Cardiff Metropolitan University
Browse

Threat modelling of cyber physical systems: A real case study based on window cleaning business

Download (701.76 kB)
journal contribution
posted on 2022-03-17, 16:42 authored by Sion Brown, Stephen Fox, Chaminda Hewage, Imtiaz KhanImtiaz Khan
Threat modelling Cyber-Physical System built on cloud infrastructure to monitor and manage the window cleaning operation using Window Cleaning Warehouse as a case study. Focusing on IoT data collection and cloud infrastructure security and the connections with the Cyber-Physical System. External dependencies and trust levels are defined before using trust boundaries and data flow diagrams to highlight attack surfaces. Expected scenarios from the data flow diagrams are discussed to identify violated intended use of the system using STRIDE threat classification. A risk assessment of assets that may be of interest to an adversary aid the discovery of more security risks that are then prioritised using the DREAD methodology. The results of the research present a comprehensive breakdown of vulnerabilities associated with IoT data security for route optimisation ranging from GPS spoofing, to Firestore vulnerabilities in the real-time database to Bluetooth Low Energy vulnerabilities in the IoT hardware, all of which could be common risks in cyber-physical systems designed by SME businesses. The research concludes various security risks applicable to SME businesses adopting industry 4.0 to alleviate the risk of new security breaches to the business through this adoption, increasing the likelihood of successful adoption of industry 4.0.

History

Published in

SN Computer Science

Publisher

Springer

Version

  • VoR (Version of Record)

Citation

Brown, S., Fox, S., Hewage, C. and Khan, I. (2022) 'Threat Modelling of Cyber Physical Systems: A Real Case Study Based on Window Cleaning Business', SN Computer Science, 3(2), pp.1-10.

Electronic ISSN

2661-8907

Cardiff Met Affiliation

  • Cardiff School of Technologies

Cardiff Met Authors

Chaminda Hewage Imtiaz Khan

Copyright Holder

  • © The Authors

Language

  • en

Usage metrics

    School of Technologies Research - Journal Articles

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC