-
On the complexity of sabotage games for network security
Authors:
Dhananjay Raju,
Georgios Bakirtzis,
Ufuk Topcu
Abstract:
Securing dynamic networks against adversarial actions is challenging because of the need to anticipate and counter strategic disruptions by adversarial entities within complex network structures. Traditional game-theoretic models, while insightful, often fail to model the unpredictability and constraints of real-world threat assessment scenarios. We refine sabotage games to reflect the realistic l…
▽ More
Securing dynamic networks against adversarial actions is challenging because of the need to anticipate and counter strategic disruptions by adversarial entities within complex network structures. Traditional game-theoretic models, while insightful, often fail to model the unpredictability and constraints of real-world threat assessment scenarios. We refine sabotage games to reflect the realistic limitations of the saboteur and the network operator. By transforming sabotage games into reachability problems, our approach allows applying existing computational solutions to model realistic restrictions on attackers and defenders within the game. Modifying sabotage games into dynamic network security problems successfully captures the nuanced interplay of strategy and uncertainty in dynamic network security. Theoretically, we extend sabotage games to model network security contexts and thoroughly explore if the additional restrictions raise their computational complexity, often the bottleneck of game theory in practical contexts. Practically, this research sets the stage for actionable insights for develo** robust defense mechanisms by understanding what risks to mitigate in dynamically changing networks under threat.
△ Less
Submitted 20 December, 2023;
originally announced December 2023.
-
Formal Methods for Autonomous Systems
Authors:
Tichakorn Wongpiromsarn,
Mahsa Ghasemi,
Murat Cubuktepe,
Georgios Bakirtzis,
Steven Carr,
Mustafa O. Karabag,
Cyrus Neary,
Parham Gohari,
Ufuk Topcu
Abstract:
Formal methods refer to rigorous, mathematical approaches to system development and have played a key role in establishing the correctness of safety-critical systems. The main building blocks of formal methods are models and specifications, which are analogous to behaviors and requirements in system design and give us the means to verify and synthesize system behaviors with formal guarantees.
Th…
▽ More
Formal methods refer to rigorous, mathematical approaches to system development and have played a key role in establishing the correctness of safety-critical systems. The main building blocks of formal methods are models and specifications, which are analogous to behaviors and requirements in system design and give us the means to verify and synthesize system behaviors with formal guarantees.
This monograph provides a survey of the current state of the art on applications of formal methods in the autonomous systems domain. We consider correct-by-construction synthesis under various formulations, including closed systems, reactive, and probabilistic settings. Beyond synthesizing systems in known environments, we address the concept of uncertainty and bound the behavior of systems that employ learning using formal methods. Further, we examine the synthesis of systems with monitoring, a mitigation technique for ensuring that once a system deviates from expected behavior, it knows a way of returning to normalcy. We also show how to overcome some limitations of formal methods themselves with learning. We conclude with future directions for formal methods in reinforcement learning, uncertainty, privacy, explainability of formal methods, and regulation and certification.
△ Less
Submitted 2 November, 2023;
originally announced November 2023.
-
Sensor Placement for Online Fault Diagnosis
Authors:
Dhananjay Raju,
Georgios Bakirtzis,
Ufuk Topcu
Abstract:
Fault diagnosis is the problem of determining a set of faulty system components that explain discrepancies between observed and expected behavior. Due to the intrinsic relation between observations and sensors placed on a system, sensors' fault diagnosis and placement are mutually dependent. Consequently, it is imperative to solve the fault diagnosis and sensor placement problems jointly. One appr…
▽ More
Fault diagnosis is the problem of determining a set of faulty system components that explain discrepancies between observed and expected behavior. Due to the intrinsic relation between observations and sensors placed on a system, sensors' fault diagnosis and placement are mutually dependent. Consequently, it is imperative to solve the fault diagnosis and sensor placement problems jointly. One approach to modeling systems for fault diagnosis uses answer set programming (ASP). We present a model-based approach to sensor placement for active diagnosis using ASP, where the secondary objective is to reduce the number of sensors used. The proposed method finds locations for system sensors with around 500 components in a few minutes. To address larger systems, we propose a notion of modularity such that it is possible to treat each module as a separate system and solve the sensor placement problem for each module independently. Additionally, we provide a fixpoint algorithm for determining the modules of a system.
△ Less
Submitted 21 November, 2022;
originally announced November 2022.
