Brown2022_Article_ThreatModellingOfCyberPhysical.pdf (701.76 kB)
Download fileThreat modelling of cyber physical systems: A real case study based on window cleaning business
journal contribution
posted on 2022-03-17, 16:42 authored by Sion Brown, Stephen Fox, Chaminda Hewage, Imtiaz KhanImtiaz KhanThreat modelling Cyber-Physical System built on cloud infrastructure to monitor and manage the window cleaning operation using Window Cleaning Warehouse as a case study. Focusing on IoT data collection and cloud infrastructure security and the connections with the Cyber-Physical System. External dependencies and trust levels are defined before using trust boundaries and data flow diagrams to highlight attack surfaces. Expected scenarios from the data flow diagrams are discussed to identify violated intended use of the system using STRIDE threat classification. A risk assessment of assets that may be of interest to an adversary aid the discovery of more security risks that are then prioritised using the DREAD methodology. The results of the research present a comprehensive breakdown of vulnerabilities associated with IoT data security for route optimisation ranging from GPS spoofing, to Firestore vulnerabilities in the real-time database to Bluetooth Low Energy vulnerabilities in the IoT hardware, all of which could be common risks in cyber-physical systems designed by SME businesses. The research concludes various security risks applicable to SME businesses adopting industry 4.0 to alleviate the risk of new security breaches to the business through this adoption, increasing the likelihood of successful adoption of industry 4.0.
History
Published in
SN Computer SciencePublisher
SpringerVersion
- VoR (Version of Record)
Citation
Brown, S., Fox, S., Hewage, C. and Khan, I. (2022) 'Threat Modelling of Cyber Physical Systems: A Real Case Study Based on Window Cleaning Business', SN Computer Science, 3(2), pp.1-10.Electronic ISSN
2661-8907Cardiff Met Affiliation
- Cardiff School of Technologies
Cardiff Met Authors
Chaminda Hewage Imtiaz KhanCopyright Holder
- © The Authors
Language
- en