Security analysis of socio-technical physical systems (original) (raw)
Related papers
Procedia Computer Science, 2016
Several cyber-attacks on the cyber-physical systems (CPS) that monitor and control critical infrastructure were publically announced over the last few years. Almost without exception, the proposed security solutions focus on preventing unauthorized access to the industrial control systems (ICS) at various levels-the defense in depth approach. While useful, it does not address the problem of making the systems more capable of responding to the malicious actions of an attacker once they have gained access to the system. The first step in making an ICS more resilient to an attacker is identifying the cyber security vulnerabilities the attacker can use during system design. This paper presents a method that reveals cyber security vulnerabilities in ICS through the formal modeling of the system and malicious agents. The inclusion of the malicious agent in the analysis of an existing systems identifies security vulnerabilities that are missed in traditional functional model checking.
A Modest Security Analysis of Cyber-Physical Systems: A Case Study
Formal Techniques for Distributed Objects, Components, and Systems, 2018
Cyber-Physical Systems (CPSs) are integrations of networking and distributed computing systems with physical processes. Although the range of applications of CPSs include several critical domains, their verification and validation often relies on simulation-test systems rather then formal methodologies. In this paper, we use a recent version of the expressive MODEST TOOLSET to implement a non-trivial engineering application, and test its safety model checker prohver as a formal instrument to statically detect a variety of cyber-physical attacks, i.e., attacks targeting sensors and/or actuators, with potential physical consequences. We then compare the effectiveness of the MODEST TOOLSET and its safety model checker in verifying CPS security properties when compared to other state-of-the-art model checkers.
A model-based approach to security analysis for cyber-physical systems
2018 Annual IEEE International Systems Conference (SysCon), 2018
Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.
Fundamental Challenges of Cyber-Physical Systems Security Modeling
2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)
Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyberphysical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.
Modeling Security in Cyber-Physical Systems
2012
We propose a framework for modeling the security of cyber-physical systems in which the behavior of the adversary is controlled by a threat model that captures both the cyber aspects (with discrete values) and the physical aspects (with continuous values) of such systems in a unified way. In particular, it addresses combined (dependent) vector attacks, and synchronization/localization issues. The framework identifies the cyberphysical features specified by the security policies that need to be protected, and can be used for proving formally the security of cyber-physical systems.
An Actor-Based Approach for Security Analysis of Cyber-Physical Systems
2020
In this work, we present an actor-based approach for security analysis of Cyber-Physical Systems at the design phase. We use Timed Rebeca, an actor-based modeling language, to model the behavior of components and potential attacks, and verify the security properties using Rebeca model checking tool. We employ STRIDE model as a reference for classifying the attacks. To demonstrate the applicability of our approach, we use a Secure Water Treatment (SWaT) system as a case study. We analyze the architecture of the SWaT system using three different attack schemes in which various parts of the system network and physical devices are compromised. In the end, we identify single and combined attack scenarios that violate security properties.
A Formal Approach to Physics-based Attacks in Cyber-physical Systems
ACM Transactions on Privacy and Security, 2020
We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and physics-based attacks, i.e., attacks targeting physical devices. We focus on a formal treatment of both integrity and denial of service attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are fourfold. (1) We define a hybrid process calculus to model both CPSs and physics-based attacks. (2) We formalise a threat model that specifies MITM attacks that can manipulate sensor readings or control commands to drive a CPS into an undesired state; we group these attacks into classes and provide the means to assess attack tolerance/vulnerability with respect to a given class of attacks, based on a proper notion of most powerful physics-based attack. (3) We formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. (4) We illustrate our ...
Hazard Driven Threat Modelling for Cyber Physical Systems
Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, 2020
Adversarial actors have shown their ability to infiltrate enterprise networks deployed around Cyber Physical Systems (CPSs) through social engineering, credential stealing and file-less infections. When inside, they can gain enough privileges to maliciously call legitimate APIs and apply unsafe control actions to degrade the system performance and undermine its safety. Our work lies at the intersection of security and safety, and aims to understand dependencies among security, reliability and safety in CPS/IoT. We present a methodology to perform hazard driven threat modelling and impact assessment in the context of CPSs. The process starts from the analysis of behavioural, functional and architectural models of the CPS. We then apply System Theoretic Process Analysis (STPA) on the functional model to highlight high-level abuse cases. We leverage a mapping between the architectural and the system theoretic (ST) models to enumerate those components whose impairment provides the attacker with enough privileges to tamper with or disrupt the data-flows. This enables us to find a causal connection between the attack surface (in the architectural model) and system level losses. We then link the behavioural and system theoretic representations of the CPS to quantify the impact of the attack. Using our methodology it is possible to compute a comprehensive attack graph of the known attack paths and to perform both a qualitative and quantitative impact assessment of the exploitation of vulnerabilities affecting target nodes. The framework and methodology are illustrated using a small scale example featuring a Communication Based Train Control (CBTC) system. Aspects regarding the scalability of our methodology and its application in real world scenarios are also considered. Finally, we discuss the possibility of using the results obtained to engineer both design time and real time defensive mechanisms. CCS CONCEPTS • Security and privacy → Distributed systems security; Information flow control.
Towards An Engineering Discipline of Computational Security
2007
George Boole ushered the era of modern logic by arguing that logical reasoning does not fall in the realm of philosophy, as it was considered up to his time, but in the realm of mathematics. As such, logical propositions and logical arguments are modeled using algebraic structures. Likewise, we submit that security attributes must be modeled as formal mathematical propositions that are subject to mathematical analysis. In this paper, we approach this problem by attempting to model security attributes in a refinement-like framework that has traditionally been used to represent reliability and safety claims.
Chapter 1 MODELING SECURITY IN CYBER-PHYSICAL SYSTEMS ∗
2013
We propose a framework for modeling the security of cyber-physical systems in which the behavior of the adversary is controlled by a threat model that captures both the cyber aspects (with discrete values) and the physical aspects (with continuous values) of such systems in a unified way. In particular, it addresses combined (dependent) vector attacks, and synchronization/localization issues. The framework identifies the cyberphysical features specified by the security policies that need to be protected, and can be used for proving formally the security of cyber-physical systems.