1. Automated ICS template for STRIDE Microsoft Threat Modeling Tool
- Author
-
Da Silva, Mike, Puys, Maxime, Thevenon, Pierre-Henri, Mocanu, Stéphane, Nkawa, Nelson, Commissariat à l'énergie atomique et aux énergies alternatives - Laboratoire d'Electronique et de Technologie de l'Information (CEA-LETI), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA), Université Grenoble Alpes (UGA), Laboratoire d'Informatique de Grenoble (LIG), Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), Control for Autonomic computing systems (CTRL-A ), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire d'Informatique de Grenoble (LIG), Université Grenoble Alpes (UGA)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), and CEA-LETI
- Subjects
MTMT ,IT ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,Cybersecurity ,Risk analysis ,ICS ,Security ,SCADA ,OT ,Risk assessment - Abstract
International audience; Industrial Control Systems (ICS) are specific systems that combine information technology (IT) and operational technology (OT). Due to their interconnection and remote accessibility, they become a target for cyberattacks. As a result of their complexity and heterogeneity in terms of devices and communication protocols, specific security controls and risk analysis methods need to be developed. In particular, in order to reduce the effort of deployment of risk analysis on such complex systems, automated methods need to be provided. This paper deals with automation of the risk identification process for ICS using the STRIDE threat modeling framework. We extend the well-known STRIDE modeling tool, namely Microsoft Threat Modeling Tool (MTMT), with an incremental template dedicated to ICS and provide additional tools to automate the analysis using specific vulnerability extraction from Internet CVE databases
- Published
- 2023
- Full Text
- View/download PDF