-
Categorical semantics of compositional reinforcement learning
Authors:
Georgios Bakirtzis,
Michail Savvas,
Ufuk Topcu
Abstract:
Reinforcement learning (RL) often requires decomposing a problem into subtasks and composing learned behaviors on these tasks. Compositionality in RL has the potential to create modular subtask units that interface with other system capabilities. However, generating compositional models requires the characterization of minimal assumptions for the robustness of the compositional feature. We develop…
▽ More
Reinforcement learning (RL) often requires decomposing a problem into subtasks and composing learned behaviors on these tasks. Compositionality in RL has the potential to create modular subtask units that interface with other system capabilities. However, generating compositional models requires the characterization of minimal assumptions for the robustness of the compositional feature. We develop a framework for a \emph{compositional theory} of RL using a categorical point of view. Given the categorical representation of compositionality, we investigate sufficient conditions under which learning-by-parts results in the same optimal policy as learning on the whole. In particular, our approach introduces a category $\mathsf{MDP}$, whose objects are Markov decision processes (MDPs) acting as models of tasks. We show that $\mathsf{MDP}$ admits natural compositional operations, such as certain fiber products and pushouts. These operations make explicit compositional phenomena in RL and unify existing constructions, such as puncturing hazardous states in composite MDPs and incorporating state-action symmetry. We also model sequential task completion by introducing the language of zig-zag diagrams that is an immediate application of the pushout operation in $\mathsf{MDP}$.
△ Less
Submitted 29 August, 2022;
originally announced August 2022.
-
STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection
Authors:
Smitha Gautham,
Georgios Bakirtzis,
Alexander Will,
Athira V. Jayakumar,
Carl R. Elks
Abstract:
Runtime verification or runtime monitoring equips safety-critical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring s…
▽ More
Runtime verification or runtime monitoring equips safety-critical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring specifications and monitoring placements for in-time detection of hazards. We develop a well-formed workflow model that connects system theoretic process analysis, commonly referred to as STPA, hazard causation information to lower-level runtime monitoring to detect hazards at the operational phase. Specifically, our model follows the DepDevOps paradigm to provide evidence and insights to runtime monitoring on what to monitor, where to monitor, and the monitoring context. We demonstrate and evaluate the value of multilevel monitors by injecting hazards on an autonomous emergency braking system model.
△ Less
Submitted 22 June, 2022; v1 submitted 19 April, 2022;
originally announced April 2022.
-
AlgebraicSystems: Compositional Verification for Autonomous System Design
Authors:
Georgios Bakirtzis,
Ufuk Topcu
Abstract:
Autonomous systems require the management of several model views to assure properties such as safety and security among others. A crucial issue in autonomous systems design assurance is the notion of emergent behavior; we cannot use their parts in isolation to examine their overall behavior or performance. Compositional verification attempts to combat emergence by implementing model transformation…
▽ More
Autonomous systems require the management of several model views to assure properties such as safety and security among others. A crucial issue in autonomous systems design assurance is the notion of emergent behavior; we cannot use their parts in isolation to examine their overall behavior or performance. Compositional verification attempts to combat emergence by implementing model transformation as structure-preserving maps between model views. AlgebraicDynamics relies on categorical semantics to draw relationships between algebras and model views. We propose AlgebraicSystems, a conglomeration of algebraic methods to assign semantics and categorical primitives to give computational meaning to relationships between models so that the formalisms and resulting tools are interoperable through vertical and horizontal composition.
△ Less
Submitted 3 March, 2022;
originally announced March 2022.
-
Dynamic Certification for Autonomous Systems
Authors:
Georgios Bakirtzis,
Steven Carr,
David Danks,
Ufuk Topcu
Abstract:
Autonomous systems are often deployed in complex sociotechnical environments, such as public roads, where they must behave safely and securely. Unlike many traditionally engineered systems, autonomous systems are expected to behave predictably in varying "open world" environmental contexts that cannot be fully specified formally. As a result, assurance about autonomous systems requires us to devel…
▽ More
Autonomous systems are often deployed in complex sociotechnical environments, such as public roads, where they must behave safely and securely. Unlike many traditionally engineered systems, autonomous systems are expected to behave predictably in varying "open world" environmental contexts that cannot be fully specified formally. As a result, assurance about autonomous systems requires us to develop new certification methods and mathematical tools that can bound the uncertainty engendered by these diverse deployment scenarios, rather than relying on static tools.
△ Less
Submitted 25 April, 2023; v1 submitted 21 March, 2022;
originally announced March 2022.
