A method for modeling and evaluation of the security of cyber-physical systems

Orojloo, Hamed; Azgomi, Mohammad Abdollahi

doi:10.1109/iscisc.2014.6994036

Cited by 20 publications

(5 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this work, the attacker is assumed to be able to compromise both physical and cyber weaknesses of the systems and the adversary model was able to capture the capabilities and spatial distribution of the adversary. In [13] the authors used a state-based stochastic model to formalize the security properties of real-time systems. They assumed that the system had Markovian property and considering that general probability distributions are assigned to its transitions, the resulting model is a semi-Markov chain.…”

Section: A Formalization Of Attacksmentioning

confidence: 99%

Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols

Nweke

Weldehawaryat

Wolthusen

2020

2020 16th International Conference on the Design of Reliable Communication Networks DRCN 2020

View full text Add to dashboard Cite

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.Index Terms-Adversary model, Quality of services, IEC 61850, Real-time communication protocols I. INTRODUCTIONReal-time communication protocols are among the most prominent communication protocols used in networked critical infrastructures. They are used to monitor and control industrial automation processes deployed in critical infrastructures including power stations, power and water distribution, and traffic systems. The resilience of networked critical infrastructures is depended on the ability of the communication protocols used in such environments to adapt well in the face adversarial actions.Adversary model describes the capabilities of an attacker [1] and facilitates reasoning about how a system may be compromised. The conventional adversary models are not suitable for capturing the capabilities of an attacker in IEC 61850 environment due to the stringent QoS requirements and the network topology [2]. Also, the conventional adversary models do not consider the network topology of IEC 61850 because they assume that there is a point-to-point communication between all parties. Thus, it is important to develop an adversary model which takes into account the constraints imposed on an attacker with the intention of attacking the IEC 61850 real-time communication protocols.We therefore propose an adversary model for IEC 61850 real-time communication protocols in this paper. First, we use IEC 61850 GOOSE messaging service as an example, and derive its formalization using π−calculus variant. We then show that the relative positions of the adversary in relation to the publisher, event notification service, and subscriber determine the type of attacks that can be launched by an attacker. Lastly, we use our model to describe a reply attack that can result in a denial of service (DoS) attack.The rest of this paper is organized as follows. Section II presents a general discussion on real-time communication protocols and introduces the π−calculus syntax. Section III discusses the related works. Section IV describes the adversary model and its formalization using π−calculus variant. Section V pr...

show abstract

Section: A Formalization Of Attacksmentioning

confidence: 99%

Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols

Nweke

Weldehawaryat

Wolthusen

2020

2020 16th International Conference on the Design of Reliable Communication Networks DRCN 2020

View full text Add to dashboard Cite

show abstract

“…In [8], the approach tries to design and to implement a robust cyber physical system, and [9] attempts to model ontology-based dependability in CPSs using FMEA techniques are outlined. Mathematical approaches were used in [10] to model security risks of CPSs and to quantitatively evaluate their risks. Dependability of self-optimizing systems was studied and analysed in [11], where various methods covering conceptual design, and development phases were introduced.…”

Section: Review Of Literaturementioning

confidence: 99%

Enhancing Dependability and Security of Cyber-Physical Production Systems

Bayanifar

Kühnle

2017

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Despite all its potentials, new industrial revolution enabled by cyberphysical systems (CPS), still has major concerns and obstacles to overcome with regards to dependability and security on its way to be fully appreciated. This study targets these concerns by proposing a generic model for intelligent distributed dependability and security supervision and control mechanisms to enable components to autonomously meet their own security and dependability objectives through real-time distributed improvement cycles, using multi-agent systems approach to enable full exploitation of the model's evolution capabilities.

show abstract

“…Среди них особую роль играют модели, основанные на теории марковских случайных процессов, так как хорошо разработанный соответствующий математический аппарат во многих ситуациях позволяет получить исчерпывающее численное или даже аналитическое решение сформулированных с их помощью задач. Для иллюстрации этого тезиса достаточно отметить чрезвычайно широкой спектр приложений марковских моделей к проблемам кибербезопасности: обнаружение вторжений и аномалий в компьютерных системах [1][2][3][4], моделирование процессов распространения компьютерных вирусов [5][6][7][8], управление рисками информационной безопасности [9,10], моделирование процессов возникновения киберугроз и эксплуатации уязвимостей в информационных и кибер-физических системах [11][12][13].…”

unclassified

A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies

Kasenov

Магазев

Цырульник

2020

Model. anal. inf. sist.

View full text Add to dashboard Cite

In this work, we study a Markov model of cyber threats that act on a computer system. Within the framework of the model the computer system is considered as a system with failures and recoveries by analogy with models of reliability theory. To estimate functionally-temporal properties of the system we introduce a parameter called the lifetime of the system and defined as the number of transitions of the corresponding Markov chain until the first hit to the final state. Since this random variable plays an important role at evaluating a security level of the computer system, we investigate in detail its random distribution for the case of mutually exclusive cyber threats; in particular, we derive explicit analytical formulae for numerical characteristics of its distribution: expected value and dispersion. Then we generalize substantially the Markov model dropping the assumption that cyber threats acting on the system are mutually exclusive. This modification leads to an extended Markov chain that has (at least qualitatively) the same structure as the original chain. This fact allowed to generalize the above analytical results for the expected value and dispersion of the lifetime to the case of non-mutually exclusive cyber threats. At the end of the work the Markov model for non-mutually exclusive cyber threats is used to state a problem of finding an optimal configuration of security remedies in a given cyber threat space. It is essential that the formulated optimization problems belong to the class of non-linear discrete (Boolean) programming problems. Finally, we consider an example that illustrate the solution of the problem on selecting the optimal set of security remedies for a computer system.

show abstract

A method for modeling and evaluation of the security of cyber-physical systems

Cited by 20 publications

References 20 publications

Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols

Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols

Enhancing Dependability and Security of Cyber-Physical Production Systems

A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies

Contact Info

Product

Resources

About