False Sequential Command Attack of Large-Scale Cyber-Physical Systems

Xiong, Yinqiao; Yang, Ziyu; Wang, Baoyao; Xun, Peng; Deng, Tiantian

doi:10.3390/electronics7090176

Cited by 5 publications

(1 citation statement)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Technicians and engineers can use the OT to send commands to the control network with the intent of controlling the physical plant. As certain command sequences may harm the system [34], commands sent to the control network must pass a validation check before reaching the physical plant.…”

Section: Malicious Commands (A3)mentioning

confidence: 99%

Security Verification of Industrial Control Systems using Partial Model Checking

Kulik

Boudjadar

Tran-Jørgensen

2020

Proceedings of the 8th International Conference on Formal Methods in Software Engineering

View full text Add to dashboard Cite

Industrial control systems are moving from isolated to distributed and cloud-connected architectures. While the operational benefits of this migration form the driving force for this trend, the necessary security assurance is often difficult to achieve. Formal methods, including model checking, provide capable technologies to deal with this challenge. However, when formal verification must account for the complexity of modern control systems the state space being explored grows drastically as more details are included in the analysis. This may eventually cause a state space explosion, which makes formal verification infeasible. To address this, we propose a method for decomposing cloud-connected control systems into modules representing the different parts of the system (clients, the cloud, the control network, etc.). Based on the decomposed version of the system, we use UPPAAL to model several well-known cyber attacks and formally verify the system's behavior under these attacks. To determine viability of our approach, we first use statistical model checking SMC to assess the probabilities of success for selected attacks. Based on SMC outcomes, we use symbolic model checking to individually analyse the subsystem affected by each attack. The results obtained from this analysis are then used to demonstrate the feasibility of our approach. We demonstrate our method using an actual control system architecture provided by our industrial partner. CCS CONCEPTS • Security and privacy → Logic and verification; Denial-ofservice attacks; Security requirements.

show abstract

Section: Malicious Commands (A3)mentioning

confidence: 99%