基于动态故障树的信息物理融合系统风险分析

doi:10.11772/j.issn.1001-9081.2018122601

计算机应用 ›› 2019, Vol. 39 ›› Issue (6): 1735-1741.DOI: 10.11772/j.issn.1001-9081.2018122601

基于动态故障树的信息物理融合系统风险分析

徐丙凤¹, 钟志成¹, 何高峰²

1. 南京林业大学信息科学技术学院, 南京 210037;
2. 南京邮电大学物联网学院, 南京 210003

收稿日期:2018-12-20 修回日期:2019-02-13 发布日期:2019-06-17 出版日期:2019-06-10
通讯作者: 何高峰
作者简介:徐丙凤(1986-),女,安徽安庆人,讲师,博士,CCF会员,主要研究方向:信息物理融合系统安全、软件工程;钟志成(1998-),男,江苏东台人,主要研究方向:信息物理融合系统安全;何高峰(1984-),男,安徽安庆人,讲师,博士,CCF会员,主要研究方向:网络安全、信息物理融合系统安全。
基金资助:
国家自然科学基金青年科学基金资助项目（61802192，61702282）；江苏省高等学校自然科学研究项目（18KJB520024，17KJB520023）；南京林业大学校青年创新基金资助项目（CX2016026，GXL016）；南京邮电大学引进人才科研启动基金资助项目（NY217143）；南京林业大学大学生创新训练计划项目（2018NFUSPITP475，2018NFUSPITP457）。

Risk analysis of cyber-physical system based on dynamic fault trees

XU Bingfeng¹, ZHONG Zhicheng¹, HE Gaofeng²

1. College of Information Science and Technology, Nanjing Forestry University, Nanjing Jiangsu 210037, China;
2. College of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China

Received:2018-12-20 Revised:2019-02-13 Online:2019-06-17 Published:2019-06-10
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61802192, 61702282), the Natural Science Research Project of Universities of Jiangsu Province (18KJB520024, 17KJB520023), the Youth Innovation Foundation of Nanjing Forestry University (CX2016026, GXL016), the Startup Foundation of Nanjing University of Posts and Telecommunications (NY217143), the Undergraduate Innovation Training Program of Nanjing Forestry University (2018NFUSPITP475, 2018NFUSPITP457).

摘要/Abstract

摘要： 针对信息物理融合系统（CPS）中的网络安全攻击会导致系统失效的问题，提出一种基于动态故障树的CPS风险建模及分析方法。首先，对动态故障树和攻击树集成建模，构建攻击-动态故障树（Attack-DFTs）模型；然后，分别采用二元决策图和输入输出马尔可夫链给出攻击-动态故障树中的静态子树和动态子树的形式化模型，并在此基础上给出攻击-动态故障树的定性分析方法，即分析网络安全攻击导致系统失效的基本事件路径；最后，通过一个典型的排污系统应用实例对方法的有效性进行验证。案例分析结果表明，所提方法能够分析CPS中由于网络安全攻击导致系统失效的事件序列，有效实现了CPS的综合安全评估。

关键词: 信息物理融合系统, 动态故障树, 攻击树, 风险分析, 二元决策图

Abstract: In order to solve the problem that network security attacks against the Cyber-Physical System (CPS) will cause a system failure, a CPS risk modeling and analysis method based on dynamic fault tree was proposed. Firstly, the integrated modeling was performed to dynamic fault tree and dynamic attack tree to build the Attack-Dynamic Fault Trees (Attack-DFTs) model. Then, the formal models of static subtree and dynamic subtree in Attack-DFTs were given by binary decision graph and input-out Markov chain respectively. On this basis, the qualitative analysis method of Attack-DFTs was given to analyze the basic event path of the system failure caused by network security attacks. Finally, the effectiveness of the proposed method was verified by the typical case study of a pollution system. The case analysis results show that, the proposed method can analyze the event sequence of system failure caused by network security attack in CPS, and effectively realize the formal safety assessment of CPS.

