TY - GEN
T1 - ATTACK-DEFENSE MODELING OF MATERIAL EXTRUSION ADDITIVE MANUFACTURING SYSTEMS
AU - Van Stockum, Alyxandra
AU - Kurkowski, Elizabeth
AU - Potok, Tiffany
AU - Taylor, Curtis
AU - Dawson, Joel
AU - Rice, Mason
AU - Shenoi, Sujeet
N1 - Publisher Copyright:
© 2022, IFIP International Federation for Information Processing.
PY - 2022
Y1 - 2022
N2 - The use of additive manufacturing in the critical infrastructure makes it an attractive target for cyber attacks. However, research on additive manufacturing threats has tended to focus on specific vulnerabilities and specific attacks against specific systems. The narrow scope hinders the understanding of the attack vectors that constitute the attack surfaces as well as the various targets and impacts of attacks. This results in vulnerabilities, potential attacks and countermeasures being overlooked during security analyses. This research addresses the limitations by focusing on material extrusion, the most common additive manufacturing process. A material extrusion workflow (process chain) that comprehensively covers the design, slicing and printing phases is specified. Analysis of the workflow in conjunction with attack and defense frameworks yields attack-defense models for the three material extrusion phases. The attack-defense models, which specify the attack vectors, attack vector vulnerabilities and countermeasures, attack surfaces, system targets, target vulnerabilities and vulnerability countermeasures, and attacks and attack impacts, directly support risk identification, risk assessment and analysis, and risk mitigation and planning. Three material extrusion printers ranging from hobbyist to industrial systems are used as case studies. Four attacks on the printers during the design, slicing and printing phases are described, including vulnerability identification, exploit development and countermeasures. The case studies demonstrate the effectiveness of attack-defense modeling and its ability to clarify and bolster the cyber security and risk management postures of material extrusion additive manufacturing environments.
AB - The use of additive manufacturing in the critical infrastructure makes it an attractive target for cyber attacks. However, research on additive manufacturing threats has tended to focus on specific vulnerabilities and specific attacks against specific systems. The narrow scope hinders the understanding of the attack vectors that constitute the attack surfaces as well as the various targets and impacts of attacks. This results in vulnerabilities, potential attacks and countermeasures being overlooked during security analyses. This research addresses the limitations by focusing on material extrusion, the most common additive manufacturing process. A material extrusion workflow (process chain) that comprehensively covers the design, slicing and printing phases is specified. Analysis of the workflow in conjunction with attack and defense frameworks yields attack-defense models for the three material extrusion phases. The attack-defense models, which specify the attack vectors, attack vector vulnerabilities and countermeasures, attack surfaces, system targets, target vulnerabilities and vulnerability countermeasures, and attacks and attack impacts, directly support risk identification, risk assessment and analysis, and risk mitigation and planning. Three material extrusion printers ranging from hobbyist to industrial systems are used as case studies. Four attacks on the printers during the design, slicing and printing phases are described, including vulnerability identification, exploit development and countermeasures. The case studies demonstrate the effectiveness of attack-defense modeling and its ability to clarify and bolster the cyber security and risk management postures of material extrusion additive manufacturing environments.
KW - Additive manufacturing
KW - attack-defense modeling
KW - material extrusion
UR - http://www.scopus.com/inward/record.url?scp=85144208460&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-20137-0_5
DO - 10.1007/978-3-031-20137-0_5
M3 - Conference contribution
AN - SCOPUS:85144208460
SN - 9783031201363
T3 - IFIP Advances in Information and Communication Technology
SP - 121
EP - 153
BT - Critical Infrastructure Protection XVI - 16th IFIP WG 11.10 International Conference, ICCIP 2022, Revised Selected Papers
A2 - Staggs, Jason
A2 - Shenoi, Sujeet
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2022
Y2 - 14 March 2022 through 15 March 2022
ER -