CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions

Rocchetto, Marco; Tippenhauer, Nils Ole

doi:10.1007/978-3-319-47846-3_12

Cited by 28 publications

(21 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rocchetto and Tippenhaur [32] introduced a taxonomy of the diverse attacker models proposed for CPS security and outline requirements for generalised attacker models; in [31], they then proposed an extended Dolev-Yao attacker model suitable for CPSs. In their approach, physical layer interactions are modelled as abstract interactions between logical components to support reasoning on the physical-layer security of CPSs.…”

Section: Conclusion Related and Future Workmentioning

confidence: 99%

Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks

Lanotte

Merro

Tini

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Industrial facilities and critical infrastructures are transforming into "smart" environments that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components integrated in cyber-physical systems which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the core of the systems. We provide a formal compositional metric to estimate the impact of cyber-physical attacks targeting sensor devices of IoT systems formalised in a simple extension of Hennessy and Regan's Timed Process Language. Our impact metric relies on a discrete-time generalisation of Desharnais et al.'s weak bisimulation metric for concurrent systems. We show the adequacy of our definition on two different attacks on a simple surveillance system. tion of time. Intuitively, this kind of metric allows us to derive a timed weak bisimulation with tolerance, denoted with ≈ k p , for k ∈ N + ∪ {∞} and p ∈ [0, 1], to express that the tolerance p between two timed systems is ensured only for the first k time instants (tick-actions). Then, we use our timed bisimulation metric to set up a formal compositional theory to study and measure the impact of cyber-physical attacks on IoT systems specified in a simple probabilistic timed process calculus which extends Hennessy and Regan's Timed Process Language (TPL) [16]. IoT systems in our calculus are modelled by specifying: (i) a physical environment , containing informations on the physical state variables and the sensor measurements, and (ii) a logics that governs both accesses to sensors and channel-based communications with other cyber components.We focus on attacks on sensors that may eavesdrop and possibly modify the sensor measurements provided to the controllers of sensors, affecting both the integrity and the availability of the system under attack.

show abstract

Section: Conclusion Related and Future Workmentioning

confidence: 99%

Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks

Lanotte

Merro

Tini

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Using cryptographic protocol verification tools such as CL-Atse allows to not require to model the attacker which is hardcoded in the tool making the Dolev-Yao attacker difficult to restrict. In their work, Rocchetto and Tippenhauer strengthen it by adding equational theories (allowing to handle physical interactions with the process [15]). We aim to focus on attackers resulting of a risk analysis which are often less powerful than Dolev-Yao.…”

Section: Comparing To State-of-the-artmentioning

confidence: 99%

“…In 2017, Rocchetto and Tippenhauer [13] present a method based on the cryptographic protocol verification tool CL-Atse [14]. They use the ASLAN++ language to model the industrial system and its applicative logic alongside with an augmented Dolev-Yao intruder, able to physically interact with the process [15].…”

Section: Introductionmentioning

confidence: 99%

Generation of Applicative Attacks Scenarios Against Industrial Systems

Puys

Potet

Khaled

2018

Foundations and Practice of Security

View full text Add to dashboard Cite

In the context of security, risk analyzes are widely recognized as essential. However, such analyzes need to be replayed frequently to take into account new vulnerabilities, new protections, etc.. As exploits can now easily be found on internet, allowing a wide range of possible intruders with various capacities, motivations and resources. In particular in the case of industrial control systems (also called SCADA) that interact with the physical world, any breach can lead to disasters for humans and the environment. Alongside of classical security properties such as secrecy or authentication, SCADA must ensure safety properties relative to the industrial process they control. In this paper, we propose an approach to assess the security of industrial systems. This approach aims to find applicative attacks taking into account various parameters such as the behavior of the process, the safety properties that must be ensured. We also model the possible positions and capacities of attackers allowing a precise control of these attackers. We instrument our approach using the well known model-checker UPPAAL, we apply it on a case study and show how variations of properties, network topologies, and attacker models can drastically change the obtained results. This work has been partially funded by the SACADE (ANR-16-ASTR-0023) project.

show abstract

“…Description of the Case Study. Similarly to [9,5] we consider a CPS (depicted in Figure 2) composed by five agents: -A tank containing water.…”

Section: Cyber-physical Systemsmentioning

confidence: 99%

A Topological Categorization of Agents for the Definition of Attack States in Multi-agent Systems

Santacà

Cristani

Rocchetto

et al. 2017

Multi-Agent Systems and Agreement Technologies

Self Cite

View full text Add to dashboard Cite

We propose a topological categorization of agents that makes use of the multiple-channel logic (MCL) framework, a recently developed model of reasoning about agents. We firstly introduce a complete formalization of prejudices on agents' attitudes and propose an extension of the rules of the MCL framework. We then use RCC-5 (the Region Connection Calculus) to categorize different agents in Multi-Agent Systems (MAS) based on the collaboration, competence, and honesty of agents. We discuss the possibility of using RCC-3 and RCC-8 and generalize our results to define an upper bound in the number of different types of agents in MAS. Finally, we apply our topological categorization to a specific MAS that describes a Cyber-Physical System, for which we define, categorize and discuss the resulting attack states.

show abstract

CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions

Cited by 28 publications

References 34 publications

Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks

Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks

Generation of Applicative Attacks Scenarios Against Industrial Systems

A Topological Categorization of Agents for the Definition of Attack States in Multi-agent Systems

Contact Info

Product

Resources

About