A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk disablement or impairment for conventional penetration testing. SVAT-CMCS facilitates the use of known vulnerability and exploit information, incremental testing of system components and data analysis techniques to identify attack pathways in CMCSs. This data can be utilized for corrective activities or to target controlled manual follow-up testing. This paper presents the SVAT-CMCS paradigm and describes its implementation in a software tool, which was built using the Blackboard Architecture, that can be utilized for attack pathway identification. The performance of this tool is characterized using three example models. In particular, it explores the path generation speed and the impact of link cap restrictions on system operations, under different levels of network size and complexity. Accurate fact-rule processing is also tested using these models. The results show significant decreases in path generation efficiency as the link cap and network complexity increase; however, rule processing accuracy is not impacted.

翻译：针对无法离线或承担传统渗透测试导致功能失效风险的大型工业系统，本文开发了一种面向复杂关键任务系统（CMCS）的系统漏洞分析技术（SVAT）。SVAT-CMCS通过整合已知漏洞与利用信息、系统组件增量测试及数据分析技术，实现CMCS攻击路径的识别。该数据可用于修复活动或指导受控人工后续测试。本文阐述了SVAT-CMCS范式及其基于黑板架构软件工具的实现方法，该工具可应用于攻击路径识别。通过三个示例模型表征该工具的性能：重点探究了网络规模与复杂度不同层级下路径生成速度及链路容量限制对系统操作的影响；并利用上述模型测试了事实规则处理的准确性。结果表明，随着链路容量限制与网络复杂度的增加，路径生成效率显著下降，但规则处理准确性未受影响。