Cybersecurity Evaluation Methodology based on Metrics for Industrial Embedded Systems

• DIRECTORS: Iñaki Garitano and Rosa Iglesias 
• UNIVERSITY: Mondragon Unibertsitatea

ABSTRACT

Embedded Systems (ESs) have evolved from isolated systems into fully connected devices. For this reason, there is an increasing number of security threats over ESs, and a successful attack could have severe economic or physical consequences, including the loss of human lives. This dissertation studied cibersecurity in ESs from three different perspectives: (1) Analysis of existing security metrics, (2) Vulnerability analysis, and (3) Aggregation of security metrics. As a result, we proposed a new taxonomy to classify security metrics based on the properties of ESs. We also developed an Extended Dependency Graph (EDG) model to analyze known vulnerabilities of ESs over time. Finally, we proposed a CVSS aggregation algorithm based on the context where the ES is deployed. This work aims to lay the foundations for constructing a security evaluation methodology that uses standardized metrics to quantify the security level of an ES.