Text size
  • Small
  • Medium
  • Large
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    A SysML Extension for Security Analysis of Industrial Control Systems

    2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)

    St Pölten, Austria, 11-12 September 2014


    Laurens Lemaire, Jorn Lapon, Bart De Decker & Vincent Naessens



    The security of Industrial Control Systems (ICS) has become an important topic. Recent attacks have shown that inadequately protecting control systems could have disastrous consequences for society.

    This paper presents an extension for the Systems Modeling Language (SysML), allowing for the extraction of vulnerabilities from an industrial control system model. After a control system is modeled in SysML, the model is converted into input for a formal reasoning tool. This tool contains a logic theory which is used for the vulnerability extraction. The rules in this logic theory are inferred from the ICS-CERT vulnerability database and ICS security standards. Once the vulnerabilities have been extracted, they are included in the SysML diagrams of the model.

    The modeling approach allows the user to quickly see which changes to the system get rid of the reported vulnerabilities. It is also possible to mark certain components as compromised to see the consequences of attacks on these components for system security as a whole. The resulting analysis can be used to strengthen the security of the control system.


    PDF file PDF Version of this Paper 321(kb)

    ICS-CSR 2014: International Symposium for ICS & SCADA Cyber Security Research cover

    Print copies of ICS-CSR 2014
    ISBN 978-1-78017-286-6
    RRP £85

    Available from the BCS bookshop