Jason Larsen

Learn More
Cyber-physical systems are characterized by an IT infrastructure controlling effects in the physical world. Attacks are intentional actions trying to cause undesired physical effects. When process data originating in the physical world is manipulated before being handed to the IT infrastructure, the data security property called "veracity" or(More)
This paper presents a new vulnerability assessment model based on timing attacks. In particular, it examines the problem where an adversary has access to a certain sensor reading or a controller output signal in real time, but can only cause denial of service (DoS). Jamming the communications to a device can cause the system to work with stale data that, in(More)
We describe an approach for analysing and attacking the physical part (a process) of a cyber-physical system. The stages of this approach are demonstrated in a case study, a simulation of a vinyl acetate monomer plant. We want to demonstrate in particular where security has to rely on expert knowledge in the domain of the physical components and processes(More)
DoS attacks on sensor measurements used for industrial control can cause the controller of the process to use <i>stale data</i>. If the DoS attack is not timed properly, the use of stale data by the controller will have limited impact on the process; however, if the attacker is able to launch the DoS attack at the correct time, the use of stale data can(More)
Security is an emergent property. It is the outcome of an interaction between many sub-components and processes. One of the biggest problems of ICS security today is that systems undergo security assessments without recognizing the environment in which they are used. This has led to a situation where many systems have undergone cyber security assessments(More)
  • 1