@InProceedings{bpg+20security, author="Gr{\"a}{\ss}ler, Iris and Bodden, Eric and Pottebaum, Jens and Geismann, Johannes and Roesmann, Daniel", editor="Bartoszewicz, Andrzej and Kabzi{\'{n}}ski, Jacek and Kacprzyk, Janusz", title="Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems", booktitle="Advanced, Contemporary Control", year="2020", publisher="Springer International Publishing", address="Cham", pages="1458--1469", abstract="Faults in the realization and usage of cyber-physical systems can cause significant security issues. Attackers might exploit vulnerabilities in the physical configurations, control systems, or accessibility through internet connections. For CPS, two challenges are combined: Firstly, discipline-specific security measures should be applied. Secondly, new measures have to be created to cover interdisciplinary impacts. For instance, faulty software configurations in cyber-physical production systems (CPPS) might allow attackers to manipulate the correct control of production processes impacting the quality of end products. From liability and publicity perspective, a worst-case scenario is that such a corrupted product is delivered to a customer. In this context, security-oriented fault-tolerance in Systems Engineering (SE) requires measures to evaluate interdisciplinary system designs with regard to potential scenarios of attacks. The paper at hand contributes a conceptual threat modelling approach to cover potential attack scenarios. The approach can be used to derive both system-level and discipline-specific security solutions. As an application case, issues are focused on which attackers intend to exploit vulnerabilities in a CPPS. The goal is to support systems engineers in verification and validation tasks regarding security-oriented fault-tolerance.", isbn="978-3-030-50936-1", url = {https://www.bodden.de/pubs/bpg+20security.pdf}, }