Putting Attacks in Context: A Building Automation Testbed for Impact Assessment from the Victim’s Perspective

Herson Esquivel-Vargas, Marco Caselli, Geert Jan Laanstra, Andreas Peter

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
58 Downloads (Pure)

Abstract

Cybersecurity research relies on the reproducibility and deep understanding of attacks to devise appropriate solutions. Different kinds of testbeds are typically used to systematically execute attacks and evaluate defenses. Testbeds are widely used to demonstrate Building Automation and Control System (BACS) attacks and defenses, considered too risky to be executed on real infrastructures. However, those testbeds implement arbitrary configurations of building services that do not resemble real-world deployments. In this work, we present the first BACS testbed specially designed to assess the impact of cyberattacks from the victim’s perspective. It features general purpose building services such as illumination, ventilation, and temperature control, whose configuration is easily adapted to emulate the requirements of real-world locations. In this way, the context added to our testbed allows us to better understand the impact of BACS attacks through concrete and realistic scenarios. Moreover, by analyzing different configurations of the BACS (i.e., contexts), we found out that identical attacks may have dramatically different impacts. Thus, reinforcing our view on the relevance of adding context to BACS testbeds.
Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessmen
Subtitle of host publication17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings
Place of PublicationCham
PublisherSpringer
Pages44-64
ISBN (Electronic)978-3-030-52683-2
ISBN (Print)978-3-030-52682-5
DOIs
Publication statusPublished - 7 Jul 2020
Event17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020 - Virtual Conference
Duration: 24 Jun 202026 Jun 2020
Conference number: 17

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume12223
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020
Abbreviated titleDIMVA 2020
CityVirtual Conference
Period24/06/2026/06/20

Keywords

  • Cybersecurity
  • 22/2 OA procedure

Fingerprint

Dive into the research topics of 'Putting Attacks in Context: A Building Automation Testbed for Impact Assessment from the Victim’s Perspective'. Together they form a unique fingerprint.

Cite this