-
Compositional Cyber-Physical Systems Theory
Authors:
Georgios Bakirtzis
Abstract:
This dissertation builds a compositional cyber-physical systems theory to develop concrete semantics relating the above diverse views necessary for safety and security assurance. In this sense, composition can take two forms. The first is composing larger models from smaller ones within each individual formalism of requirements, behaviors, and architectures which can be thought of as horizontal co…
▽ More
This dissertation builds a compositional cyber-physical systems theory to develop concrete semantics relating the above diverse views necessary for safety and security assurance. In this sense, composition can take two forms. The first is composing larger models from smaller ones within each individual formalism of requirements, behaviors, and architectures which can be thought of as horizontal composition -- a problem which is largely solved. The second and main contribution of this theory is vertical composition, meaning relating or otherwise providing verified composition across requirement, behavioral, and architecture models and their associated algebras. In this dissertation, we show that one possible solution to vertical composition is to use tools from category theory. Category theory is a natural candidate for making both horizontal and vertical composition formally explicit because it can relate, compare, and/or unify different algebras.
△ Less
Submitted 10 September, 2021;
originally announced September 2021.
-
Compositional Thinking in Cyberphysical Systems Theory
Authors:
Georgios Bakirtzis,
Eswaran Subrahmanian,
Cody H. Fleming
Abstract:
Engineering safe and secure cyber-physical systems requires system engineers to develop and maintain a number of model views, both dynamic and static, which can be seen as algebras. We posit that verifying the composition of requirement, behavioral, and architectural models using category theory gives rise to a strictly compositional interpretation of cyber-physical systems theory, which can assis…
▽ More
Engineering safe and secure cyber-physical systems requires system engineers to develop and maintain a number of model views, both dynamic and static, which can be seen as algebras. We posit that verifying the composition of requirement, behavioral, and architectural models using category theory gives rise to a strictly compositional interpretation of cyber-physical systems theory, which can assist in the modeling and analysis of safety-critical cyber-physical systems.
△ Less
Submitted 9 October, 2021; v1 submitted 26 May, 2021;
originally announced May 2021.
-
Yoneda Hacking: The Algebra of Attacker Actions
Authors:
Georgios Bakirtzis,
Fabrizio Genovese,
Cody H. Fleming
Abstract:
Our work focuses on modeling the security of systems from their component-level designs. Towards this goal, we develop a categorical formalism to model attacker actions. Equip** the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we can model attacker reconnaissance missions. In this context, the Yoneda lemma shows us tha…
▽ More
Our work focuses on modeling the security of systems from their component-level designs. Towards this goal, we develop a categorical formalism to model attacker actions. Equip** the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we can model attacker reconnaissance missions. In this context, the Yoneda lemma shows us that if two system representations, one being complete and the other being the attacker's incomplete view, agree at every possible test, they behave the same. The implication is that attackers can still successfully exploit the system even with incomplete information. Second, we model the potential changes to the system via an exploit. An exploit either manipulates the interactions between system components, such as providing the wrong values to a sensor, or changes the components themselves, such as controlling a global positioning system (GPS). One additional benefit of using category theory is that mathematical operations can be represented as formal diagrams, helpful in applying this analysis in a model-based design setting. We illustrate this modeling framework using an unmanned aerial vehicle (UAV) cyber-physical system model. We demonstrate and model two types of attacks (1) a rewiring attack, which violates data integrity, and (2) a rewriting attack, which violates availability.
△ Less
Submitted 13 April, 2022; v1 submitted 26 February, 2021;
originally announced March 2021.
-
Cyberphysical Security Through Resiliency: A Systems-centric Approach
Authors:
Cody Fleming,
Carl Elks,
Georgios Bakirtzis,
Stephen C. Adams,
Bryan Carter,
Peter A. Beling,
Barry Horowitz
Abstract:
Cyber-physical systems (CPS) are often defended in the same manner as information technology (IT) systems -- by using perimeter security. Multiple factors make such defenses insufficient for CPS. Resiliency shows potential in overcoming these shortfalls. Techniques for achieving resilience exist; however, methods and theory for evaluating resilience in CPS are lacking. We argue that such methods a…
▽ More
Cyber-physical systems (CPS) are often defended in the same manner as information technology (IT) systems -- by using perimeter security. Multiple factors make such defenses insufficient for CPS. Resiliency shows potential in overcoming these shortfalls. Techniques for achieving resilience exist; however, methods and theory for evaluating resilience in CPS are lacking. We argue that such methods and theory should assist stakeholders in deciding where and how to apply design patterns for resilience. Such a problem potentially involves tradeoffs between different objectives and criteria, and such decisions need to be driven by traceable, defensible, repeatable engineering evidence. Multi-criteria resiliency problems require a system-oriented approach that evaluates systems in the presence of threats as well as potential design solutions once vulnerabilities have been identified. We present a systems-oriented view of cyber-physical security, termed Mission Aware, that is based on a holistic understanding of mission goals, system dynamics, and risk.