Key words: Cyber-Physical System (CPS), dynamic fault tree, attack tree, risk analysis, binary decision diagram

中图分类号:

TP311.5

徐丙凤, 钟志成, 何高峰. 基于动态故障树的信息物理融合系统风险分析[J]. 计算机应用, 2019, 39(6): 1735-1741.

XU Bingfeng, ZHONG Zhicheng, HE Gaofeng. Risk analysis of cyber-physical system based on dynamic fault trees[J]. Journal of Computer Applications, 2019, 39(6): 1735-1741.

参考文献

[1] LEE J, BAGHERI B, KAO H. A cyber-physical systems architecture for industry 4.0-based manufacturing systems[J]. Manufacturing Letters, 2015, 3:18-23.
[2] NGUYEN P H, ALI S, YUE T. Model-based security engineering for cyber-physical systems:a systematic mapping study[J]. Information and Software Technology, 2017, 83:116-135.
[3] 汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.(TANG Y, CHEN Q, LI M Y, et al. Overview on cyber-attacks against cyber physical power system[J]. Automation of Electric Power Systems, 2016, 40(17):59-69.)
[4] RAO A, CARREÓN N, LYSECKY R, et al. Probabilistic threat detection for risk management in cyber-physical medical systems[J]. IEEE Software, 2018, 35(1):38-43.
[5] EHRENFELD J M. WannaCry, cybersecurity and health information technology:a time to act[J]. Journal of Medical Systems, 2017, 41(7):104.
[6] WOSKOWSKI C. A pragmatic approach towards safe and secure medical device integration[C]//Proceedings of the 2014 International Conference on Computer Safety, Reliability, and Security, LNCS 8666. Berlin:Springer, 2014:342-353.
[7] NAGARAJU V, FIONDELLA L, WANDJI T. A survey of fault and attack tree modeling and analysis for cyber risk management[C]//Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security. Piscataway, NJ:IEEE, 2017:1-6.
[8] FOVINO I N, MASERA M, de CIAN A. Integrating cyber attacks within fault trees[J]. Reliability Engineering & System Safety, 2009, 94(9):1394-1402.
[9] STEINER M, LIGGESMEYER P. Qualitative and quantitative analysis of CFTs taking security causes into account[C]//Proceedings of the 2014 International Conference on Computer Safety, Reliability, and Security, LNCS 9338. Berlin:Springer, 2014:109-120.
[10] KORDY B, PIÈTRE-CAMBACÉDÈS L, SCHWEITZER P. DAG-based attack and defense modeling:don't miss the forest for the attack trees[J]. Computer Science Review, 2014, 13/14:1-38.
[11] CHOCKALINGAM S, HADŽIOSMANOVIC D, PIETERS W, et al. Integrated safety and security risk assessment methods:a survey of key characteristics and applications[C]//Proceedings of the 2016 International Conference on Critical Information Infrastructures Security, LNCS 10242. Berlin:Springer, 2016:50-62.
[12] KRIAA S, PIETRE-CAMBACEDES L, BOUISSOU M, et al. A survey of approaches combining safety and security for industrial control systems[J]. Reliability Engineering & System Safety, 2015, 139:156-178.
[13] KHORSHIDI H A, GUNAWAN I, IBRAHIM M Y. Data-driven system reliability and failure behavior modeling using FMECA[J]. IEEE Transactions on Industrial Informatics, 2016, 12(3):1253-1260.
[14] BOZZANO M, CIMATTI A, KATOEN J P, et al. Safety, dependability and performance analysis of extended AADL models[J]. The Computer Journal, 2011, 54(5):754-775.
[15] JONES J A. An introduction to Factor Analysis of Information Risk (FAIR)[J]. Norwich Journal of Information Assurance, 2006, 2(1):67.
[16] BEHNIA A, RASHID R A, CHAUDHRY J A. A survey of information security risk analysis methods[J]. SmartCR, 2012, 2(1):79-94.
[17] SHERER A, ROSE J, ODDONE R. Ensuring functional safety compliance for ISO 26262[C]//Proceedings of the 52nd Annual Design Automation Conference. New York:ACM, 2015:98.
[18] SESAMO. Security and safety modelling[EB/OL]. (2018-01-20)[2018-07-10]. http://sesamo-project.eu/.
[19] KUMAR R, STOELINGA M. Quantitative security and safety analysis with attack-fault trees[C]//Proceedings of the 2017 IEEE 18th International Symposium on High Assurance Systems Engineering. Piscataway, NJ:IEEE, 2017:25-32.
[20] MAX S. Integrating security concerns into safety analysis of embedded systems using component fault trees[D]. Kaiserslautern:Technische Universität Kaiserslautern, 2016:59-77.
[21] ROTH M, LIGGESMEYER P. Modeling and analysis of safety-critical cyber physical systems using state/event fault trees[C]//Proceedings of the 32nd International Conference on Computer Safety, Reliability and Security, LNCS 8153. Berlin:Springer, 2013:253-273.
[22] CEPIN M, MAVKO B. A dynamic fault tree[J]. Reliability Engineering & System Safety, 2002, 75(1):83-91.
[23] RUIJTERS E, STOELINGA M. Fault tree analysis:a survey of the state-of-the-art in modeling, analysis and tools[J]. Computer Science Review, 2015, 15/16:29-62.
[24] AKERS S B. Binary decision diagrams[J]. IEEE Transactions on Computers, 1978, 27(6):509-516.
[25] BOUDALI H, STOELINGA M, CROUZEN P. A rigorous, compositional, and extensible framework for dynamic fault tree analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2010, 7(2):128-143.
[26] GULATI R, DUGAN J B. A modular approach for analyzing static and dynamic fault trees[C]//Proceedings of the 1997 Annual Reliability and Maintainability Symposium:Piscataway, NJ:IEEE, 1997:57-63.
[27] KABIR S. An overview of fault tree analysis and its application in model based dependability analysis[J]. Expert Systems with Applications, 2017, 77:114-135.
[28] HERSMANS H. Interactive Markov Chains:and the Quest for Quantified Quality[M]. Berlin:Springer, 2002:39-50.
[29] KRIAA S, BOUISSOU M, COLIN F, et al. Safety and security interactions modeling using the BDMP formalism:case study of a pipeline[C]//Proceedings of the 2014 International Conference on Computer Safety, Reliability, and Security, LNCS 8666. Berlin:Springer, 2014:326-341.

