Erregistro soila

dc.rights.licenseAttribution 4.0 International*
dc.contributor.authorGaritano, Iñaki
dc.contributor.otherLongueira-Romero, Angel
dc.contributor.otherIglesias, Rosa
dc.contributor.otherFlores, José Luis
dc.date.accessioned2022-07-12T14:59:15Z
dc.date.available2022-07-12T14:59:15Z
dc.date.issued2022
dc.identifier.issn1424-8220en
dc.identifier.otherhttps://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=167549en
dc.identifier.urihttps://hdl.handle.net/20.500.11984/5635
dc.description.abstractThe rapid evolution of industrial components, the paradigm of Industry 4.0, and the new connectivity features introduced by 5G technology all increase the likelihood of cybersecurity incidents. Such incidents are caused by the vulnerabilities present in these components. Designing a secure system is critical, but it is also complex, costly, and an extra factor to manage during the lifespan of the component. This paper presents a model to analyze the known vulnerabilities of industrial components over time. The proposed Extended Dependency Graph (EDG) model is based on two main elements: a directed graph representation of the internal structure of the component, and a set of quantitative metrics based on the Common Vulnerability Scoring System (CVSS). The EDG model can be applied throughout the entire lifespan of a device to track vulnerabilities, identify new requirements, root causes, and test cases. It also helps prioritize patching activities. The model was validated by application to the OpenPLC project. The results reveal that most of the vulnerabilities associated with OpenPLC were related to memory buffer operations and were concentrated in the libssl library. The model was able to determine new requirements and generate test cases from the analysis.en
dc.description.sponsorshipComisión Europeaes
dc.description.sponsorshipGobierno de Españaes
dc.description.sponsorshipGobierno Vascoes
dc.language.isoengen
dc.publisherMDPIen
dc.rights© 2022 by the authors. Licensee MDPIen
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/*
dc.subjectCPEes
dc.subjectCVEes
dc.subjectCVSSes
dc.subjectCWEes
dc.subjectCAPECes
dc.subjectdirected graphen
dc.subjectIACSes
dc.subjectcybersecurityen
dc.subjectvulnerabilityen
dc.subjectassessmenten
dc.subjectsecurity metricsen
dc.subjectIEC 62443en
dc.subjectOpenPLCen
dc.titleA Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metricsen
dcterms.accessRightshttp://purl.org/coar/access_right/c_abf2en
dcterms.sourceSensorsen
local.contributor.groupAnálisis de datos y ciberseguridades
local.description.peerreviewedtrueen
local.identifier.doihttps://doi.org/10.3390/s22062126en
local.relation.projectIDinfo:eu-repo/grantAgreement/EC/H2020/957212/EU/Automated protection and prevention to meet security requirements in DevOps Enviroments/VERIDEVOPSen
local.relation.projectIDinfo:eu-repo/grantAgreement/GE/Ayudas Cervera para Centros Tecnológicos CDTI/CER-20191012/ES/Red de Excelencia en Tecnologías de Seguridad y Privacidad/EGIDAen
local.relation.projectIDinfo:eu-repo/grantAgreement/GV/Elkartek 2021/KK-2021-00091/CAPV/REal tiME control and embeddeD securitY/REMEDYen
local.rights.publicationfeeAPCen
local.contributor.otherinstitutionhttps://ror.org/03hp1m080es
local.source.details.Vol. 22. N. 6. N. artículo 2126, 2022en
oaire.format.mimetypeapplication/pdf
oaire.file$DSPACE\assetstore
oaire.resourceTypehttp://purl.org/coar/resource_type/c_6501en
oaire.versionhttp://purl.org/coar/version/c_970fb48d4fbd8a85en


Item honetako fitxategiak

Thumbnail
Thumbnail

Item hau honako bilduma honetan/hauetan agertzen da

Erregistro soila

Attribution 4.0 International
Bestelakorik adierazi ezean, itemaren baimena horrela deskribatzen da: Attribution 4.0 International