△ Less
Submitted 9 October, 2021; v1 submitted 29 November, 2020;
originally announced November 2020.
-
Categorical Semantics of Cyber-Physical Systems Theory
Authors:
Georgios Bakirtzis,
Cody H. Fleming,
Christina Vasilakopoulou
Abstract:
Cyber-physical systems require the construction and management of various models to assure their correct, safe, and secure operation. These various models are necessary because of the coupled physical and computational dynamics present in cyber-physical systems. However, to date the different model views of cyber-physical systems are largely related informally, which raises issues with the degree…
▽ More
Cyber-physical systems require the construction and management of various models to assure their correct, safe, and secure operation. These various models are necessary because of the coupled physical and computational dynamics present in cyber-physical systems. However, to date the different model views of cyber-physical systems are largely related informally, which raises issues with the degree of formal consistency between those various models of requirements, system behavior, and system architecture. We present a category-theoretic framework to make different types of composition explicit in the modeling and analysis of cyber-physical systems, which could assist in verifying the system as a whole. This compositional framework for cyber-physical systems gives rise to unified system models, where system behavior is hierarchically decomposed and related to a system architecture using the systems-as-algebras paradigm. As part of this paradigm, we show that an algebra of (safety) contracts generalizes over the state of the art, providing more uniform mathematical tools for constraining the behavior over a richer set of composite cyber-physical system models, which has the potential of minimizing or eliminating hazardous behavior.
△ Less
Submitted 26 April, 2021; v1 submitted 15 October, 2020;
originally announced October 2020.
-
An Ontological Metamodel for Cyber-Physical System Safety, Security, and Resilience Coengineering
Authors:
Georgios Bakirtzis,
Tim Sherburne,
Stephen Adams,
Barry M. Horowitz,
Peter A. Beling,
Cody H. Fleming
Abstract:
System complexity has become ubiquitous in the design, assessment, and implementation of practical and useful cyber-physical systems. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of ``-ilities'', such that they are safe and secure and ultimately resilient to disruption of service. We propo…
▽ More
System complexity has become ubiquitous in the design, assessment, and implementation of practical and useful cyber-physical systems. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of ``-ilities'', such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.
△ Less
Submitted 9 June, 2020;
originally announced June 2020.
-
Fundamental Challenges of Cyber-Physical Systems Security Modeling
Authors:
Georgios Bakirtzis,
Garrett L. Ward,
Christopher J. Deloglos,
Carl R. Elks,
Barry M. Horowitz,
Cody H. Fleming
Abstract:
Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can…
▽ More
Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyber-physical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.
△ Less
Submitted 30 April, 2020;
originally announced May 2020.
-
Data Driven Vulnerability Exploration for Design Phase System Analysis
Authors:
Georgios Bakirtzis,
Brandon J. Simon,
Aidan G. Collins,
Cody H. Fleming,
Carl R. Elks
Abstract:
Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safety-critical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such syst…
▽ More
Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safety-critical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such system models. We propose the cybersecurity body of knowledge (CYBOK), which takes in sufficiently characteristic models of systems and acts as a search engine for potential attack vectors. CYBOK is fundamentally an algorithmic approach to vulnerability exploration, which is a significant extension to the body of knowledge it builds upon. By using CYBOK, security analysts and system designers can work together to assess the overall security posture of systems early in their lifecycle, during major design decisions and before final product designs. Consequently, assisting in applying security earlier and throughout the systems lifecycle.
△ Less
Submitted 6 September, 2019;
originally announced September 2019.
-
A Multilevel Cybersecurity and Safety Monitor for Embedded Cyber-Physical Systems
Authors:
Smitha Gautham,
Georgios Bakirtzis,
Matthew T. Leccadito,
Robert H. Klenke,
Carl R. Elks
Abstract:
Cyber-physical systems (CPS) are composed of various embedded subsystems and require specialized software, firmware, and hardware to coordinate with the rest of the system. These multiple levels of integration expose attack surfaces which can be susceptible to attack vectors that require novel architectural methods to effectively secure against. We present a multilevel hierarchical monitor archite…
▽ More
Cyber-physical systems (CPS) are composed of various embedded subsystems and require specialized software, firmware, and hardware to coordinate with the rest of the system. These multiple levels of integration expose attack surfaces which can be susceptible to attack vectors that require novel architectural methods to effectively secure against. We present a multilevel hierarchical monitor architecture cybersecurity approach applied to a flight control system. However, the principles present in this paper apply to any CPS. Additionally, the real-time nature of these monitors allow for adaptable security, meaning that they mitigate against possible classes of attacks online. This results in an appealing bolt-on solution that is independent of different system designs. Consequently, employing such monitors leads to strengthened system resiliency and dependability of safety-critical CPS.
