Fundamental Challenges of Cyber-Physical Systems Security Modeling

Bakirtzis, Georgios; Ward, Garrett; Deloglos, Christopher; Elks, Carl; Horowitz, Barry M.; Fleming, Craig

doi:10.1109/dsn-s50200.2020.00021

Cited by 7 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some related works such as reference [12] study the issue of resilience from algebraic-theoretical perspectives, also relating to concepts such as anti-fragility [13]. In [14], the authors start from the need highlighted in reference [15], and propose a comprehensive metamodel, expressed in GraphQL, which captures the different aspects (from technical to organizational) of CPS resilience. The main goal of this work is to adapt an assessed approach as Systems-Theoretic Accident Model and Processes (STAMP) [16], making connections between classical safety and security concepts.…”

Section: Related Workmentioning

confidence: 99%

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

Flammini

Alcaraz

Bellini

et al. 2024

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

Flammini

Alcaraz

Bellini

et al. 2024

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

show abstract

“…However, safety and cybersecurity are often viewed disjointly in a way that considers Communicated by Perry Alexander. cybersecurity mitigations without regard to safety losses [9]. The classical approach to security involves verification of components and the construction of security barriers.…”

Section: Introductionmentioning

confidence: 99%

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

et al. 2021

Self Cite

View full text Add to dashboard Cite

Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.

show abstract

“…This research trajectory is evidenced by the NSF/IARPA/NSA workshop on the science of security, which underlines that there are three areas in need of innovation: metrics, formal methods, and experimentation [3]. In addition, there is still increasing need for defining (in)security as a modeling problem [4], [5], [6]. This paper develops a formal method for modeling attacker actions at the abstraction level of componentlevel system models.…”

Section: Introductionmentioning

confidence: 99%

Yoneda Hacking: The Algebra of Attacker Actions

Bakirtzis¹,

Genovese²,

Fleming³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Our work focuses on modeling security of systems from their component-level designs. Towards this goal we develop a categorical formalism to model attacker actions. Equipping the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we are able to model attacker reconnaissance missions. In this context, the Yoneda lemma formally shows us that if two system representations, one being complete and the other being the attacker's incomplete view, agree at every possible test, then they behave the same. The implication is that attackers can still successfully exploit the system even with incomplete information. Second, we model the possible changes that can occur to the system via an exploit. An exploit either manipulates the interactions between system components, for example, providing the wrong values to a sensor, or changes the components themselves, for example, manipulating the firmware of a global positioning system (GPS). One additional benefit of using category theory is that mathematical operations can be represented as formal diagrams, which is useful for applying this analysis in a model-based design setting. We illustrate this modeling framework using a cyber-physical system model of an unmanned aerial vehicle (UAV). We demonstrate and model two types of attacks (1) a rewiring attack, which violates data integrity, and (2) a rewriting attack, which violates availability.

show abstract

Fundamental Challenges of Cyber-Physical Systems Security Modeling

Cited by 7 publications

References 8 publications

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

Yoneda Hacking: The Algebra of Attacker Actions

Contact Info

Product

Resources

About