Title
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative MetricsAuthor
xmlui.dri2xhtml.METS-1.0.item-contributorOtherinstitution
https://ror.org/03hp1m080Version
http://purl.org/coar/version/c_970fb48d4fbd8a85
Rights
© 2022 by the authors. Licensee MDPIAccess
http://purl.org/coar/access_right/c_abf2Publisher’s version
https://doi.org/10.3390/s22062126Published at
Sensors .Vol. 22. N. 6. N. artículo 2126, 2022Publisher
MDPIKeywords
CPE
CVE
CVSS
CWE ... [+]
CVE
CVSS
CWE ... [+]
CPE
CVE
CVSS
CWE
CAPEC
directed graph
IACS
cybersecurity
vulnerability
assessment
security metrics
IEC 62443
OpenPLC [-]
CVE
CVSS
CWE
CAPEC
directed graph
IACS
cybersecurity
vulnerability
assessment
security metrics
IEC 62443
OpenPLC [-]
Abstract
The rapid evolution of industrial components, the paradigm of Industry 4.0, and the new connectivity features introduced by 5G technology all increase the likelihood of cybersecurity incidents. Such i ... [+]
The rapid evolution of industrial components, the paradigm of Industry 4.0, and the new connectivity features introduced by 5G technology all increase the likelihood of cybersecurity incidents. Such incidents are caused by the vulnerabilities present in these components. Designing a secure system is critical, but it is also complex, costly, and an extra factor to manage during the lifespan of the component. This paper presents a model to analyze the known vulnerabilities of industrial components over time. The proposed Extended Dependency Graph (EDG) model is based on two main elements: a directed graph representation of the internal structure of the component, and a set of quantitative metrics based on the Common Vulnerability Scoring System (CVSS). The EDG model can be applied throughout the entire lifespan of a device to track vulnerabilities, identify new requirements, root causes, and test cases. It also helps prioritize patching activities. The model was validated by application to the OpenPLC project. The results reveal that most of the vulnerabilities associated with OpenPLC were related to memory buffer operations and were concentrated in the libssl library. The model was able to determine new requirements and generate test cases from the analysis. [-]
xmlui.dri2xhtml.METS-1.0.item-sponsorship
Comisión Europeaxmlui.dri2xhtml.METS-1.0.item-projectID
info:eu-repo/grantAgreement/EC/H2020/957212/EU/Automated protection and prevention to meet security requirements in DevOps Enviroments/VERIDEVOPSCollections
- Articles - Engineering [684]
The following license files are associated with this item: