More Web Proxy on the site http://driver.im/

research-article

Model-Based Security Analysis in Additive Manufacturing Systems

Authors:

Michael R. Durling,

John W. Carbone,

Christopher C. Alexander,

Krystel K. Castillo-Villar,

Gabriela F. CiocarlieAuthors Info & Claims

AMSec'22: Proceedings of the 2022 ACM CCS Workshop on Additive Manufacturing (3D Printing) Security

Pages 3 - 13

https://doi.org/10.1145/3560833.3563566

Published: 07 November 2022 Publication History

Abstract

Additive manufacturing (AM) is expected to revolutionize industrial manufacturing processes by providing access to readily available, lower cost, high-performance parts, including those with complex designs and diverse materials, not attainable in conventional subtractive machining processes. These benefits are distinctly advantageous for low-volume rapid prototyping. They also reduce the build time of complex, safety-critical components that traditionally require assembly.

The advanced product capabilities of AM also make these systems high risk for intellectual property theft, service outage attacks, and sabotage through compromised product quality. Concerns about malicious actors restrict business models and deter industry adoption and investment, especially those requiring secrecy around safety-critical components. In this paper, we analyze the threats to additive manufacturing system security using the Verification Evidence and Resilient Design in Anticipation of Cybersecurity Threats (VERDICT) tool, a model-based system engineering (MBSE) tool. First, we introduce a comprehensive set of attributes to characterize MBSE tools together with a survey of MBSE tools that support cyber analysis.

Based on these attributes and the available tools, we select the relevant tool (i.e., VERDICT) and apply it to an example additive manufacturing system. The modeling and analysis are intended to show the functionality of the VERDICT tool in a research context. The signals, properties, and requirements enable the user to experiment with and illustrate the functionality of the tool.

Finally, the paper introduces a novel approach for modeling the return on investment (ROI) for additive hardware cybersecurity investments that will lead to a cost-analysis integration with the VERDICT tool.

References

[1]

1] 2017. What is SySML-Sec? Retrieved June 27, 2022 from https://sysml-sec. telecom-paris.fr/

[2]

2020. Micosoft Threat Modeling Tool. Retrieved June 27, 2022 from https://docs. microsoft.com/en-us/azure/security/develop/threat-modeling-tool

[3]

2020. Security and Privacy Controls for Information Systems and Organizations. Retrieved June 27, 2022 from https://csrc.nist.gov/publications/detail/sp/800- 53/rev-5/final

[4]

2020. VERDICT Github. Retrieved June 27, 2022 from https://github.com/gehigh-assurance/VERDICT

[5]

2020. What is TTool? Retrieved June 27, 2022 from https://ttool.telecom-paris.fr/

[6]

2021. Mitre Common Enumeration of Vulnerabilies. Retrieved June 27, 2022 from https://cve.mitre.org/

[7]

MITRE 2022. Mitre Common Attack Pattern Enumeration and Classification list. MITRE. Retrieved June 27, 2022 from http://capec.mitre.org/

[8]

MITRE 2022. Mitre Common Weakness Enumerations. MITRE. Retrieved June 27, 2022 from https://cwe.mitre.org/

[9]

2022. NIST National Vulnerability Database. Retrieved September 1, 2022 from https://nvd.nist.gov/

[10]

Amine Belhadi, Sachin S Kamble, Mani Venkatesh, Charbel Jose Chiappetta Jabbour, and Imane Benkhati. 2022. Building supply chain resilience and efficiency through additive manufacturing: An ambidextrous perspective on the dynamic capability view. International Journal of Production Economics (2022), 108516.

[11]

William Carter, Michael Tucker, Michael Mahony, David Toledano, Robert Butler, Subhrajit Roychowdhury, Abdalla R Nassar, David J Corbin, Mark D Benedict, and Adam S Hicks. 2019. An open-architecture multi-laser research platform for acceleration of large-scale additive manufacturing (ALSAM). In 2019 International Solid Freeform Fabrication Symposium. University of Texas at Austin.

[12]

Krystel K. Castillo-Villar, Wayne Austad, Kolton Keith, and Maria Aranguren. 2021. Cybersecurity Energy and Emissions Quantification Scheme - Baseline of Knowledge Report.

[13]

Darren Cofer. 2021. Cyber assured systems engineering with AADL. Retrieved June 27, 2022 from https://resources.sei.cmu.edu/asset_files/Presentation/2021_ 017_001_651964.pdf

[14]

Darren Cofer, Isaac Amundson, Junaid Babar, David Hardin, Konrad Slind, Perry Alexander, John Hatcliff, Gerwin Klein, Corey Lewis, Eric Mercer, et al. 2022. Cyberassured systems engineering at scale. IEEE Security & Privacy 20, 03 (2022), 52--64.

[15]

Anurag Dwivedi. 2018. Implementing Cyber Resilient Designs through Graph Analytics Assisted Model Based Systems Engineering. In 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). 607-- 616. https://doi.org/10.1109/QRS-C.2018.00106

[16]

Filton. 2011. The Printed World: Three dimensional printing from digital designs. Retrieved June 27, 2022 from www.economist.com/node/18114221

[17]

Olaf Henniger and Robert Bosch. 2009. EVITA, E-safety vehicle intrusion protected applications. Retrieved June 27, 2022 from https://www.evita-project.org/ Publications/HS09.pdf

[18]

Robert Laddaga, Paul Robertson, Howard E. Shrobe, Daniel Cerys, Prakash Manghwani, and Patrik Meijer. 2019. Deriving Cyber-security Requirements for Cyber Physical Systems. ArXiv abs/1901.01867 (2019). https://arxiv.org/pdf/1901. 01867.pdf

[19]

Baoluo Meng, Daniel Larraz, Kit Siu, Abha Moitra, John Interrante, William Smith, Saswata Paul, Daniel Prince, Heber Herencia-Zapana, M. Fareed Arif, Moosa Yahyazadeh, Vidhya Tekken Valapil, Michael Durling, Cesare Tinelli, and Omar Chowdhury. 2021. VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System. Systems 9, 1 (2021). https://doi.org/10.3390/ systems9010018

[20]

Baoluo Meng, Saswata Paul, Abha Moitra, Kit Siu, and Michael Durling. 2021. Automating the Assembly of Security Assurance Case Fragments. In International Conference on Computer Safety, Reliability, and Security. Springer, 101--114.

[21]

Baoluo Meng, William Smith, and Michael Durling. 2021. Security threat modeling and automated analysis for system design. SAE International Journal of Transportation Cybersecurity and Privacy 4, 11-04-01-0001 (2021), 3--17.

[22]

Baoluo Meng, Arjun Viswanathan, William Smith, Abha Moitra, Kit Siu, and Michael Durling. 2022. Synthesis of Optimal Defenses for System Architecture Design Model in MaxSMT. In NASA Formal Methods Symposium. Springer, 752-- 770.

[23]

Abha Moitra, Daniel Prince, Kit Siu, Michael Durling, and Heber Herencia-Zapana. 2020. Threat identification and defense control selection for embedded systems. SAE International Journal of Transportation Cybersecurity and Privacy 3, 11-03- 02-0005 (2020), 81--96.

[24]

Terry Patten, Daniel Mitchell, and Catherine Call. 2020. Cyber attack grammars for risk/cost analysis. In International Conference on Cyber Warfare and Security. Academic Conferences International Limited, 597--XVI.

[25]

Timothy Simpson. 2018. Why Does My 3D-Printed Part Cost So Much? Retrieved June 27, 2022 from www.additivemanufacturing.media/articles/why-does-my3d-printed-part-cost-so-much

[26]

Kit Siu, Abha Moitra, Meng Li, Michael Durling, Heber Herencia-Zapana, John Interrante, Baoluo Meng, Cesare Tinelli, Omar Chowdhury, Daniel Larraz, et al. 2019. Architectural and behavioral analysis for cyber security. In 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC). IEEE, 1--10

Cited By

Xin THe YZamani ELuo CLuo BLiao XXu JKirda ELie D(2024)Poster: Cyber Security Economics Model (CYSEM)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691398(4946-4948)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691398
Meng BViswanathan APaul SSmith WMoitra ASiu KDurling M(2024)Attack–defense tree-based analysis and optimal defense synthesis for system designInnovations in Systems and Software Engineering10.1007/s11334-024-00556-3Online publication date: 23-Mar-2024
https://doi.org/10.1007/s11334-024-00556-3
Aruväli TDe Marchi MRauch EMatt D(2023)Design Decomposition for Cyber Resiliency in Cyber-Physical Production SystemsProceedings of the 15th International Conference on Axiomatic Design 202310.1007/978-3-031-49920-3_1(3-14)Online publication date: 16-Dec-2023
https://doi.org/10.1007/978-3-031-49920-3_1

Index Terms

Model-Based Security Analysis in Additive Manufacturing Systems

Recommendations

Cyber Security for Additive Manufacturing
CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

This paper describes the cyber security implications of additive manufacturing (also known as 3-D printing). Three-D printing has the potential to revolutionize manufacturing and there is substantial concern for the security of the storage, transfer and ...
Acoustic side-channel attacks on additive manufacturing systems
ICCPS '16: Proceedings of the 7th International Conference on Cyber-Physical Systems

Additive manufacturing systems, such as 3D printers, emit sounds while creating objects. Our work demonstrates that these sounds carry process information that can be used to indirectly reconstruct the objects being printed, without requiring access to ...
Integrated Metamodel for Security Analysis
HICSS '15: Proceedings of the 2015 48th Hawaii International Conference on System Sciences

This paper proposes a metamodel for analyzing security aspects of enterprise architecture by combining analysis of cyber security with analysis of interoperability and availability. The metamodel extends an existing attack graph based metamodel for ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

AMSec'22: Proceedings of the 2022 ACM CCS Workshop on Additive Manufacturing (3D Printing) Security

November 2022

48 pages

ISBN:9781450398831

DOI:10.1145/3560833

General Chairs:
Mark Yampolskiy
Auburn University, USA
,
Moti Yung
Google LLC and Columbia University, USA
,
Program Chair:
Mark Yampolskiy
Auburn University, USA

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

The Cybersecurity Manufacturing Innovation Institute - U.S. Department of Energy's Office

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 11, 2022

CA, Los Angeles, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
186
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xin THe YZamani ELuo CLuo BLiao XXu JKirda ELie D(2024)Poster: Cyber Security Economics Model (CYSEM)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691398(4946-4948)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691398
Meng BViswanathan APaul SSmith WMoitra ASiu KDurling M(2024)Attack–defense tree-based analysis and optimal defense synthesis for system designInnovations in Systems and Software Engineering10.1007/s11334-024-00556-3Online publication date: 23-Mar-2024
https://doi.org/10.1007/s11334-024-00556-3
Aruväli TDe Marchi MRauch EMatt D(2023)Design Decomposition for Cyber Resiliency in Cyber-Physical Production SystemsProceedings of the 15th International Conference on Axiomatic Design 202310.1007/978-3-031-49920-3_1(3-14)Online publication date: 16-Dec-2023
https://doi.org/10.1007/978-3-031-49920-3_1

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents