Share Email Print

Proceedings Paper

Three tenets for secure cyber-physical system design and assessment
Author(s): Jeff Hughes; George Cybenko
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: – system susceptibility; – threat accessibility and; – threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What’s Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers’ capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Paper Details

Date Published: 18 June 2014
PDF: 15 pages
Proc. SPIE 9097, Cyber Sensing 2014, 90970A (18 June 2014); doi: 10.1117/12.2053933
Show Author Affiliations
Jeff Hughes, Tenet 3, LLC (United States)
George Cybenko, Dartmouth College (United States)

Published in SPIE Proceedings Vol. 9097:
Cyber Sensing 2014
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top