Show simple item record

dc.contributor.advisorMichael, Maria K.en
dc.contributor.authorKarathymios, Theocharis-Alexandrosen
dc.coverage.spatialCyprusen
dc.creatorKarathymios, Theocharis-Alexandrosen
dc.date.accessioned2021-04-12T12:57:40Z
dc.date.available2021-04-12T12:57:40Z
dc.date.issued2021-01-04
dc.identifier.urihttp://gnosis.library.ucy.ac.cy/handle/7/64251en
dc.descriptionThesis (Master) – University of Cyprus, Faculty of Engineering, Department of Electrical and Computer Engineering, 2021.en
dc.description.abstractAn attack graph represents the possible scenarios (the possible paths) that an attacker can use to compromise and intrude into a network. The attack graph can be used to determine proactive and reactive security measures. Once an attack graph is generated for a system (which is, in general, a complicated process), it can be used in order to identify the system vulnerabilities, to find out where these vulnerabilities derive from, and, thereby, conduct a security risk assessment. Generally, in the bibliography there is an extensive research around cyber-attack graphs. What is in deficit is the scientific content around cyber-physical attack graphs. With the term “Cyber-Physical Attack Graphs”, we mean the AGs that take under consideration not only the cyber component of a possible attack, but the physical component too (malicious control of PLCs, machinery, physical harm). This research conducts an analysis of the vulnerabilities and the possible attacks in critical infrastructure systems (and we achieve that by analyzing a nuclear plant facility), and aims to provide a solution for the complex problem of defining the semantics and terms for a cyber-physical attack graph. Cyber-physical systems are characterized by a deep integration between cyber elements (e.g. network devices, algorithms, data), physical components (e.g. actuators) and processes. As such, CPS environments usually expose complex networks of dependencies among cyber and physical components designed to deliver a particular task. We call Cyber-Physical Attack Graphs to the class of attack graphs that are able to cover both cyber and physical aspects. The objective of this MSc project is to investigate and solve some of the challenges involved in the modelling of CPAGs. In particular, we are interested in the development of semantics and terms in order to develop CPAGs for modern cyber-physical systems. Cyber-physical systems are very broad, they include every physical system that can be controlled by cyber. In this thesis we focus on critical infrastructures specifically. Our goal is to build a model that is abstract enough to find application in various critical infrastructures –and even other cyber-physical– systems, and also be as specific as possible in order to study the case of a nuclear plant facility. The research is going to be conducted in the following 3 stages: At first, a thorough study around the Nuclear plants will be presented. This involves the machinery and the industrial components that a Nuclear facility involves, as well as the structure, management and security policies which are implemented. Then, we are going to spot the vulnerabilities that may occur and analyze the potential threats for the various systems of the infrastructure. At the third stage of our research, we will develop an attack graph, which will present the possible attack scenarios that a threat actor could execute in order to cause harm in some way. For this, all of the previous concepts (i.e. cyber kill chain, vulnerabilities, attack vectors, etc.) will be taken into account to develop a realistic and thorough attack graph. Also, real incidents of nuclear accidents will be presented.en
dc.description.sponsorshipImperial College Londonen
dc.language.isoengen
dc.publisherΠανεπιστήμιο Κύπρου, Πολυτεχνική Σχολή / University of Cyprus, Faculty of Engineering
dc.rightsinfo:eu-repo/semantics/openAccessen
dc.rightsOpen Accessen
dc.titleCyber-Physical Attack Graphsen
dc.typeinfo:eu-repo/semantics/masterThesisen
dc.contributor.committeememberMichael, Maria K.en
dc.contributor.committeememberBarrère, Martínen
dc.contributor.committeememberHankin, Christopheren
dc.contributor.committeememberEllinas, Georgiosen
dc.contributor.departmentΤμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών / Department of Electrical and Computer Engineering
dc.subject.uncontrolledtermCYBERen
dc.subject.uncontrolledtermSECURITYen
dc.subject.uncontrolledtermCYBER-SECURTYen
dc.subject.uncontrolledtermATTACKen
dc.subject.uncontrolledtermGRAPHen
dc.subject.uncontrolledtermCYBER-PHYSICALen
dc.subject.uncontrolledtermINDUSTRIALen
dc.subject.uncontrolledtermCRITICALen
dc.subject.uncontrolledtermINFRASTRUCTUREen
dc.subject.uncontrolledtermSCADAen
dc.subject.uncontrolledtermHMIen
dc.subject.uncontrolledtermPLCen
dc.subject.uncontrolledtermNUCLEARen
dc.subject.uncontrolledtermPOWERen
dc.subject.uncontrolledtermPLANTen
dc.author.facultyΠολυτεχνική Σχολή / Faculty of Engineering
dc.author.departmentΤμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών / Department of Electrical and Computer Engineering
dc.type.uhtypeMaster Thesisen
dc.contributor.orcidMichael, Maria K. [0000-0002-1943-6547]
dc.gnosis.orcid0000-0002-1943-6547


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record