Abstract:Applying security as a lifecycle practice is becoming increasingly important to combat targeted attacks in safetycritical systems. Among others there are two significant challenges in this area: (1) the need for models that can characterize a realistic system in the absence of an implementation and (2) an automated way to associate attack vector information; that is, historical data, to such system models. We propose the cybersecurity body of knowledge (CYBOK), which takes in sufficiently characteristic models… Show more
“…There are cases where the behavioral interpretation of the system is not sufficient to examine certain properties about a system. One such case is security, where one approach to finding vulnerabilities is to traverse a graph of the expected or implemented system architecture [19]. However, those approaches are static and often are behaviorally unaware, meaning that there is no way to know what behavior is being affected by a particular successful exploit.…”
Engineering safe and secure cyber-physical systems requires system engineers to develop and maintain a number of model views, both dynamic and static, which can be seen as algebras. We posit that verifying the composition of requirement, behavioral, and architectural models using category theory gives rise to a strictly compositional interpretation of cyber-physical systems theory, which can assist in the modeling and analysis of safety-critical cyber-physical systems.
APPLIED COMPOSITIONAL THINKINGLee [2], among others, recognized early in the development of the field of cyber-physical systems that there is a need for developing competing methods to hybrid systems and process algebras. While this is true, an important observation is that both these formalisms form algebras. In fact, the design of cyber-physical systems involves the study of different algebras (Figure 1).There is significant research in developing these individual algebras and implementing composition within a particular algebra. However, there is still an open problem about how to relate those paradigms that in practice represent individual models and to examine the behavior of the system as a whole must be composed too. Compositional cyber-physical systems theory [3], [4] uses category theory to transform data from one algebra to another and to ultimately relate them formally, such that we can compose across domains. This provides one solution to the open problem of composition between formal methods and their corresponding model views in cyberphysical system design [5], [6].Recently all these three areas of control [10], contracts [4], and co-design [11, chapter 4] have been described, generalized, and unified with fun-
“…There are cases where the behavioral interpretation of the system is not sufficient to examine certain properties about a system. One such case is security, where one approach to finding vulnerabilities is to traverse a graph of the expected or implemented system architecture [19]. However, those approaches are static and often are behaviorally unaware, meaning that there is no way to know what behavior is being affected by a particular successful exploit.…”
Engineering safe and secure cyber-physical systems requires system engineers to develop and maintain a number of model views, both dynamic and static, which can be seen as algebras. We posit that verifying the composition of requirement, behavioral, and architectural models using category theory gives rise to a strictly compositional interpretation of cyber-physical systems theory, which can assist in the modeling and analysis of safety-critical cyber-physical systems.
APPLIED COMPOSITIONAL THINKINGLee [2], among others, recognized early in the development of the field of cyber-physical systems that there is a need for developing competing methods to hybrid systems and process algebras. While this is true, an important observation is that both these formalisms form algebras. In fact, the design of cyber-physical systems involves the study of different algebras (Figure 1).There is significant research in developing these individual algebras and implementing composition within a particular algebra. However, there is still an open problem about how to relate those paradigms that in practice represent individual models and to examine the behavior of the system as a whole must be composed too. Compositional cyber-physical systems theory [3], [4] uses category theory to transform data from one algebra to another and to ultimately relate them formally, such that we can compose across domains. This provides one solution to the open problem of composition between formal methods and their corresponding model views in cyberphysical system design [5], [6].Recently all these three areas of control [10], contracts [4], and co-design [11, chapter 4] have been described, generalized, and unified with fun-
“…For example, a graph database could be populated with entities representing nodes in the graph and entity relationships representing the edges of the graph. One application of this transformation would be to automatically propagate security violation over the hierarchy of the model after doing model-based security assessment [8]. Another could be using standard data filtering and processing tools on the model to find particular subsystem entities, which is a significant capability in larger system models found in industry.…”
Section: Algorithmic Implementationmentioning
confidence: 99%
“…They are often significantly more comprehensive than the one shown here, and decision trees often augment the findings about the results of a possible exploit or a justification for a defensive mechanism. We have done comprehensive analyses of this form in other systems such as a UAV [7,8] and also a larger attack vector analysis for the pipeline example presented here [52].…”
Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.
“…By adding extra keywords to the model, the S-graph is now able to associate with attack vector databases like CAPEC and CWE. 17 This additional information in the S-graph assists in semiautomating the process of finding possible exploits as well as constructing the attack surface by locating attacks on the entry point of a given subsystem. Tools and visualization methods using natural language processing can be used to aid this process.…”
Cyberphysical systems require resiliency techniques for defense, and multicriteria resiliency problems need an approach that evaluates systems for current threats and potential design solutions. A systemsoriented view of cyberphysical security, termed Mission Aware, is proposed based on a holistic understanding of mission goals, system dynamics, and risk.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.