△ Less
Submitted 8 December, 2018;
originally announced December 2018.
-
Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis
Authors:
Georgios Bakirtzis,
Brandon J. Simon,
Cody H. Fleming,
Carl R. Elks
Abstract:
Today, there is a plethora of software security tools employing visualizations that enable the creation of useful and effective interactive security analyst dashboards. Such dashboards can assist the analyst to understand the data at hand and, consequently, to conceive more targeted preemption and mitigation security strategies. Despite the recent advances, model-based security analysis is lacking…
▽ More
Today, there is a plethora of software security tools employing visualizations that enable the creation of useful and effective interactive security analyst dashboards. Such dashboards can assist the analyst to understand the data at hand and, consequently, to conceive more targeted preemption and mitigation security strategies. Despite the recent advances, model-based security analysis is lacking tools that employ effective dashboards---to manage potential attack vectors, system components, and requirements. This problem is further exacerbated because model-based security analysis produces significantly larger result spaces than security analysis applied to realized systems---where platform specific information, software versions, and system element dependencies are known. Therefore, there is a need to manage the analysis complexity in model-based security through better visualization techniques. Towards that goal, we propose an interactive security analysis dashboard that provides different views largely centered around the system, its requirements, and its associated attack vector space. This tool makes it possible to start analysis earlier in the system lifecycle. We apply this tool in a significant area of engineering design---the design of cyber-physical systems---where security violations can lead to safety hazards.
△ Less
Submitted 23 October, 2018; v1 submitted 24 August, 2018;
originally announced August 2018.
-
MISSION AWARE: Evidence-Based, Mission-Centric Cybersecurity Analysis
Authors:
Georgios Bakirtzis,
Bryan T. Carter,
Cody H. Fleming,
Carl R. Elks
Abstract:
Currently, perimeter-based approaches are the mainstay of cybersecurity. While this paradigm is necessary, there is mounting evidence of its insufficiency with respect to sophisticated and coordinated attacks. In contrast to perimeter-based security, mission-centric cybersecurity provides awareness of how attacks can influence mission success and therefore focuses resources for mitigating vulnerab…
▽ More
Currently, perimeter-based approaches are the mainstay of cybersecurity. While this paradigm is necessary, there is mounting evidence of its insufficiency with respect to sophisticated and coordinated attacks. In contrast to perimeter-based security, mission-centric cybersecurity provides awareness of how attacks can influence mission success and therefore focuses resources for mitigating vulnerabilities and protecting critical assets. This is strategic as opposed to tactical perimeter-based cybersecurity. We propose MISSION AWARE, which assists in the identification of parts of a system that destabilize the overall mission of the system if compromised. MSSION AWARE starts with a structured elicitation process that leads to hazards analysis. It employs hierarchical modeling methods to capture mission requirements, admissible functional behaviors, and system architectures. It then generates evidence---attacks applicable to elements that directly correlate with mission success. Finally, MISSION AWARE traces evidence back to mission requirements to determine the evidence with the highest impact relative to mission objectives.
△ Less
Submitted 4 December, 2017;
originally announced December 2017.
-
A Systems Approach for Eliciting Mission-Centric Security Requirements
Authors:
Bryan Carter,
Georgios Bakirtzis,
Carl Elks,
Cody Fleming
Abstract:
The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised. This paper…
▽ More
The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised. This paper presents a systems-theoretic analysis approach that combines stakeholder perspectives with a modified version of Systems-Theoretic Accident Model and Process (STAMP) that allows decision-makers to strategically enhance the safety, resilience, and security of a cyber-physical system against potential threats. This methodology allows the capture of vital mission-specific information in a model, which then allows analysts to identify and mitigate vulnerabilities in the locations most critical to mission success. We present an overview of the general approach followed by a real example using an unmanned aerial vehicle conducting a reconnaissance mission.
△ Less
Submitted 2 November, 2017;
originally announced November 2017.
-
A Model-Based Approach to Security Analysis for Cyber-Physical Systems
Authors:
Georgios Bakirtzis,
Bryan T. Carter,
Carl R. Elks,
Cody H. Fleming
Abstract:
Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vuln…
▽ More
Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.
△ Less
Submitted 10 June, 2018; v1 submitted 31 October, 2017;
originally announced October 2017.
