1 |
K. Kim, K. Cho, J. Lim, Y. H. Jung, M. S. Sung, S. B. Kim, and H. K. Kim, What's your protocol: Vulnerabilities and security threats related to z-wave protocol, Pervasive Mobile Comput. 66 (2020), 101211.
|
2 |
M. Yampolskiy, P. Horvath, X. D. Koutsoukos, Y. Xue, and J. Sztipanovits, Systematic analysis of cyber-attacks on cpsevaluating applicability of dfd-based approach, (5th International Symposium on Resilient Control Systems, Salt Lake, UT, USA), 2012, pp. 55-62.
|
3 |
PAS Ralston, J. H. Graham, and J. L. Hieb, Cyber security risk assessment for scada and dcs networks, ISA Trans. 46 (2007), no. 4, 583-594.
DOI
|
4 |
Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart, A review of cyber security risk assessment methods for scada systems, Comput. Secur. 56 (2016), 1-27.
DOI
|
5 |
Y. Cherdantseva and J. Hilton, A reference model of information assurance & security, (International Conference on Availability, Reliability and Security), 2013, pp. 546-555.
|
6 |
A. Shostack, Threat modeling: designing for security, John Wiley & Sons, 2014.
|
7 |
A. Shostack, Experiences threat modeling at microsoft, MODSEC@ MoDELS 2008 (2008), 35.
|
8 |
P. D. Curtis and N. Mehravari, Evaluating and improving cybersecurity capabilities of the energy critical infrastructure, (IEEE International Symposium on Technologies for Homeland Security, Waltham, MA, USA), 2015, pp. 1-6.
|
9 |
R. Langner, Stuxnet: dissecting a cyberwarfare weapon, IEEE Sec. Privacy 9 (2011), no. 3, 49-51.
DOI
|
10 |
D. U. Case, Analysis of the cyber attack on the ukrainian power grid, Electr. Inform. Shar. Anal. Center (E-ISAC) 388 (2016), 1-29.
|
11 |
M. Geiger, J. Bauer, M. Masuch, and J. Franke, An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems, (25th IEEE International Conference on Emerging Technologies and Factory Automation, Vienna, Austria), 2020, pp. 1537-1543.
|
12 |
A. Di Pinto, Y. Dragoni, and A. Carcano, TRITON: the first ICS cyber attack on safety instrument systems, (Proc. Black Hat USA), vol. 2018, 2018, pp. 1-26.
|
13 |
Fortinet, 2020 state of operational technology and cybersecurity report, 2020. Available from: https://www.fortinet.com/content/dam/fortinet/assets/analyst-reports/report-state-ofoperational-technology.pdf [last accessed May 2021].
|
14 |
C. Stevens, Assembling cybersecurity: the politics and materiality of technical malware reports and the case of stuxnet, Contemp. Sec. Policy 41 (2020), no. 1, 129-152.
DOI
|
15 |
G. Sindre and A. L. Opdahl, Eliciting security requirements with misuse cases, Require. Eng. 10 (2005), no. 1, 34-44.
DOI
|
16 |
E. G. Amoroso, Fundamentals of computer security technology, Prentice-Hall, Inc., 1994.
|
17 |
B. Schneier, Attack trees, Dr. Dobb's J. 24 (1999), no. 12, 21-29.
|
18 |
L. Kohnfelder and P. Garg, The threats to our products, Microsoft Interf. Microsoft Corp. 33 (1999).
|
19 |
B. Gates, Trustworthy computing, 2002. Available from: https://www.wired.com/2002/01/bill-gates-trustworthycomputing/ [last accessed May 2021].
|
20 |
F. Swiderski and W. Snyder, Threat modeling, Microsoft Press, 2004.
|
21 |
C. Alberts, A. Dorofee, J. Stevens, and C. Woody, Introduction to the octave approach, Tech. report. Carnegie-Mellon Univ. Pittsburgh Software Engineering Inst, 2003.
|
22 |
M. Schiffman, A. Wright, D. Ahmad, and G. Eschelbeck, The common vulnerability scoring system, National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup, 2004.
|
23 |
N. R. Mead, F. Shull, K. Vemuru, and O. Villadsen, A hybrid threat modeling method, Technical Report-CMU/SEI-2018-TN002, Carnegie MellonUniversity-Software Engineering Institute, 2018.
|
24 |
B. Potteiger, G. Martins, and X. Koutsoukos, Software and attack centric integrated threat modeling for quantitative risk assessment, (Proceedings of the Symposium and Bootcamp on the Science of Security, New York, NY, USA), 2016, pp. 99-108.
|
25 |
P. Saitta, B. Larcom, and M. Eddington, Trike v. 1 methodology document [draft], 2005. URL: http://dymaxion.org/trike/Trikev1MethodologyDocumentdraftpdf
|
26 |
B. Beyst, Which threat modeling method. threatmodeler, Apr. 2016. Available from: https://threatmodeler.com/threatmodeling-methodologies-vast/ [last accessed May 2022].
|
27 |
T. UcedaVelez and M. M. Morana, Risk centric threat modeling, Wiley Online Library, 2015.
|
28 |
klockwork, Threat modeling for secure embedded software, 2011.
|
29 |
T. A. Kletz, Hazop and hazan: Identifying and assessing process industry hazards, IChemE, 1999.
|
30 |
T. Denning, B. Friedman, and T. Kohno, Security and privacy threat discovery cards, 2013. Available from: http:// securitycards.cs.washington.edu/assets/security-cards-deckwith-croplines.pdf [last accessed May 2022].
|
31 |
K. Wuyts and W. Joosen, Linddun privacy threat modeling: A tutorial, Technical Report (CW Reports), vol. C685, (Department of Computer Science, KU Leuven), 2015.
|
32 |
N. Shevchenko, B. R. Frye, and C. Woody, Threat modeling for cyber-physical system-of-systems: Methods evaluation. Tech. report. Carnegie Mellon University Software Engineering Institute Pittsburgh United, 2018.
|
33 |
E. A. AbuEmera, H. A. ElZouka, and A. A. Saad, Security framework for identifying threats in smart manufacturing systems using stride approach, (2nd International Conference on Consumer Electronics and Computer Engineering, Guangzhou, China), 2022, pp. 605-612.
|
34 |
Cybersecurity & Infrastructure Security Agency (CISA), Ics-cert website. Available from: https://us-cert.cisa.gov/ics [last accessed May 2021].
|
35 |
NIST, Nist cybersecurity framework, 2017. Available from: https://www.nist.gov/cyberframework [last accessed May 2021].
|
36 |
K. Stouffer, J. Falco, and K. Scarfone, Sp 800-82 rev. 2, Guide Industr. Contr. Syst. (ICS) Sec. NIST 2 (2015), no. 3, 5.
|
37 |
Australian Cyber Security Centre (ACSC), Cert australia. Available from: https://www.cyber.gov.au/ [last accessed May 2021].
|
38 |
R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, Stride-based threat modeling for cyber-physical systems, (IEEE PES Innovative Smart Grid Technologies Conference Europe, Turin, Italy), 2017, pp. 1-6.
|
39 |
K. K. Gon and K. S. Hoon, Using threat modeling for risk analysis of smarthome, (Proceedings of Symposium of the Korean Institute of Communications and Information Sciences), 2015, pp. 378-379.
|