Abstract
Cybersecurity research relies on the reproducibility and deep understanding of attacks to devise appropriate solutions. Different kinds of testbeds are typically used to systematically execute attacks and evaluate defenses. Testbeds are widely used to demonstrate Building Automation and Control System (BACS) attacks and defenses, considered too risky to be executed on real infrastructures. However, those testbeds implement arbitrary configurations of building services that do not resemble real-world deployments. In this work, we present the first BACS testbed specially designed to assess the impact of cyberattacks from the victim’s perspective. It features general purpose building services such as illumination, ventilation, and temperature control, whose configuration is easily adapted to emulate the requirements of real-world locations. In this way, the context added to our testbed allows us to better understand the impact of BACS attacks through concrete and realistic scenarios. Moreover, by analyzing different configurations of the BACS (i.e., contexts), we found out that identical attacks may have dramatically different impacts. Thus, reinforcing our view on the relevance of adding context to BACS testbeds.
Original language | English |
---|---|
Title of host publication | Detection of Intrusions and Malware, and Vulnerability Assessmen |
Subtitle of host publication | 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings |
Place of Publication | Cham |
Publisher | Springer |
Pages | 44-64 |
ISBN (Electronic) | 978-3-030-52683-2 |
ISBN (Print) | 978-3-030-52682-5 |
DOIs | |
Publication status | Published - 7 Jul 2020 |
Event | 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020 - Virtual Conference Duration: 24 Jun 2020 → 26 Jun 2020 Conference number: 17 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 12223 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020 |
---|---|
Abbreviated title | DIMVA 2020 |
City | Virtual Conference |
Period | 24/06/20 → 26/06/20 |
Keywords
- Cybersecurity
- 22/2 OA procedure