Cybersecurity vulnerabilities in operational technology
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/1721.1/124106 |
| _version_ | 1826214825093496832 |
|---|---|
| author | Sujichantararat, Suleeporn. |
| author2 | Howard E. Shrobe. |
| author_facet | Howard E. Shrobe. Sujichantararat, Suleeporn. |
| author_sort | Sujichantararat, Suleeporn. |
| collection | MIT |
| description | Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 |
| first_indexed | 2024-09-23T16:11:45Z |
| format | Thesis |
| id | mit-1721.1/124106 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T16:11:45Z |
| publishDate | 2020 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1241062020-03-10T03:02:00Z Cybersecurity vulnerabilities in operational technology Sujichantararat, Suleeporn. Howard E. Shrobe. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Electrical Engineering and Computer Science. Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 Cataloged from PDF version of thesis. Includes bibliographical references (pages 109-113). Manually generate attack trees is an early widespread technique done by cybersecurity experts in order to first find the ways to attack a system and then figure out the methods to prevent those attacks from being successfully executed. However, this type of tedious process is neither error free nor complete and not feasible for a large system with more than a hundred nodes. Consequently, automated attack trees generation is devised. In this thesis, we conduct a literature survey on state-of-the-art attackers about the techniques they used to attack systems. In addition, we also compile a list of automated attack tree generators with a focus on the first Hierarchical Task Network (HTN) planner for cyber security called Joshua. The attack strategies from Joshua are also converted into Planning Domain Definition Language (PDDL) with the option to follow master attack rule framework. We then evaluate the effectiveness of an automated attack tree generator by using Joshua to discover attack plans of an anonymous operational technology organization X as a case study. From our case study, the vulnerabilities arise in the third-party software and could be resolved by either updating the software with patches or using other alternative software. Linux kernel is the most vulnerable components with the Common Vulnerability Scoring System (CVSS) score span across the whole spectrum. Nonetheless, this conclusion considers only the vulnerability resides within a single component. The attacker might not directly attack a certain vulnerability but execute a series of action that gradually fulfill an entire chain of attacks. This leads to more advanced attack plans but we need more elaborate data to progress further. by Suleeporn Sujichantararat. S.M. S.M. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science 2020-03-09T18:53:46Z 2020-03-09T18:53:46Z 2019 2019 Thesis https://hdl.handle.net/1721.1/124106 1142812109 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 113 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Sujichantararat, Suleeporn. Cybersecurity vulnerabilities in operational technology |
| title | Cybersecurity vulnerabilities in operational technology |
| title_full | Cybersecurity vulnerabilities in operational technology |
| title_fullStr | Cybersecurity vulnerabilities in operational technology |
| title_full_unstemmed | Cybersecurity vulnerabilities in operational technology |
| title_short | Cybersecurity vulnerabilities in operational technology |
| title_sort | cybersecurity vulnerabilities in operational technology |
| topic | Electrical Engineering and Computer Science. |
| url | https://hdl.handle.net/1721.1/124106 |
| work_keys_str_mv | AT sujichantararatsuleeporn cybersecurityvulnerabilitiesinoperationaltechnology |