Tipo di tesi
Tesi di laurea magistrale
Titolo
A Tool for Orchestrating Security Analysis of Industrial Control Systems
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Parole chiave
- EtherCAT
- IoT
- MQTT
- Orchestration
- OT
- RTSP
- Security Assessment
Data inizio appello
15/04/2026
Consultabilità
Non consultabile
Data di rilascio
15/04/2066
Riassunto (Inglese)
Industrial control systems face growing exposure as IT connectivity
reaches operational technology environments. Existing security tools
address parts of this problem: network scanners discover assets,
vulnerability scanners check known signatures, and passive monitoring
platforms provide visibility. However, each tool operates in
isolation, their defaults can disrupt safety-critical equipment, and
connecting individual findings to adversarial objectives remains a
manual effort repeated for every assessment.
This thesis proposes an architecture for threat-model-driven security
assessment of industrial control systems and presents Kraken, a
proof-of-concept implementation in Go. Kraken is an orchestrator:
it coordinates pluggable security checks,
called modules, within a single workflow that enforces safety
constraints appropriate to industrial environments. Modules can wrap
existing tools, load protocol-specific libraries, or implement custom
checks written by the operator. An operator defines a campaign that
specifies which modules to run, against which targets, and under what
safety policies. The framework schedules execution, collects
structured results, and automatically evaluates them against a
threat model provided by the operator, determining which adversarial
objectives are supported by the evidence gathered.
We evaluate the framework across three scenarios, each pairing a
protocol with a distinct evaluation goal. Scenario A uses MQTT to
validate end-to-end orchestration and attack-tree evaluation across
three hardening levels. Scenario B uses EtherCAT to test
architectural extensibility, adding a Layer 2 protocol without modifying
the orchestrator core. Scenario C uses RTSP to compare Kraken's structured
output against standalone tools. The evaluation confirms that the
architecture meets its three design goals:
- it coordinates modules without requiring changes to the orchestrator;
- it enforces safety constraints; and
- it produces traceable, threat-model-linked output that eliminates the
manual interpretation required by individual tools.
