433
005 20231027104036.5
006 m o d
007 cr mn ---uuuuu
008 241011s2022 xx obm 000 0 eng d
020 $a 9798379647827
035 $a (MiAaPQ)AAI30461233
035 $a (MiAaPQ)Piraeus15223
035 $a AAI30461233
040 $a MiAaPQ $b eng $c MiAaPQ $d NTU
100 1 $a Στέλλιος, Ιωάννης. $3 3703155
245 1 0 $a Identification, Modeling and Assessment of Io Tenabled, Cyber-Physical Attack Paths Against Critical Infrastructures and Services = $b Αναγνώριση, μοντελοποίηση και αξιολόγηση κυβερνο-φυσικών μονοπατιών επίθεσης προερχόμενα από το Διαδίκτυο των Πραγμάτων, κατά κρίσιμων υποδομών και υπηρεσιών.
264 0 $c 2022
300 $a 1 online resource (232 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Dissertations Abstracts International, Volume: 84-12, Section: A.
500 $a Advisor: Panayiotis, Kotzanikolaou;Alcaraz, Cristina;Psarakis, Mihalis.
502 $a Thesis (Ph.D.)--University of Piraeus (Greece), 2022.
504 $a Includes bibliographical references
520 $a Critical Infrastructures (CIs) play a vital role to the well-being of our society, as their disruption would have a significant effect on the security, safety, economy and public health at a national or even international level. Power grids, communication networks, industry infrastructures, transportation networks, health services, financial services, agriculture as well as urban environments can be considered as the most important CI sectors. In the last few decades the growth of Information and Communication Technologies (ICT) have introduced Industrial Control Systems (ICS) which, in turn, play a vital role on most CIs environments. Unfortunately, cyber-physical threats evolved to fit this new environment. Attacks that formerly required physical access to be triggered, have not become cyber-enabled: A remote adversary could disrupt the operations of a CI just by attacking the corresponding ICS systems.Furthermore, the introduction of Industry 4.0 as well as the Internet of Things (IoT) related technologies have further transformed the CIs. Enabling features such as system automation and operating efficiency, remote management, command & control, production programming and optimization, human error as well as production cost reduction became the norm to otherwise isolated complex cyber-physical systems.But all this interconnectivity, interoperability and physical proximity transformed the threat landscape by introducing complex and hard-to-identify attack vectors against Cyber-Physical Systems (CPS) that used to be isolated systems. In addition, the lack of up-to-date security controls and frameworks, the use of commercial, off-the-shelf IoT devices in manufacturing and industrial facilities, the plethora of vulnerabilities found in both hardware and software, the adoption of insecure wireless network protocols and the copious cyber-physical capabilities of IoT-devices, have enabled remote adversaries to extend their reach from cyber to cyber-physical thus resulting in complex, subliminal attack scenarios. Most of these attacks can be considered as IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected with it, in some way.Unfortunately, existing Risk Assessment (RA) methodologies cannot address these new threat types. In the literature, there is a lack of risk assessment methodologies targeted in identifying, modelling and assessing such complex cyber-physical attack vectors. The main research goal of this thesis is to contribute in understanding, identifying and assessing these novel IoT-enabled, cyber-physical attacks paths against critical infrastructures and services.The thesis is structured in five sections, each of which includes a number of chapters. In Section I the foundations (Chapter 1) and the related work (Chapter 2) is introduced, to assist the reader in understanding the current state-of-the-art and the open research challenges related with the identification and assessment of IoT-enabled, cyber-physical attacks. Section II (Chapters 3-4) analyzes the relevant threat landscape. In particular, in Chapter 3 we review recent, Proof-of-Concept (PoC) as well as real incidents of IoT-enabled attacks on critical infrastructures and services whereas in Chapter 4 we dive into a deeper analysis of high-profile attacks presented in the previous chapter.Section III (Chapters 5-6) introduces the novel risk assessment methodologies introduced in this thesis. Specifically, in Chapter 5 we propose a high-level framework in order to assess the criticality of the attack scenarios presented in Chapters 3 and 4. Then, in Chapter 6, we develop a low-level, detailed RA methodology to identify, model and assess complex, IoT-enabled cyber-physical attacks.Section IV (Chapters 7-9) focuses on the validation of the methodologies presented in Chapters 5 and 6. Particularly, in Chapter 7 we apply the framework presented in Chapter 5 on the cyber-physical attacks presented in Chapters 3 and 4, considering a worst-case scenario approach. Then, we test the low-level RA methodology presented in Chapter 6, in two different cases: a smart city scenario (Chapter 8) and a healthcare scenario (Chapter 9).Finally, Section V (Chapters 10-11) summarizes the results of this thesis that are related with the mitigation of IoT-enabled attack paths, along with open research challenges that require additional future work respectively. In Chapter 10 state-of-the-art mitigation controls are proposed for specific domains. In particular, countermeasures that aim at reducing the threat and/or the vulnerability level, in the context of the attack scenarios presented in Chapter 10.Additionally, mitigation strategies based on the results of our low-level methodology are presented for the e-healthcare PoC scenario. Finally, Chapter 11 concludes this thesis by providing an overview of the proposed methodologies, along with their limitations and the future research challenges that have been identified.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2023
538 $a Mode of access: World Wide Web
650 4 $a Smart cities. $3 3338351
650 4 $a Medical equipment. $3 3560831
650 4 $a Smart houses. $3 3700886
650 4 $a Malware. $3 3562952
650 4 $a Lighting systems. $3 3703157
650 4 $a Connectivity. $3 3560754
650 4 $a Civil engineering. $3 860360
650 4 $a Computer science. $3 523869
650 4 $a Information technology. $3 532993
650 4 $a Medicine. $3 641104
650 4 $a Urban planning. $3 2122922
650 4 $a Web studies. $3 2122754
655 7 $a Electronic books. $2 lcsh $3 542853
690 $a 0543
690 $a 0984
690 $a 0501
690 $a 0489
690 $a 0564
690 $a 0999
690 $a 0646
700 1 $a Stellios, Ioannis, $e author. $3 3703156
710 2 $a ProQuest Information and Learning Co. $3 783688
710 2 $a University of Piraeus (Greece). $3 3690333
773 0 $t Dissertations Abstracts International $g 84-12A.
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30461233 $z click for full text (PQDT)