Adaptive Modelling for Security Analysis of Networked Control Systems.

Incomplete information about connectivity and functionality of elements of networked control systems is a challenging issue in applying model-based security analysis in practice. This issue can be addressed by modelling techniques providing inherent mechanisms to describe incomplete information. We present and exemplary demonstrate a new, ontology-based method to adaptively model and analyse networked control systems from a security perspective. Our method allows modelling different parts of the system with different levels of detail. We include a formalism to handle incomplete information by applying iterative extension and iterative refinement of the model where necessary. By using machine-based reasoning on an ontology model of the system, security-relevant information is deduced. During this process, non-obvious attack vectors are identified using a structural analysis of the model and by connecting the model to vulnerability information.