Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Reversing: The Hacker's Guide to Reverse Engineering
Reversing: The Hacker's Guide to Reverse Engineering
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Fuzzing for Software Security Testing and Quality Assurance
Fuzzing for Software Security Testing and Quality Assurance
Security and Privacy Challenges in the Smart Grid
IEEE Security and Privacy
False data injection attacks against state estimation in electric power grids
Proceedings of the 16th ACM conference on Computer and communications security
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
Inferring Personal Information from Demand-Response Systems
IEEE Security and Privacy
Energy theft in the advanced metering infrastructure
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
S2A: secure smart household appliances
Proceedings of the second ACM conference on Data and Application Security and Privacy
Tradeoffs in targeted fuzzing of cyber systems by defenders and attackers
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Minimizing private data disclosures in the smart grid
Proceedings of the 2012 ACM conference on Computer and communications security
Evaluating electricity theft detectors in smart grid networks
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A secure architecture for smart meter systems
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Secure communication mechanism for ubiquitous Smart grid infrastructure
The Journal of Supercomputing
Impact of integrity attacks on real-time pricing in smart grids
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Configuration-based IDS for advanced metering infrastructure
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across multiple-vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with multiple vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.