Multi-vendor penetration testing in the advanced metering infrastructure

13 years 2 months ago

Download www.cse.psu.edu

- The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across multiple-vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with multiple vendors generate real attack scenarios using vulnerabilities identified during directed penet...

Stephen E. McLaughlin, Dmitry Podkuiko, Sergei Mia

Real-time Traffic

ACSAC 2010 | Archetypal Attack Trees | Attack Trees | Penetration Testing | Security Privacy |

claim paper

Added	10 Feb 2011
Updated	10 Feb 2011
Type	Journal
Year	2010
Where	ACSAC
Authors	Stephen E. McLaughlin, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam Delozier, Patrick Drew McDaniel

Sciweavers

Multi-vendor penetration testing in the advanced metering infrastructure

ACSAC 2010 | Archetypal Attack Trees | Attack Trees | Penetration Testing | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers