工业控制系统产品安全评价方法

The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Pub Date : 2014-06-04 DOI:10.1109/CYBER.2014.6917472

A. Hristova, Roman Schlegel, S. Obermeier

{"title":"工业控制系统产品安全评价方法","authors":"A. Hristova, Roman Schlegel, S. Obermeier","doi":"10.1109/CYBER.2014.6917472","DOIUrl":null,"url":null,"abstract":"Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.","PeriodicalId":183401,"journal":{"name":"The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Security assessment methodology for industrial control system products\",\"authors\":\"A. Hristova, Roman Schlegel, S. Obermeier\",\"doi\":\"10.1109/CYBER.2014.6917472\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.\",\"PeriodicalId\":183401,\"journal\":{\"name\":\"The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CYBER.2014.6917472\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CYBER.2014.6917472","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

工业控制系统(ICS)是关键基础设施的核心，因此安全对这些系统非常重要。为了确定现有和计划中的系统的安全级别，应该对ICS产品进行有效和全面的评估。在本文中，我们提出了一种评估产品或系统安全性的方法，可以由安全专家和非专家使用。该方法包含具体和具体的安全性建议(什么)，每个建议的基本原理(为什么)以及具体的实现指导(如何)。该方法旨在帮助产品团队快速有效地评估其产品的安全级别，为未来的开发工作确定资源的优先级，并为未来的产品生成安全需求。我们通过将该方法的具体实例应用于一个虚构的ICS产品来验证该方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security assessment methodology for industrial control system products

Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent

自引率

0.00%

发文量