基于动态故障树的信息物理融合系统风险分析

Risk analysis of cyber-physical system based on dynamic fault trees

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics

[1]	傅卓鑫, 孙昊, 陈建文, 郭悦, 陈金. 基于信息物理融合的骨折复位机器人系统构建[J]. 计算机应用, 2021, 41(5): 1533-1538.
[2]	张程, 陈付龙, 刘超, 齐学梅. 基于XML的信息物理融合系统组件建模与仿真[J]. 计算机应用, 2019, 39(6): 1842-1848.
[3]	谭韧, 殷肖川, 廉哲, 陈玉鑫. APT攻击分层表示模型[J]. 计算机应用, 2017, 37(9): 2551-2556.
[4]	张晶, 陈垚, 范洪博, 孙俊. 基于信息物理融合系统执行器输出事件的价值评价调度策略[J]. 计算机应用, 2017, 37(6): 1663-1669.
[5]	许美玲, 乔莹, 莫毓昌, 钟发荣. 基于二元决策图的集群计算系统性能分析[J]. 计算机应用, 2017, 37(2): 463-467.
[6]	罗泽林任强罗航. 实现非单调关联故障树PIS的联合技术[J]. 计算机应用, 2011, 31(11): 3143-3148.
[7]	黄茜武东英孙晓妍. 一种层次化的恶意代码行为分析方法[J]. 计算机应用, 2010, 30(4): 1048-1052.