Archivio Istituzionale della RicercaIn modern factories, personal computers are starting to replace traditional programmable logic controllers, due to cost and flexibility reasons, and also because their operating systems now support programming environments even suitable for demanding real-time applications. These characteristics, as well as the ready availability of many software packages covering any kind of needs, have made the introduction of PC-based devices at the factory field level especially attractive. However, this approach has a profound influence on the extent of threats that a factory computing infrastructure shall be prepared to deal with. In fact, industrial personal computers share the same kinds of vulnerabilities with their office automation counterparts. Then, their introduction increases the risk of cyber-attacks. As the complexity of the network grows, the problem rapidly becomes hard to tackle by hand, due to the subtle and unforeseen interactions that may occur among apparently unrelated vulnerabilities, thus bearing the focus on the full automation of the analysis. Going into this direction, this paper presents a software tool that, given an accurate and machine-readable description of vulnerabilities, detects whether or not they are of concern and evaluates consequences in the context of a factory network.
Detecting Chains of Vulnerabilities in Industrial Networks / Cheminod, Manuel; CIBRARIO BERTOLOTTI, Ivan; Durante, Luca; Maggi, Paolo; Pozza, Davide; Sisto, Riccardo; Valenzano, Adriano. - In: IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS. - ISSN 1551-3203. - STAMPA. - 5:2(2009), pp. 181-193. [10.1109/TII.2009.2018627]
Detecting Chains of Vulnerabilities in Industrial Networks
CHEMINOD, MANUEL;CIBRARIO BERTOLOTTI, IVAN;DURANTE, LUCA;MAGGI, Paolo;POZZA, DAVIDE;SISTO, Riccardo;VALENZANO, ADRIANO
2009
Abstract
In modern factories, personal computers are starting to replace traditional programmable logic controllers, due to cost and flexibility reasons, and also because their operating systems now support programming environments even suitable for demanding real-time applications. These characteristics, as well as the ready availability of many software packages covering any kind of needs, have made the introduction of PC-based devices at the factory field level especially attractive. However, this approach has a profound influence on the extent of threats that a factory computing infrastructure shall be prepared to deal with. In fact, industrial personal computers share the same kinds of vulnerabilities with their office automation counterparts. Then, their introduction increases the risk of cyber-attacks. As the complexity of the network grows, the problem rapidly becomes hard to tackle by hand, due to the subtle and unforeseen interactions that may occur among apparently unrelated vulnerabilities, thus bearing the focus on the full automation of the analysis. Going into this direction, this paper presents a software tool that, given an accurate and machine-readable description of vulnerabilities, detects whether or not they are of concern and evaluates consequences in the context of a factory network.
| File | Dimensione | Formato | |
|---|---|---|---|
|
04895710.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
896.26 kB
Formato
Adobe PDF
|
896.26 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
detectingChains_authorscopy.pdf
accesso aperto
Descrizione: Author's copy
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
638.03 kB
Formato
Adobe PDF
|
638.03 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2280634